imap/2557: imap_munge_mbox_name does not check for empty src string

[ksimpson@xxxxxxxxxxxxxxxx]

>Number:         2557
>Notify-List:    
>Category:       imap
>Synopsis:       imap_munge_mbox_name does not check for empty src string
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    mutt-dev
>State:          open
>Keywords:       
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Nov 18 00:59:53 +0100 2006
>Originator:     Ken Simpson
>Release:        1.5.12
>Organization:
MailChannels Corporation
>Environment:
Linux 2.6, Ubuntu Edgy Eft
>Description:
imap_munge_mbox_name() does not check whether the src argument is the empty 
string. It then uses safe_strdup to copy src into a buf. buf is set to null, 
which later causes a segfault in libc when 0x0 is sent to strsomething. The 
attached patch fixes this problem by checking for empty src and just copying 
src to dest unmolested in that case.
>How-To-Repeat:
In muttrc:
set folder="imaps://user@xxxxxxxxxxxxxxxx/"
(i.e. put a slash on the end)

Then compose a message and try attaching a file. The file browser segfaults.
>Fix:
The patch fixes this problem.
>Add-To-Audit-Trail:

>Unformatted:
 ----gnatsweb-attachment----
 Content-Type: application/octet-stream; name="mutt-patch"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename="mutt-patch"
 
 LS0tIG11dHQtMS41LjEyL2ltYXAvdXRpbC5jCTIwMDYtMDctMDUgMDE6NDA6MDcuMDAwMDAwMDAw
 IC0wNzAwCisrKyBtdXR0LTEuNS4xMi1uZXcvaW1hcC91dGlsLmMJMjAwNi0xMS0xNyAxNTo1MTow
 Ny4wMDAwMDAwMDAgLTA4MDAKQEAgLTUxMSw5ICs1MTEsMTYgQEAKICAgY2hhciAqYnVmOwogCiAg
 IGJ1ZiA9IHNhZmVfc3RyZHVwIChzcmMpOwotICBpbWFwX3V0ZjdfZW5jb2RlICgmYnVmKTsKKyAg
 aWYgKGJ1ZikKKyAgeworICAgIGltYXBfdXRmN19lbmNvZGUgKCZidWYpOwogCi0gIGltYXBfcXVv
 dGVfc3RyaW5nIChkZXN0LCBkbGVuLCBidWYpOworICAgIGltYXBfcXVvdGVfc3RyaW5nIChkZXN0
 LCBkbGVuLCBidWYpOworICB9CisgIGVsc2UKKyAgeworICAgIHN0cm5jcHkgKGRlc3QsIHNyYywg
 ZGxlbik7CisgIH0KIAogICBGUkVFICgmYnVmKTsKIH0K