Package: spamc
Version: 3.4.6-1
Severity: normal
Tags: upstream
Dear Maintainer,
I'm able to reproduce this bug on 4.0.0-8 on a sid machine, too.
My use of `spamc -E --headers' causes body corruption if a NUL
('\0') character appears in the body when talking to spamd.
The bug appears to be in the `_append_original_body' function of
spamc/libspamc.c stemming from the use of the strncpy(3) function.
I suggest using open_memstream(3) for all buffer management
needs, but I'm not sure if POSIX.1-2008 is too new for SA
upstream. The use of strcat/strcpy/strncpy makes me seriously
uncomfortable (they're all banned from git itself and any
C codebase I work on due to safety problems).
The bug doesn't happen when spamd is unreachable and spamc falls
back to working entirely in-process.
