- security fix for webmail

Changed files:
    courier-webmail-sec_fix.patch -> 1.1

diff --git a/courier-webmail-sec_fix.patch b/courier-webmail-sec_fix.patch
new file mode 100644 (file)
index 0000000..efdf380
--- /dev/null
+++ b/courier-webmail-sec_fix.patch
@@ -0,0 +1,52 @@
+diff -Nur old/webmail/html.c new/webmail/html.c
+--- old/webmail/html.c 2003-10-06 00:16:13.000000000 +0000
++++ new/webmail/html.c 2005-08-31 21:32:48.117085448 +0000
+@@ -187,9 +187,16 @@
+                                       if (tai)        ++tai->tagvaluelen;
+                               }
+                               if (*p) p++;
++                              else
++                              {
++                                      memset(tagbuf, ' ', strlen(tagbuf));
++                              }
+                       }
+                       else
+                       {
++                              if (c == 0)
++                                      memset(tagbuf, ' ', strlen(tagbuf));
++
+                               if (tai)
+                               {
+                                       tai->tagvalue=p;
+@@ -222,6 +229,31 @@
+       while ((p=strchr(tagbuf, '<')) != NULL)
+               *p=' ';
+ 
++      for (p=tagbuf; *p; p++)
++      {
++              char *q;
++
++              if (*p != '&')
++                      continue;
++
++              q=p;
++
++              ++p;
++
++              while (*p)
++              {
++                      if (strchr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", *p) == NULL)
++                              break;
++                      ++p;
++              }
++
++              if (*p != ';')
++              {
++                      *q=0;
++              }
++              --p;
++      }
++
+         tagattrlen=parseattr(0);
+         if ( tagattrlen > tagattrsize)
+         {