From 08d9ad2e256d6f4aae3709bd499711ebaee10ccb Mon Sep 17 00:00:00 2001
From: shaun <shaun@FreeBSD.org>
Date: Mon, 3 Jul 2006 15:42:26 +0000
Subject: - Add fix for recent IMAP buffer overflow vulnerability.

PR:		ports/99700
Submitted by:	shaun (me)
Approved by:	SHIOZAKI Takehiko <st@be.to> (maintainer),
		ahze (mentor)
Security:	VuXML d2a43243-087b-11db-bc36-0008743bf21a
---
 japanese/mutt/Makefile                  |  2 +-
 japanese/mutt/files/patch-imap_browse.c | 27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 japanese/mutt/files/patch-imap_browse.c

(limited to 'japanese/mutt')

diff --git a/japanese/mutt/Makefile b/japanese/mutt/Makefile
index b891120..cc8c5d6 100644
--- a/japanese/mutt/Makefile
+++ b/japanese/mutt/Makefile
@@ -9,7 +9,7 @@
 
 PORTNAME=	mutt
 PORTVERSION=	${VERSION}.j${JP_VERSION}
-#PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	japanese mail
 MASTER_SITES=	http://www.emaillab.org/mutt/1.4/ \
 		http://my.reset.jp/~iwashita/mutt/distfiles/ \
diff --git a/japanese/mutt/files/patch-imap_browse.c b/japanese/mutt/files/patch-imap_browse.c
new file mode 100644
index 0000000..adbb0d3
--- /dev/null
+++ b/japanese/mutt/files/patch-imap_browse.c
@@ -0,0 +1,27 @@
+--- imap/browse.c.orig	Tue Feb 26 10:38:56 2002
++++ imap/browse.c	Sat Jul  1 20:18:02 2006
+@@ -452,7 +452,7 @@
+ 	    if (*s == '\"')
+ 	    {
+ 	      s++;
+-	      while (*s && *s != '\"') 
++	      while (*s && *s != '\"' && n < sizeof (ns) - 1) 
+ 	      {
+ 		if (*s == '\\')
+ 		  s++;
+@@ -463,12 +463,14 @@
+ 		s++;
+ 	    }
+ 	    else
+-	      while (*s && !ISSPACE (*s)) 
++	      while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1)
+ 	      {
+ 		ns[n++] = *s;
+ 		s++;
+ 	      }
+ 	    ns[n] = '\0';
++	    if (n == sizeof (ns) - 1)
++	      dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns));
+ 	    /* delim? */
+ 	    s = imap_next_word (s);
+ 	    /* delimiter is meaningless if namespace is "". Why does
-- 
cgit v1.1