From: Tavis Ormandy <taviso@google.com>
Date: Wed, 3 Sep 2014 11:52:11 -0700
Message-ID: <CAJ_zFkLvkQyghiMBXd=gAMmQZWgtOW5e1LxSQQ-fYwdymwBRhA@mail.gmail.com>
To: oss-security@lists.openwall.com
Subject: [oss-security] heap overflow in procmail

I noticed a heap overflow in procmail when parsing addresses with
unbalanced quotes. I encountered this by accident when trying to
organize a large usenet archive, this post to rec.arts.poems causes
formail to crash.

https://groups.google.com/forum/message/raw?msg=alt.arts.poetry.comments/DCuLO3qzovI/CZk15MlfqNkJ

It looks like the fix is

--- a/src/formisc.c 2013-08-04 00:13:33.000000000 -0700
+++ b/src/formisc.c 2014-09-03 11:42:25.986002396 -0700
@@ -84,12 +84,11 @@
 	case '"':*target++=delim='"';start++;
       }
      ;{ int i;
-	do
+	while(*start)						/* anything? */
 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
 	      break;
 	   else if(i=='\\'&&*start)		    /* skip quoted character */
 	      *target++= *start++;
-	while(*start);						/* anything? */
       }
      hitspc=2;
    }


Tavis.