<<< Date Index >>>     <<< Thread Index >>>

Re: imap/2557: imap_munge_mbox_name does not check for empty src



The following reply was made to PR imap/2557; it has been noted by GNATS.

From: Brendan Cully <brendan@xxxxxxxxxx>
To: bug-any@xxxxxxxxxxxxx
Cc: 
Subject: Re: imap/2557: imap_munge_mbox_name does not check for empty src
        string
Date: Tue, 21 Nov 2006 11:22:30 -0800

 On Saturday, 18 November 2006 at 00:59, ksimpson@xxxxxxxxxxxxxxxx wrote:
 > >Synopsis:       imap_munge_mbox_name does not check for empty src string
 > >Release:        1.5.12
 > >Environment:
 > Linux 2.6, Ubuntu Edgy Eft
 > >Description:
 > imap_munge_mbox_name() does not check whether the src argument is
 > the empty string. It then uses safe_strdup to copy src into a
 > buf. buf is set to null, which later causes a segfault in libc when
 > 0x0 is sent to strsomething. The attached patch fixes this problem
 > by checking for empty src and just copying src to dest unmolested in
 > that case.
 > >How-To-Repeat:
 > In muttrc:
 > set folder="imaps://user@xxxxxxxxxxxxxxxx/"
 > (i.e. put a slash on the end)
 > 
 > Then compose a message and try attaching a file. The file browser
 > segfaults.
 
 I don't suppose you could repeat this test with CVS HEAD? I have a
 memory of fixing this bug, but I can't seem to find it in the
 Changelog...