From 5cca5d1e300a41bda91b983c8ccf7fbb60ccb957 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Thu, 26 Aug 2021 23:53:14 +0200
Subject: fetchmail.c: Fix SIGSEGV optmerge()ing "no envelope"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported by Bjørn Mork, fixes Debian Bug#992400.

Crash happens inside xstrdup() on a strlen((char *)-1) where
the argument is constant and the trigger is a local trusted
configuration file, so not deemed a vulnerability.
---
 fetchmail.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'fetchmail.h')

diff --git a/fetchmail.h b/fetchmail.h
index 717ebd6f..d976f481 100644
--- a/fetchmail.h
+++ b/fetchmail.h
@@ -265,7 +265,7 @@ struct hostdata		/* shared among all user connections to given server */
     int interval;			/* # cycles to skip between polls */
     int authenticate;			/* authentication mode to try */
     int timeout;			/* inactivity timout in seconds */
-    char *envelope;			/* envelope address list header */
+    char *envelope;			/* envelope address list header - WARNING - can take value STRING_DISABLED (-1)! */
     int envskip;			/* skip to numbered envelope header */
     char *qvirtual;			/* prefix removed from local user id */
     flag skip;				/* suppress poll in implicit mode? */
-- 
cgit v1.2.3