Fix CVE-2017-16844: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511 Patch copied from Debian procmail package 3.22-26: http://http.debian.net/debian/pool/main/p/procmail/procmail_3.22-26.debian.tar.xz From: Santiago Vila Subject: Fix heap-based buffer overflow in loadbuf() Bug-Debian: http://bugs.debian.org/876511 X-Debian-version: 3.22-26 --- a/src/formisc.c +++ b/src/formisc.c @@ -103,7 +103,7 @@ } /* append to buf */ void loadbuf(text,len)const char*const text;const size_t len; -{ if(buffilled+len>buflen) /* buf can't hold the text */ +{ while(buffilled+len>buflen) /* buf can't hold the text */ buf=realloc(buf,buflen+=Bsize); tmemmove(buf+buffilled,text,len);buffilled+=len; }