oss-sec mailing list archives
mutt recipient parsing memory leak
From: Tavis Ormandy <taviso () gmail com>
Date: Sun, 17 Jan 2021 19:31:05 -0000 (UTC)
Hello, I noticed mutt was leaking memory whenever I opened a particular mailbox. I tracked down the problem: Using rfc822 groups without the madatory labels wasn't being parsed properly. https://tools.ietf.org/html/rfc822#section-6.2.6 (A spammer had just put some junk in there, they weren't deliberately using exotic addressing schemes.. haha). It turns out that you can send a small message that leaks a *lot* of memory. A small message can leak GBs of memory, effectively preventing you from opening your mailbox. You would need to use a different mail client to clean up the malformed message before you can use mutt again. I sent this upstream as a DoS, but they don't want to treat it as a security isssue. I though I'd just send a FYI here instead in case anyone wants to backport the patch. Here's the bug with a repro: https://gitlab.com/muttmua/mutt/-/issues/323 Here's the patch: https://gitlab.com/muttmua/mutt/-/commit/c059e20ea4c7cb3ee9ffd3500ffe313ae84b2545 Tavis. -- _o) $ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger taviso () sdf org _\_V _( ) _( ) @taviso
Current thread:
- mutt recipient parsing memory leak Tavis Ormandy (Jan 17)
- Re: mutt recipient parsing memory leak Utkarsh Gupta (Jan 19)