467336a070
Versions prior to 1.0.3 of the nmh package contained a vulnerability where incoming mail messages with carefully designed MIME headers could cause nmh's mhshow command to execute arbitrary shell code. See the changelog for another 372 lines of changes.
20 lines
631 B
Text
20 lines
631 B
Text
$NetBSD: patch-cc,v 1.2 2000/03/02 00:23:15 hubertf Exp $
|
|
|
|
--- uip/show.c.orig Sun Sep 12 15:50:12 1999
|
|
+++ uip/show.c Thu Mar 2 00:47:34 2000
|
|
@@ -326,6 +326,15 @@
|
|
vec[++vecp] = NULL;
|
|
}
|
|
|
|
+ /* If the "proc" is "mhshow", add "-file" if showing file or draft.
|
|
+ * Ruud de Rooij <ruud@debian.org> Wed, 24 Feb 1999 19:31:40 +0100
|
|
+ */
|
|
+ if (strcmp (r1bindex (proc, '/'), "mhshow") == 0 && (draftsw || file) ) {
|
|
+ vec[vecp] = vec[vecp - 1];
|
|
+ vec[vecp - 1] = "-file";
|
|
+ vec[++vecp] = NULL;
|
|
+ }
|
|
+
|
|
/*
|
|
* If "proc" is mhl, then run it internally
|
|
* rather than exec'ing it.
|