From 452cfd60f89c9258f97af16b9c3496aa1aa293b0 Mon Sep 17 00:00:00 2001
From: Georg Sauthoff <mail@georg.so>
Date: Fri, 8 Feb 2019 23:25:41 +0100
Subject: [PATCH 11/11] Fix buffer-overflow after long tokens (#124)

cf. https://sourceforge.net/p/bogofilter/bugs/124/
---
 src/lexer.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/lexer.c b/src/lexer.c
index b7b4b3b..77a88d4 100644
--- a/src/lexer.c
+++ b/src/lexer.c
@@ -260,6 +260,7 @@ static int get_decoded_line(buff_t *buff)
 	byte *buf = buff->t.u.text;
 	if (memcmp(buf + count - 2, CRLF, 2) == 0) {
 	    count --;
+            --buff->t.leng;
 	    *(buf + count - 1) = (byte) '\n';
 	}
     }
@@ -334,7 +335,7 @@ int yyinput(byte *buf, size_t used, size_t size)
 
     while ((cnt = get_decoded_line(&buff)) != 0) {
         if (cnt > 0)
-            count += cnt;
+            count = buff.t.leng;
 
 	/* Note: some malformed messages can cause xfgetsl() to report
 	** "Invalid buffer size, exiting."  and then abort.  This
-- 
2.20.1