Package: spamc Version: 3.4.6-1 Severity: normal Tags: upstream Dear Maintainer,
I'm able to reproduce this bug on 4.0.0-8 on a sid machine, too. My use of `spamc -E --headers' causes body corruption if a NUL ('\0') character appears in the body when talking to spamd. The bug appears to be in the `_append_original_body' function of spamc/libspamc.c stemming from the use of the strncpy(3) function. I suggest using open_memstream(3) for all buffer management needs, but I'm not sure if POSIX.1-2008 is too new for SA upstream. The use of strcat/strcpy/strncpy makes me seriously uncomfortable (they're all banned from git itself and any C codebase I work on due to safety problems). The bug doesn't happen when spamd is unreachable and spamc falls back to working entirely in-process.