tag 301236 patch thanks On Thu, Mar 23, 2006 at 10:34:24PM +0000, Paul Walker wrote: > Hi all, > > I hadn't noticed this one before. mutt CVS does indeed allow attachments to > have (and keep) arbitrary paths, which can't be good. Okay, you have to be > not paying attention in order to overwrite files, but why give people the > chance? > > Please try the attached patch, which sanitises the filename first. I think > I've caught all the code paths mutt uses to save attachments. > > We could also use basename, but then you've (a) lost information and (b) > got to worry about it modifying buffers. This seems better. Thanks for looking at it. I tried the patch, and I can confirm that it fixes the reported problem.
Adeodato, I noticed that the mutt build is a bit noisy while applying patches, http://buildd.debian.org/fetch.php?&pkg=mutt&ver=1.5.11%2Bcvs20060126-2&arch=m68k&stamp=1141353835&file=log&as=raw BTW, gcc warning on sendlib.c:845, fromcode may be used uninitialize, looks real, as does charset.c:665, s may be used uninitialized. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
