From: Tavis Ormandy Subject: formail heap overflow. CVE-2014-3618 Bug-Debian: http://bugs.debian.org/704675 Bug-Debian: http://bugs.debian.org/760443 X-Debian-version: 3.22-22 --- a/src/formisc.c +++ b/src/formisc.c @@ -84,12 +84,11 @@ case '"':*target++=delim='"';start++; } ;{ int i; - do + while(*start) if((i= *target++= *start++)==delim) /* corresponding delimiter? */ break; else if(i=='\\'&&*start) /* skip quoted character */ *target++= *start++; - while(*start); /* anything? */ } hitspc=2; }