Using NMH 1.0.4_1 on FreeBSD, I am unable to read messages containing
very long lines: I get the very long lines cut up into 1K pieces
terminated with a few characters of garbage. "inc -pack foo" appears
to work better, but actually omits every 1024th character of the output.
Looking at inc.c, I can see there is a buffer overflow bug in
pop_action if the argument (s) is not null-terminated, whereas
pop_pack avoids it by use of snprintf. I'm not sure I understand the
protocol between popsbr.c and the POP action functions. I think that
the argument to an action function is up to BUFSIZ bytes. For
messages with short lines, this is a NUL-terminated line of the
message (NUL in place of the newline). For messages with long lines,
this is the next BUFSIZ bytes of the message line, with no NUL
terminator. pop_action just uses fprintf("%s\n") to write it to the
output file; this doesn't handle the case of no NUL termination.
I'm going to patch this locally once I completely understand the
protocol at work here.
Nick B
