# --- T2-COPYRIGHT-NOTE-BEGIN --- # This copyright note is auto-generated by ./scripts/Create-CopyPatch. # # T2 SDE: package/.../mutt/CVE-2006-3242.patch # Copyright (C) 2006 The T2 SDE Project # # More information can be found in the files COPYING and README. # # This patch file is dual-licensed. It is available under the license the # patched project is licensed under, as long as it is an OpenSource license # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms # of the GNU General Public License as published by the Free Software # Foundation; either version 2 of the License, or (at your option) any later # version. # --- T2-COPYRIGHT-NOTE-END --- diff -Nur mutt-1.4.2.1-orig/imap/browse.c mutt-1.4.2.1/imap/browse.c --- mutt-1.4.2.1-orig/imap/browse.c 2002-02-26 10:38:56.000000000 +0000 +++ mutt-1.4.2.1/imap/browse.c 2006-06-29 09:58:07.000000000 +0000 @@ -452,7 +452,7 @@ if (*s == '\"') { s++; - while (*s && *s != '\"') + while (*s && *s != '\"' && n < sizeof (ns) - 1) { if (*s == '\\') s++; @@ -463,12 +463,14 @@ s++; } else - while (*s && !ISSPACE (*s)) + while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1) { ns[n++] = *s; s++; } ns[n] = '\0'; + if (n == sizeof (ns) - 1) + dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns)); /* delim? */ s = imap_next_word (s); /* delimiter is meaningless if namespace is "". Why does