guix-devel/gnu/packages/patches/procmail-CVE-2017-16844.patch

Fix CVE-2017-16844:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511

Patch copied from Debian procmail package 3.22-26:

http://http.debian.net/debian/pool/main/p/procmail/procmail_3.22-26.debian.tar.xz

From: Santiago Vila <sanvila@debian.org>
Subject: Fix heap-based buffer overflow in loadbuf()
Bug-Debian: http://bugs.debian.org/876511
X-Debian-version: 3.22-26

--- a/src/formisc.c
+++ b/src/formisc.c
@@ -103,7 +103,7 @@
 }
 							    /* append to buf */
 void loadbuf(text,len)const char*const text;const size_t len;
-{ if(buffilled+len>buflen)			  /* buf can't hold the text */
+{ while(buffilled+len>buflen)			  /* buf can't hold the text */
      buf=realloc(buf,buflen+=Bsize);
   tmemmove(buf+buffilled,text,len);buffilled+=len;
 }
gnu: procmail: Fix CVE-2017-16844. * gnu/packages/patches/procmail-CVE-2017-16844.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/mail.scm (procmail)[source]: Use it. 2017-11-21 18:47:40 +01:00			`Fix CVE-2017-16844:`

			`https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844`
			`https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511`

			`Patch copied from Debian procmail package 3.22-26:`

			`http://http.debian.net/debian/pool/main/p/procmail/procmail_3.22-26.debian.tar.xz`

			`From: Santiago Vila <sanvila@debian.org>`
			`Subject: Fix heap-based buffer overflow in loadbuf()`
			`Bug-Debian: http://bugs.debian.org/876511`
			`X-Debian-version: 3.22-26`

			`--- a/src/formisc.c`
			`+++ b/src/formisc.c`
			`@@ -103,7 +103,7 @@`
			`}`
			`/* append to buf */`
			`void loadbuf(text,len)const char*const text;const size_t len;`
			`-{ if(buffilled+len>buflen) /* buf can't hold the text */`
			`+{ while(buffilled+len>buflen) /* buf can't hold the text */`
			`buf=realloc(buf,buflen+=Bsize);`
			`tmemmove(buf+buffilled,text,len);buffilled+=len;`
			`}`