[Commits] [SCM] claws branch, master, updated. 3.13.1-9-g8b2aff8

claws at claws-mail.org claws at claws-mail.org
Sun Jan 17 12:34:18 CET 2016 

The branch, master has been updated
       via  8b2aff884d97dcfe5cc70478fecc7c87ce023c95 (commit)
      from  fc42499ce0b3d1dc84914d5b15c9b5d19c904cd9 (commit)

Summary of changes:
 AUTHORS           |    1 +
 src/codeconv.c    |   17 +++++++++++++++--
 src/gtk/authors.h |    1 +
 3 files changed, 17 insertions(+), 2 deletions(-)


- Log -----------------------------------------------------------------
commit 8b2aff884d97dcfe5cc70478fecc7c87ce023c95
Author: Paul <paul at claws-mail.org>
Date:   Sun Jan 17 11:34:14 2016 +0000

    fix CVE-2015-8708, bug 3557, 'Remotely exploitable bug.'
    
    Patch by Ben Hutchings <ben at decadent.org.uk>

diff --git a/AUTHORS b/AUTHORS
index e90e718..c907c6a 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -305,3 +305,4 @@ contributors (in addition to the above; based on Changelog)
 	Arthur Huillet
 	Blatinox
 	Andy Balaam
+	Ben Hutchings
diff --git a/src/codeconv.c b/src/codeconv.c
index f0ed616..d0fbf70 100644
--- a/src/codeconv.c
+++ b/src/codeconv.c
@@ -158,7 +158,11 @@ static gint conv_jistoeuc(gchar *outbuf, gint outlen, const gchar *inbuf)
 	gchar *out = outbuf;
 	JISState state = JIS_ASCII;
 
-	while (*in != '\0' && (out - outbuf) < outlen - 3) {
+	/*
+	 * Loop outputs up to 3 bytes in each pass (aux kanji) and we
+	 * need 1 byte to terminate the output
+	 */
+	while (*in != '\0' && (out - outbuf) < outlen - 4) {
 		if (*in == ESC) {
 			in++;
 			if (*in == '$') {
@@ -294,7 +298,12 @@ static gint conv_euctojis(gchar *outbuf, gint outlen, const gchar *inbuf)
 	gchar *out = outbuf;
 	JISState state = JIS_ASCII;
 
-	while (*in != '\0' && (out - outbuf) < outlen - 3) {
+	/*
+	 * Loop outputs up to 6 bytes in each pass (aux shift + aux
+	 * kanji) and we need up to 4 bytes to terminate the output
+	 * (ASCII shift + null)
+	 */
+	while (*in != '\0' && (out - outbuf) < outlen - 10) {
 		if (IS_ASCII(*in)) {
 			K_OUT();
 			*out++ = *in++;
@@ -382,6 +391,10 @@ static gint conv_sjistoeuc(gchar *outbuf, gint outlen, const gchar *inbuf)
 	const guchar *in = inbuf;
 	gchar *out = outbuf;
 
+	/*
+	 * Loop outputs up to 2 bytes in each pass and we need 1 byte
+	 * to terminate the output
+	 */
 	while (*in != '\0' && (out - outbuf) < outlen - 3) {
 		if (IS_ASCII(*in)) {
 			*out++ = *in++;
diff --git a/src/gtk/authors.h b/src/gtk/authors.h
index fcbf866..5caf8a6 100644
--- a/src/gtk/authors.h
+++ b/src/gtk/authors.h
@@ -165,6 +165,7 @@ static char *CONTRIBS_LIST[] = {
 "Michael Hughes",
 "Richard Hughes",
 "Arthur Huillet",
+"Ben Hutchings",
 "Chideok Hwang",
 "John E.P. Hynes",
 "Hironori IWANE",

-----------------------------------------------------------------------


hooks/post-receive
-- 
Claws Mail

More information about the Commits mailing list