From e58edb33f71687cb0b12c10a6cea2db2f8a35011 Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sun, 15 Aug 2021 20:53:04 -0600 Subject: * The c-client library parses information from an IMAP server during non-authenticated state which could lead to denial of service. Reported by Damian Poddebniak from Münster University of Applied Sciences. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pith/imap.c | 4 ++++ pith/pine.hlp | 7 ++++++- 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'pith') diff --git a/pith/imap.c b/pith/imap.c index 869de9ad..fb7c3972 100644 --- a/pith/imap.c +++ b/pith/imap.c @@ -450,6 +450,8 @@ mm_list(MAILSTREAM *stream, int delimiter, char *mailbox, long int attributes) (attributes & LATT_HASNOCHILDREN) ? ", has no children" : "")); #endif + if(!mm_list_info || !mm_list_info->filter) return; + if(!mm_list_info->stream || stream == mm_list_info->stream) (*mm_list_info->filter)(stream, mailbox, delimiter, attributes, mm_list_info->data, @@ -472,6 +474,8 @@ mm_lsub(MAILSTREAM *stream, int delimiter, char *mailbox, long int attributes) (attributes & LATT_HASNOCHILDREN) ? ", has no children" : "")); #endif + if(!mm_list_info || !mm_list_info->filter) return; + if(!mm_list_info->stream || stream == mm_list_info->stream) (*mm_list_info->filter)(stream, mailbox, delimiter, attributes, mm_list_info->data, diff --git a/pith/pine.hlp b/pith/pine.hlp index 30288ba9..09c4d2db 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 572 2021-08-10 21:38:40 +Alpine Commit 573 2021-08-15 20:51:36 ============= h_news ================= @@ -240,6 +240,11 @@ New features include: Bugs addressed include: