procmail/procmail-3.22-crash-fix.patch

59 lines
2.4 KiB
Diff
Raw Permalink Normal View History

diff --git a/src/cstdio.c b/src/cstdio.c
index 7b6fe6d..0a0bd5b 100644
--- a/src/cstdio.c
+++ b/src/cstdio.c
@@ -144,7 +144,7 @@ int getbl(p,end)char*p,*end; /* my gets */
{ case '\n':case EOF:*q='\0';
return overflow?-1:p!=q; /* did we read anything at all? */
}
- if(q==end) /* check here so that a trailing backslash won't be lost */
+ if(q>=end) /* check here so that a trailing backslash won't be lost */
q=p,overflow=1;
*q++=i;
}
@@ -199,7 +199,7 @@ int getlline(target,end)char*target,*end;
if(*(target=strchr(target,'\0')-1)=='\\')
{ if(chp2!=target) /* non-empty line? */
target++; /* then preserve the backslash */
- if(target>end-2) /* space enough for getbl? */
+ if(target>=end-2) /* space enough for getbl? */
target=end-linebuf,overflow=1; /* toss what we have */
continue;
}
diff --git a/src/formail.c b/src/formail.c
index 1f5c9dd..49b9967 100644
--- a/src/formail.c
+++ b/src/formail.c
@@ -219,7 +219,8 @@ static char*getsender(namep,fldp,headreply)char*namep;struct field*fldp;
if(i>=0&&(i!=maxindex(sest)||fldp==rdheader)) /* found anything? */
{ char*saddr;char*tmp; /* determine the weight */
nowm=areply&&headreply?headreply==1?sest[i].wrepl:sest[i].wrrepl:i;chp+=j;
- tmp=malloc(j=fldp->Tot_len-j);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0';
+ tmp=malloc((j=fldp->Tot_len-j) + 1);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0';
+ chp[j]='\0';
if(sest[i].head==From_)
{ char*pastad;
if(strchr(saddr=chp,'\n')) /* multiple From_ lines */
@@ -364,7 +365,7 @@ static PROGID;
int main(lastm,argv)int lastm;const char*const argv[];
{ int i,split=0,force=0,bogus=1,every=0,headreply=0,digest=0,nowait=0,keepb=0,
- minfields=(char*)progid-(char*)progid,conctenate=0,babyl=0,babylstart,
+ minfields=(char*)progid-(char*)progid,conctenate=0,babyl=0,babylstart=0,
berkeley=0,forgetclen;
long maxlen,ctlength;FILE*idcache=0;pid_t thepid;
size_t j,lnl,escaplen;char*chp,*namep,*escap=ESCAP;
diff --git a/src/formisc.c b/src/formisc.c
index c48df52..5c2869d 100644
--- a/src/formisc.c
+++ b/src/formisc.c
@@ -66,7 +66,7 @@ inc: start++;
retz: *target='\0';
ret: return start;
}
- if(*start=='\\')
+ if(*start=='\\' && *(start + 1))
*target++='\\',start++;
hitspc=2;
goto normal; /* normal word */