>Number:         12890
>Category:       pkg
>Synopsis:       mutt SEGV in rfc2047_decode() with empty subject header
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed May 09 22:31:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     john heasley
>Release:        Mutt 1.2.5i (2000-07-28)
>Organization:
	
>Environment:
System: NetBSD guelah 1.5V NetBSD 1.5V (guelah2) #1: Wed May 2 15:04:50 PDT 2001 root@guelah:/u5/current/src/sys/arch/sparc/compile/guelah2 sparc


>Description:
	mutt dumps core in rfc2047_decode() deref'g a NULL pointer due
	to an empty subject.
>How-To-Repeat:
	create a message like this, then hit send.

	From: john heasley <heas>
	To: heas <heas@shrubbery.net>
	Cc: 4x, pa
	Date: Wed, 9 May 2001 21:22:26 -0700
	User-Agent: Mutt/1.2.5i
>Fix:
	this fixes it.  i dont follow why the author did the games with
	strfcpy(), but changing will probably have to be reflected all
	over the place.

	*** rfc2047.c.FCS	Wed May  9 22:16:15 2001
	--- rfc2047.c	Wed May  9 22:29:37 2001
	***************
	*** 390,396 ****
	  
	    dlen--; /* save room for the terminal nul */
	  
	!   while (*s && dlen > 0)
	    {
	      if ((p = strstr (s, "=?")) == NULL ||
	  	(q = strchr (p + 2, '?')) == NULL ||
	--- 390,399 ----
	  
	    dlen--; /* save room for the terminal nul */
	  
	!   if (! s)
	! 	return;
	! 
	!   while (dlen > 0 && *s)
	    {
	      if ((p = strstr (s, "=?")) == NULL ||
	  	(q = strchr (p + 2, '?')) == NULL ||
>Release-Note:
>Audit-Trail:
>Unformatted: