Package: ssmtp
Version: 2.64-4
I have a patch that fixes several issues with the parsing of the From
line where a string scan could go off the end or the beginning of the
string. For instance, if it finds a '(' (on a From line w/o a
'<'...'>' bounded addr), it will scan past the end if no ')' is found.
If a trailing is ')' is found, it will scan past the beginning if no
'(' is found. And the trailing-space stripping function has a bug
that makes it unsafe if called on an empty (or white-space only)
string (e.g. the parsing of a From line that has only trailing spaces
could trigger that bug).
In each failure case the code can potentially write a zero byte
somewhere outside of the string's memory, possibly corrupting malloc
pointers or other nearby data. In the addr_parse() case there is also
the potential to return a random section of memory as the parsed
address.
My patch for these issues is here: http://opencoder.net/ssmtp-overscan.patch
..wayne..
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
