-
Kevin J. McCarthy authored
With specially crafted input to 'mutt -H', the line "Return-Path:<() " is read and passed to mutt_parse_rfc822_line(). "<() " is then passed through to rfc822_parse_adrlist(). Eventually, inside next_token(), is_special(*s) is called when s points to the end of the string ('\0'). This macro calls strchr, which will actually match and return a pointer to the trailing '\0' in RFC822Specials! This causes "s + 1" to be returned, skipping past the end of string inside parse_mailboxdomain(). This patch adds a check to make sure *s is non-null before calling is_special(*s).
84883442