INN commit: trunk/backends (innxmit.c)
INN Commit
rra at isc.org
Sat May 23 13:10:46 UTC 2015
Date: Saturday, May 23, 2015 @ 06:10:46
Author: iulius
Revision: 9875
innxmit: tidy up GetMessageID buffer handling
In theory, if you could get a message with an empty message-id header
through before anything else, it would call memcpy(NULL, p, 0) which
(surprisingly) has undefined behavior. This doesn't seem a very likely
contingency but I tidied up the code to avoid it and (hopefully) be
clearer anyway.
Thanks to Richard Kettlewell for the patch.
Modified:
trunk/backends/innxmit.c
-----------+
innxmit.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
Modified: innxmit.c
===================================================================
--- innxmit.c 2015-05-23 11:36:25 UTC (rev 9874)
+++ innxmit.c 2015-05-23 13:10:46 UTC (rev 9875)
@@ -684,9 +684,10 @@
*/
static char *
GetMessageID(ARTHANDLE *art) {
- static char *buff;
- static int buffsize = 0;
- const char *p, *q;
+ static char *buff = NULL;
+ static size_t buffsize = 0; /* total size of buff */
+ size_t buffneed;
+ const char *p, *q;
p = wire_findheader(art->data, art->len, "Message-ID", true);
if (p == NULL)
@@ -697,12 +698,11 @@
}
if (q == art->data + art->len)
return NULL;
- if (buffsize < q - p) {
- if (buffsize == 0)
- buff = xmalloc(q - p + 1);
- else
- buff = xrealloc(buff, q - p + 1);
- buffsize = q - p;
+
+ buffneed = q - p + 1; /* bytes needed, including '\0' terminator */
+ if (buffsize < buffneed) {
+ buff = xrealloc(buff, buffneed);
+ buffsize = buffneed;
}
memcpy(buff, p, q - p);
buff[q - p] = '\0';
More information about the inn-committers
mailing list