From 5cca5d1e300a41bda91b983c8ccf7fbb60ccb957 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Thu, 26 Aug 2021 23:53:14 +0200
Subject: fetchmail.c: Fix SIGSEGV optmerge()ing "no envelope"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported by Bjørn Mork, fixes Debian Bug#992400.

Crash happens inside xstrdup() on a strlen((char *)-1) where
the argument is constant and the trigger is a local trusted
configuration file, so not deemed a vulnerability.
---
 fetchmail.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'fetchmail.c')

diff --git a/fetchmail.c b/fetchmail.c
index ac8e4607..71ecc1b0 100644
--- a/fetchmail.c
+++ b/fetchmail.c
@@ -996,7 +996,7 @@ static void optmerge(struct query *h2, struct query *h1, int force)
     list_merge(&h2->antispam, &h1->antispam, force);
 
 #define   FLAG_MERGE(fld) do { if (force ? !!h1->fld : !h2->fld) h2->fld = h1->fld; } while (0)
-#define STRING_MERGE(fld) do { if (force ? !!h1->fld : !h2->fld) { if (h2->fld) free((void *)h2->fld), h2->fld = 0; if (h1->fld) h2->fld = xstrdup(h1->fld); } } while (0)
+#define STRING_MERGE(fld) do { if (force ? !!h1->fld : !h2->fld) { if (h2->fld) free((void *)h2->fld), h2->fld = 0; if (h1->fld) { if (h1->fld != STRING_DISABLED) h2->fld = xstrdup(h1->fld); else h2->fld = STRING_DISABLED; } } } while (0)
     STRING_MERGE(server.via);
     FLAG_MERGE(server.protocol);
     STRING_MERGE(server.service);
-- 
cgit v1.2.3