| From 4a2becbdb4422aaffe3ce314991b9d670b7adf17 Mon Sep 17 00:00:00 2001 |
| From: Kevin McCarthy <kevin@8t8.us> |
| Date: Sun, 17 Jan 2021 10:40:37 -0800 |
| Subject: [PATCH] Fix memory leak parsing group addresses without a display |
| name. |
| |
| When there was a group address terminator with no previous |
| addresses (including the group display-name), an address would be |
| allocated but not attached to the address list. |
| |
| Change this to only allocate when last exists. |
| |
| It would be more correct to not allocate at all unless we are inside a |
| group list, but I will address that in a separate commit to master. |
| |
| [Retrieved from: |
| https://git.launchpad.net/ubuntu/+source/mutt/plain/debian/patches/CVE-2021-3181-1.patch?h=import/1.14.6-1ubuntu0.2] |
| Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
| --- |
| rfc822.c | 5 ++--- |
| 1 file changed, 2 insertions(+), 3 deletions(-) |
| |
| Index: mutt-1.14.6/rfc822.c |
| =================================================================== |
| --- mutt-1.14.6.orig/rfc822.c |
| +++ mutt-1.14.6/rfc822.c |
| @@ -491,11 +491,10 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS * |
| #endif |
| |
| /* add group terminator */ |
| - cur = rfc822_new_address (); |
| if (last) |
| { |
| - last->next = cur; |
| - last = cur; |
| + last->next = rfc822_new_address (); |
| + last = last->next; |
| } |
| |
| phraselen = 0; |
