bugs in spool_copy_message()
Philip Chambers
P.A.Chambers at exeter.ac.uk
Thu Oct 28 05:02:08 EDT 2004
On Thu, 28 Oct 2004 09:37:50 +0200 =?iso-8859-1?Q?Brasseur_Val=E9ry?=
<Valery.Brasseur at atosorigin.com> wrote:
> >
> > It should be this simple:
> > --- spool.c 16 Sep 2004 17:58:54 -0000 1.6
> > +++ spool.c 27 Oct 2004 20:36:00 -0000
> > @@ -451,7 +451,7 @@
> > p[1] = '\n';
> > p[2] = '\0';
> > }
> > - else if (p[0] != '\n') {
> > + else if (p[0] != '\n' && (strlen(buf) < sizeof(buf)-2)) {
> > /* line contained a \0 not at the end */
> > r = IMAP_MESSAGE_CONTAINSNULL;
> > continue;
> >
> > if the line is too long and there's a NULL further down, the
> > next pass(es)
> > through the loop will get it.
I regret this still leaves holes in the code. The code before this change dealing
with \r\0 does not work if one considers it carefully.
I have a patch which I will send separately.
Phil.
---------------------------------------
Phil Chambers (postmaster at exeter.ac.uk)
University of Exeter
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list