diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2021-08-26 23:53:14 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2021-08-27 00:16:12 +0200 |
| commit | 5cca5d1e300a41bda91b983c8ccf7fbb60ccb957 (patch) | |
| tree | cd75e9ea3c40eb833da0448cfb090831f2ec40f4 /NEWS | |
| parent | 27e6d102926a1d60bff82a7a511acd9cf2a9b76e (diff) | |
| download | fetchmail-5cca5d1e300a41bda91b983c8ccf7fbb60ccb957.tar.gz fetchmail-5cca5d1e300a41bda91b983c8ccf7fbb60ccb957.tar.bz2 fetchmail-5cca5d1e300a41bda91b983c8ccf7fbb60ccb957.zip | |
fetchmail.c: Fix SIGSEGV optmerge()ing "no envelope"
Reported by Bjørn Mork, fixes Debian Bug#992400.
Crash happens inside xstrdup() on a strlen((char *)-1) where
the argument is constant and the trigger is a local trusted
configuration file, so not deemed a vulnerability.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -125,6 +125,11 @@ fetchmail-6.4.22 (not yet released): * Fetchmail no longer leaks memory when processing the arguments of --plugin or --plugout on connections. * On POP3 connections, the CAPAbilities parser is now caseblind. +* Fix segfault on configurations with "defaults ... no envelope". Reported by + Bjørn Mork. Fixes Debian Bug#992400. This is a regression in fetchmail 6.4.3 + and happened when plugging memory leaks, which did not account for that the + envelope parameter is special when set as "no envelope". The segfault happens + in a constant strlen(-1), triggered by trusted local input => no vulnerability. # CHANGES: * IMAP: When fetchmail is in not-authenticated state and the server volunteers |