bugs in spool_copy_message()

Derrick J Brashear shadow at dementia.org
Wed Oct 27 16:40:05 EDT 2004


On Wed, 27 Oct 2004, Derrick J Brashear wrote:

> Actually, I will look at this this afternoon; I have a couple other bugs I 
> need to look at first.

It should be this simple:
--- spool.c     16 Sep 2004 17:58:54 -0000      1.6
+++ spool.c     27 Oct 2004 20:36:00 -0000
@@ -451,7 +451,7 @@
             p[1] = '\n';
             p[2] = '\0';
         }
-       else if (p[0] != '\n') {
+       else if (p[0] != '\n' && (strlen(buf) < sizeof(buf)-2)) {
             /* line contained a \0 not at the end */
             r = IMAP_MESSAGE_CONTAINSNULL;
             continue;

if the line is too long and there's a NULL further down, the next pass(es)
through the loop will get it.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list