INN commit: trunk/backends (innxmit.c)

INN Commit rra at isc.org
Sat May 23 13:10:46 UTC 2015


    Date: Saturday, May 23, 2015 @ 06:10:46
  Author: iulius
Revision: 9875

innxmit:  tidy up GetMessageID buffer handling

In theory, if you could get a message with an empty message-id header
through before anything else, it would call memcpy(NULL, p, 0) which
(surprisingly) has undefined behavior.  This doesn't seem a very likely
contingency but I tidied up the code to avoid it and (hopefully) be
clearer anyway.

Thanks to Richard Kettlewell for the patch.

Modified:
  trunk/backends/innxmit.c

-----------+
 innxmit.c |   18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

Modified: innxmit.c
===================================================================
--- innxmit.c	2015-05-23 11:36:25 UTC (rev 9874)
+++ innxmit.c	2015-05-23 13:10:46 UTC (rev 9875)
@@ -684,9 +684,10 @@
 */
 static char *
 GetMessageID(ARTHANDLE *art) {
-    static char	*buff;
-    static int	buffsize = 0;
-    const char	*p, *q;
+    static char		*buff = NULL;
+    static size_t	buffsize = 0; /* total size of buff */
+    size_t		buffneed;
+    const char		*p, *q;
 
     p = wire_findheader(art->data, art->len, "Message-ID", true);
     if (p == NULL)
@@ -697,12 +698,11 @@
     }
     if (q == art->data + art->len)
 	return NULL;
-    if (buffsize < q - p) {
-	if (buffsize == 0)
-	    buff = xmalloc(q - p + 1);
-	else
-            buff = xrealloc(buff, q - p + 1);
-	buffsize = q - p;
+
+    buffneed = q - p + 1; /* bytes needed, including '\0' terminator */
+    if (buffsize < buffneed) {
+        buff = xrealloc(buff, buffneed);
+        buffsize = buffneed;
     }
     memcpy(buff, p, q - p);
     buff[q - p] = '\0';



More information about the inn-committers mailing list