casa-mp-base

From: Santiago Vila <sanvila@debian.org>

Subject: Modified mailfold.c to fix a segfault problem

X-Debian-version: 3.22-2

​

--- src/mailfold.c.orig

+++ src/mailfold.c

@@ -378,7 +378,8 @@

    dfilled=mailread=0;

      else if(rhead)                /* only read in a new header */

       { memblk new;

-   dfilled=mailread=0;makeblock(&new,0);readdyn(&new,&dfilled,0);

+   dfilled=mailread=0;makeblock(&new,0);

+   readdyn(&new,&dfilled,thebody-themail.p);

    if(tobesent>dfilled&&isprivate)          /* put it in place here */

     { tmemmove(themail.p+dfilled,thebody,filled-=tobesent);

       tmemmove(themail.p,new.p,dfilled);

​

From: Santiago Vila <sanvila@debian.org>

Subject: Fix memory allocation bug in pipes.c

Bug-Debian: http://bugs.debian.org/171514

X-Debian-version: 3.22-5

​

--- src/pipes.c.orig

+++ src/pipes.c

@@ -194,7 +194,7 @@

      makeblock(&temp,Stdfilled);

      tmemmove(temp.p,Stdout,Stdfilled);

      readdyn(&temp,&Stdfilled,Stdfilled+backlen+1);

-     Stdout=realloc(Stdout,&Stdfilled+1);

+     Stdout=realloc(Stdout,Stdfilled+1);

      tmemmove(Stdout,temp.p,Stdfilled+1);

      freeblock(&temp);

      retStdout(Stdout,pwait&&pipw,!backblock);

​

From: Santiago Vila <sanvila@debian.org>

Subject: Fixed off-by-1 memory allocation error

Bug-Debian: http://bugs.debian.org/474298

Bug-Debian: http://bugs.debian.org/484352

X-Debian-version: 3.22-17

​

--- src/mailfold.c.orig

+++ src/mailfold.c

@@ -205,7 +205,7 @@

   if(linkfolder)           /* any additional directories specified? */

    { size_t blen;

      if(blen=Tmnate-linkfolder)               /* copy the names into safety */

-   Tmnate=(linkfolder=tmemmove(malloc(blen),linkfolder,blen))+blen;

+   Tmnate=(linkfolder=tmemmove(malloc(blen+1),linkfolder,blen))+blen;

      else

    linkfolder=0;

    }

​

From: Tero Marttila <terom@fixme.fi>

Subject: Fix off-by-one error that makes procmail to segfault on certain .procmailrc files

X-Debian-version: 3.22-23

​

--- src/cstdio.c.orig

+++ src/cstdio.c

@@ -144,7 +144,7 @@

       { case '\n':case EOF:*q='\0';

       return overflow?-1:p!=q;      /* did we read anything at all? */

       }

-     if(q==end)        /* check here so that a trailing backslash won't be lost */

+     if(q>=end)        /* check here so that a trailing backslash won't be lost */

    q=p,overflow=1;

      *q++=i;

    }

@@ -199,7 +199,7 @@

       if(*(target=strchr(target,'\0')-1)=='\\')

        { if(chp2!=target)                /* non-empty line? */

         target++;            /* then preserve the backslash */

-         if(target>end-2)            /* space enough for getbl? */

+         if(target>=end-2)           /* space enough for getbl? */

         target=end-linebuf,overflow=1;     /* toss what we have */

          continue;

        }

​

From: Jan Darmochwal <jdarmochwal@gmx.de>

Subject: formail memory corruption fixes

X-Debian-version: 3.22-24

​

--- src/formail.c.orig

+++ src/formail.c

@@ -219,7 +219,7 @@

   if(i>=0&&(i!=maxindex(sest)||fldp==rdheader))          /* found anything? */

    { char*saddr;char*tmp;               /* determine the weight */

      nowm=areply&&headreply?headreply==1?sest[i].wrepl:sest[i].wrrepl:i;chp+=j;

-     tmp=malloc(j=fldp->Tot_len-j);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0';

+     tmp=malloc((j=fldp->Tot_len-j) + 1);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0';

      if(sest[i].head==From_)

       { char*pastad;