diff options
author | Kevin McCarthy <kevin@8t8.us> | 2023-09-04 12:50:07 +0800 |
---|---|---|
committer | Kevin McCarthy <kevin@8t8.us> | 2023-09-09 14:31:19 +0800 |
commit | 4cc3128abdf52c615911589394a03271fddeefc6 (patch) | |
tree | c732f421fe2ce334bbb13f6069fcf6b18041c534 | |
parent | 452ee330e094bfc7c9a68555e5152b1826534555 (diff) |
Check for NULL userhdrs.
When composing an email, miscellaneous extra headers are stored in a
userhdrs list. Mutt first checks to ensure each header contains at
least a colon character, passes the entire userhdr field (name, colon,
and body) to the rfc2047 decoder, and safe_strdup()'s the result on
the userhdrs list. An empty result would from the decode would result
in a NULL headers being added to list.
The previous commit removed the possibility of the decoded header
field being empty, but it's prudent to add a check to the strchr
calls, in case there is another unexpected bug resulting in one.
Thanks to Chenyuan Mi (@morningbread) for discovering the two strchr
crashes, giving a working example draft message, and providing the
stack traces for the two NULL derefences.
-rw-r--r-- | sendlib.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -2418,7 +2418,7 @@ int mutt_write_rfc822_header (FILE *fp, ENVELOPE *env, BODY *attach, char *date, /* Add any user defined headers */ for (; tmp; tmp = tmp->next) { - if ((p = strchr (tmp->data, ':'))) + if ((p = strchr (NONULL (tmp->data), ':'))) { q = p; @@ -2466,7 +2466,7 @@ static void encode_headers (LIST *h) for (; h; h = h->next) { - if (!(p = strchr (h->data, ':'))) + if (!(p = strchr (NONULL (h->data), ':'))) continue; i = p - h->data; |