35 lines
1.0 KiB
Diff
35 lines
1.0 KiB
Diff
From 452cfd60f89c9258f97af16b9c3496aa1aa293b0 Mon Sep 17 00:00:00 2001
|
|
From: Georg Sauthoff <mail@georg.so>
|
|
Date: Fri, 8 Feb 2019 23:25:41 +0100
|
|
Subject: [PATCH 11/11] Fix buffer-overflow after long tokens (#124)
|
|
|
|
cf. https://sourceforge.net/p/bogofilter/bugs/124/
|
|
---
|
|
src/lexer.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/lexer.c b/src/lexer.c
|
|
index b7b4b3b..77a88d4 100644
|
|
--- a/src/lexer.c
|
|
+++ b/src/lexer.c
|
|
@@ -260,6 +260,7 @@ static int get_decoded_line(buff_t *buff)
|
|
byte *buf = buff->t.u.text;
|
|
if (memcmp(buf + count - 2, CRLF, 2) == 0) {
|
|
count --;
|
|
+ --buff->t.leng;
|
|
*(buf + count - 1) = (byte) '\n';
|
|
}
|
|
}
|
|
@@ -334,7 +335,7 @@ int yyinput(byte *buf, size_t used, size_t size)
|
|
|
|
while ((cnt = get_decoded_line(&buff)) != 0) {
|
|
if (cnt > 0)
|
|
- count += cnt;
|
|
+ count = buff.t.leng;
|
|
|
|
/* Note: some malformed messages can cause xfgetsl() to report
|
|
** "Invalid buffer size, exiting." and then abort. This
|
|
--
|
|
2.20.1
|
|
|