• Pietro Cerutti's avatar
    Fix uudecode buffer overflow · ee7cb4e4
    Pietro Cerutti authored and Richard Russon's avatar Richard Russon committed
    mutt_decode_uuencoded() used each line's initial "length character"
    without any validation.  It would happily read past the end of the
    input line, and with a suitable value even past the length of the
    input buffer.
    As I noted in ticket 404, there are several other changes that could
    be added to make the parser more robust.  However, to avoid
    accidentally introducing another bug or regression, I'm restricting
    this patch to simply addressing the overflow.
    Thanks to Tavis Ormandy for reporting the issue, along with a sample
    message demonstrating the problem.
    Upstream-commit: muttmua/mutt@e5ed080c
    Co-authored-by: Kevin J. McCarthy's avatarKevin McCarthy <kevin@8t8.us>