Re: [Full-disclosure] mutt buffer overflow
Peter,
On Thu, Aug 18, 2005 at 02:57:33AM -0600, Peter Valchev wrote:
The problem is in the mutt attachment/encoding/decoding functions,
specifically handler.c:mutt_decode_xbit() and the buffer
bufi[BUFI_SIZE].
Can you reproduce this if you recompile libiconv/gettext/mutt?
I reported that bug on Jul 12, but in fact it only happened with
libiconv/gettext compiled against an OpenBSD libc before the mb*() changes,
but then running libc 38.2.
An easier way to trigger this is ftp://ftp.00f.net/misc/mutt-crash-poc.mbox
But the mutt's code doesn't actually look wrong.
Best regards,
-Frank.