diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2021-08-15 20:53:04 -0600 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2021-08-15 20:53:04 -0600 |
| commit | e58edb33f71687cb0b12c10a6cea2db2f8a35011 (patch) | |
| tree | a68016ebb2985f0c0142105a63a2568b6dd4e231 /pith | |
| parent | 94fb9813ffc82c72aecdbc37d696bdd9c24a91bc (diff) | |
| download | alpine-e58edb33f71687cb0b12c10a6cea2db2f8a35011.tar.xz | |
* The c-client library parses information from an IMAP server during
non-authenticated state which could lead to denial of service.
Reported by Damian Poddebniak from Münster University of Applied
Sciences.
Diffstat (limited to 'pith')
| -rw-r--r-- | pith/imap.c | 4 | ||||
| -rw-r--r-- | pith/pine.hlp | 7 |
2 files changed, 10 insertions, 1 deletions
diff --git a/pith/imap.c b/pith/imap.c index 869de9ad..fb7c3972 100644 --- a/pith/imap.c +++ b/pith/imap.c @@ -450,6 +450,8 @@ mm_list(MAILSTREAM *stream, int delimiter, char *mailbox, long int attributes) (attributes & LATT_HASNOCHILDREN) ? ", has no children" : "")); #endif + if(!mm_list_info || !mm_list_info->filter) return; + if(!mm_list_info->stream || stream == mm_list_info->stream) (*mm_list_info->filter)(stream, mailbox, delimiter, attributes, mm_list_info->data, @@ -472,6 +474,8 @@ mm_lsub(MAILSTREAM *stream, int delimiter, char *mailbox, long int attributes) (attributes & LATT_HASNOCHILDREN) ? ", has no children" : "")); #endif + if(!mm_list_info || !mm_list_info->filter) return; + if(!mm_list_info->stream || stream == mm_list_info->stream) (*mm_list_info->filter)(stream, mailbox, delimiter, attributes, mm_list_info->data, diff --git a/pith/pine.hlp b/pith/pine.hlp index 30288ba9..09c4d2db 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 572 2021-08-10 21:38:40 +Alpine Commit 573 2021-08-15 20:51:36 ============= h_news ================= <HTML> <HEAD> @@ -240,6 +240,11 @@ New features include: Bugs addressed include: <UL> +<LI> The c-client library parses information from an IMAP server during + non-authenticated state which could lead to denial of service. + Reported by Damian Poddebniak from Münster University of Applied + Sciences. + <LI> Memory corruption when alpine searches for a string that is an incomplete utf8 string in a local folder. This could happen by chopping a string to make it fit a buffer without regard to its content. |