I received a bug report today regarding a double free error in mhshow:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172388
When you try to display a multipart message with mhshow where one of the
sections has an empty Content-Type, mhshow will try to close a file stream
twice.
What's happening is that in the InitMultiPart() function, the file stream
is being passed to the get_content() function, which when it encounters an
error, closes the filestream and return NULL. The InitMultiPart() function
will also try to close the filestream if get_content returns NULL.
The patch is trivial:
Index: uip/mhparse.c
===================================================================
RCS file: /cvsroot/nmh/nmh/uip/mhparse.c,v
retrieving revision 1.11
diff -a -u -r1.11 mhparse.c
--- uip/mhparse.c 30 Sep 2003 16:58:43 -0000 1.11
+++ uip/mhparse.c 3 Nov 2005 19:45:45 -0000
@@ -1056,7 +1056,6 @@
if (!(p = get_content (fp, ct->c_file,
ct->c_subtype == MULTI_DIGEST ? -1 : 0))) {
- fclose (ct->c_fp);
ct->c_fp = NULL;
return NOTOK;
}
There is a reproducer at the above URL.
--
JB
_______________________________________________
Nmh-workers mailing list
Nmh-workers@nongnu.org
http://lists.nongnu.org/mailman/listinfo/nmh-workers