[PATCH] nnrpd/article.c:GetHeader()

Chris Caputo ccaputo at alt.net
Sun Apr 17 00:20:46 UTC 2005


Hi.  I hope it is okay to send a patch to this list.

I believe there is a bug in nnrpd/article.c:GetHeader().

The "limit" var is being used for two different purposes.  One being to
keep the strncasecmp() from accessing data beyond the end of the line.  
The second being to keep various loop vars from going beyond the end of
the line.

At present, limit is set to be a number of characters (size of quest
header) before the end of the message.  This is good for the strncasecmp()
scan but bad for the various single character scans.

This is normally not a problem except when the header being searched for
is the last header in a message which has a small or empty body (such as a
cancel msg).

The patch below creates a "limit" for the various single character scans
and a "cmplimit" for just the strncasecmp() scan.

I have tested this patch against a test case in which the function was
failing and have also verified that it continues to work for messages that
weren't affected.

Thanks,
Chris

--- nnrpd/article.c.original	2004-12-22 04:21:19.000000000 +0000
+++ nnrpd/article.c	2005-04-16 23:41:36.799251471 +0000
@@ -489,14 +489,16 @@
     /* Bogus value here to make sure that it isn't initialized to \n */
     char		lastchar = ' ';
     const char		*limit;
+    const char		*cmplimit;
     static char		*retval = NULL;
     static int		retlen = 0;
     int			headerlen;
     bool		pathheader = false;
     bool		xrefheader = false;
 
-    limit = ARThandle->data + ARThandle->len - strlen(header) - 1;
-    for (p = ARThandle->data; p < limit; p++) {
+    limit = ARThandle->data + ARThandle->len;
+    cmplimit = ARThandle->data + ARThandle->len - strlen(header) - 1;
+    for (p = ARThandle->data; p < cmplimit; p++) {
 	if (*p == '\r')
 	    continue;
 	if ((lastchar == '\n') && (*p == '\n')) {




More information about the inn-workers mailing list