Re: imap/2557: imap_munge_mbox_name does not check for empty src
The following reply was made to PR imap/2557; it has been noted by GNATS.
From: Brendan Cully <brendan@xxxxxxxxxx>
To: bug-any@xxxxxxxxxxxxx
Cc:
Subject: Re: imap/2557: imap_munge_mbox_name does not check for empty src
string
Date: Tue, 21 Nov 2006 11:22:30 -0800
On Saturday, 18 November 2006 at 00:59, ksimpson@xxxxxxxxxxxxxxxx wrote:
> >Synopsis: imap_munge_mbox_name does not check for empty src string
> >Release: 1.5.12
> >Environment:
> Linux 2.6, Ubuntu Edgy Eft
> >Description:
> imap_munge_mbox_name() does not check whether the src argument is
> the empty string. It then uses safe_strdup to copy src into a
> buf. buf is set to null, which later causes a segfault in libc when
> 0x0 is sent to strsomething. The attached patch fixes this problem
> by checking for empty src and just copying src to dest unmolested in
> that case.
> >How-To-Repeat:
> In muttrc:
> set folder="imaps://user@xxxxxxxxxxxxxxxx/"
> (i.e. put a slash on the end)
>
> Then compose a message and try attaching a file. The file browser
> segfaults.
I don't suppose you could repeat this test with CVS HEAD? I have a
memory of fixing this bug, but I can't seem to find it in the
Changelog...