John,
I diffed your code against the nmh-1.0 source and extracted what I thought
were the relevant changes. Please correct me if I missed something. The
patch that I committed to the NetBSD package is attached below.
Thanks,
+ Kim
| From: [EMAIL PROTECTED]
| Date: 07 Mar 1999 01:09:18 +0000
|
| Please find attached a bug fix for m_getfld. The original code was taken
| from the RedHat nmh-0.24-7 package. The fix is to change to the following
| line of code:
|
| while ((c = *bp++) != ':' && c != '\n' && --j >= 0)
|
| to:
|
| while (--j >= 0 && (c = *bp++) != ':' && c != '\n')
|
[...]
|
| Note that this fix also means that bp is not incremented when we hit the end
| of the io buffer (or NAMESZ-1 characters). I thought this might have knock-on
| effects further down the code, but the only thing I have found is that it
| fixes a bug where a 127 character field name is reported as being too long if
| it is unlucky enough to span a buffer boundary.
|
[...]
|
| John Gill
$NetBSD: patch-cf,v 1.1 1999/03/07 19:40:01 kim Exp $
--- sbr/m_getfld.c.orig Fri Jul 31 18:48:37 1998
+++ sbr/m_getfld.c Sun Mar 7 14:33:11 1999
@@ -259,7 +259,7 @@
bp = sp = (unsigned char *) iob->_ptr - 1;
j = (cnt = iob->_cnt+1) < i ? cnt : i;
#endif
- while ((c = *bp++) != ':' && c != '\n' && --j >= 0)
+ while (--j >= 0 && (c = *bp++) != ':' && c != '\n')
*cp++ = c;
j = bp - sp;
@@ -538,7 +538,7 @@
;
#else /* RPATHS */
cp = unixbuf;
- while ((c = getc (iob)) != '\n')
+ while ((c = getc (iob)) != '\n' && cp - unixbuf < BUFSIZ - 1)
*cp++ = c;
*cp = 0;
#endif /* RPATHS */
@@ -639,7 +639,7 @@
break;
#else /* RPATHS */
cp = unixbuf;
- while ((c = getc (iob)) != '\n' && c >= 0)
+ while ((c = getc (iob)) != '\n' && c >= 0 && cp - unixbuf < BUFSIZ - 1)
*cp++ = c;
*cp = 0;
#endif /* RPATHS */
