Bug#769937: formail: memory corruption

2015-03-16 Thread Santiago Vila
On Thu, 12 Mar 2015, Moritz Muehlenhoff wrote: > On Mon, Feb 09, 2015 at 01:22:16PM +0100, Santiago Vila wrote: > > On Sat, 7 Feb 2015, Jan Darmochwal wrote: > > > > > What the patch does: > > > * allocate enough memory to add angle brackets to From line values > > > * do not "skip" the last char

Bug#769937: formail: memory corruption

2015-03-12 Thread Moritz Muehlenhoff
On Mon, Feb 09, 2015 at 01:22:16PM +0100, Santiago Vila wrote: > On Sat, 7 Feb 2015, Jan Darmochwal wrote: > > > What the patch does: > > * allocate enough memory to add angle brackets to From line values > > * do not "skip" the last character of a string > > Thanks a lot! Will look at it. Could

Bug#769937: formail: memory corruption

2015-02-12 Thread Jakub Wilk
* Jakub Wilk , 2015-02-11, 14:15: * do not "skip" the last character of a string This is to fix another off-by-one heap overflow when parsing addresses that end with backslash. For example: Correction: this one could overflow more than one byte. -- Jakub Wilk -- To UNSUBSCRIBE, email to

Bug#769937: formail: memory corruption

2015-02-11 Thread Santiago Vila
On Wed, 11 Feb 2015, Jakub Wilk wrote: > Hi Jan! > > * Jan Darmochwal , 2015-02-07, 23:03: > > What the patch does: > > * allocate enough memory to add angle brackets to From line values > > This is to fix off-by-one heap overflow when parsing addresses that have left > angle bracket, then a com

Bug#769937: formail: memory corruption

2015-02-11 Thread Jakub Wilk
Hi Jan! * Jan Darmochwal , 2015-02-07, 23:03: What the patch does: * allocate enough memory to add angle brackets to From line values This is to fix off-by-one heap overflow when parsing addresses that have left angle bracket, then a comma, but no right angle bracket. For example: * do not

Bug#769937: formail: memory corruption

2015-02-09 Thread Santiago Vila
On Sat, 7 Feb 2015, Jan Darmochwal wrote: > What the patch does: > * allocate enough memory to add angle brackets to From line values > * do not "skip" the last character of a string Thanks a lot! Will look at it. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a sub

Bug#769937: formail: memory corruption

2015-02-07 Thread Jan Darmochwal
On 2014-11-17 Jakub Wilk wrote: > The attached tarball contains 3 test cases that crash formail: > > $ formail < test1 > *** Error in `formail': malloc(): memory corruption: 0x0933c018 *** > Aborted > > $ formail < test2 > *** Error in `formail': free(): invalid next size (fast): 0x08a321b0 ***

Bug#769937: formail: memory corruption

2014-11-17 Thread Jakub Wilk
Package: procmail Version: 3.22-22 Tags: security Usertags: afl The attached tarball contains 3 test cases that crash formail: $ formail < test1 *** Error in `formail': malloc(): memory corruption: 0x0933c018 *** Aborted $ formail < test2 *** Error in `formail': free(): invalid next size (fast)