[PATCH] nnrpd/article.c:GetHeader()
Chris Caputo
ccaputo at alt.net
Sun Apr 17 00:20:46 UTC 2005
Hi. I hope it is okay to send a patch to this list.
I believe there is a bug in nnrpd/article.c:GetHeader().
The "limit" var is being used for two different purposes. One being to
keep the strncasecmp() from accessing data beyond the end of the line.
The second being to keep various loop vars from going beyond the end of
the line.
At present, limit is set to be a number of characters (size of quest
header) before the end of the message. This is good for the strncasecmp()
scan but bad for the various single character scans.
This is normally not a problem except when the header being searched for
is the last header in a message which has a small or empty body (such as a
cancel msg).
The patch below creates a "limit" for the various single character scans
and a "cmplimit" for just the strncasecmp() scan.
I have tested this patch against a test case in which the function was
failing and have also verified that it continues to work for messages that
weren't affected.
Thanks,
Chris
--- nnrpd/article.c.original 2004-12-22 04:21:19.000000000 +0000
+++ nnrpd/article.c 2005-04-16 23:41:36.799251471 +0000
@@ -489,14 +489,16 @@
/* Bogus value here to make sure that it isn't initialized to \n */
char lastchar = ' ';
const char *limit;
+ const char *cmplimit;
static char *retval = NULL;
static int retlen = 0;
int headerlen;
bool pathheader = false;
bool xrefheader = false;
- limit = ARThandle->data + ARThandle->len - strlen(header) - 1;
- for (p = ARThandle->data; p < limit; p++) {
+ limit = ARThandle->data + ARThandle->len;
+ cmplimit = ARThandle->data + ARThandle->len - strlen(header) - 1;
+ for (p = ARThandle->data; p < cmplimit; p++) {
if (*p == '\r')
continue;
if ((lastchar == '\n') && (*p == '\n')) {
More information about the inn-workers
mailing list