commit f9f3391757f195d77ddc903aa083ad77037647b8
Author: Oswald Buddenhagen <o...@kde.org>
Date: Sun Mar 27 10:52:47 2011 +0200
fix (another) out-of-bounds access in CRLF conversion
if the header contained no CRs but the body (or the post-TUID part of
the header) did, the TUID insertion would add an excess CR, thus
overflowing the buffer by one byte.
src/sync.c | 14 +++++++-------
1 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/sync.c b/src/sync.c
index 8c2f6b5..7f5fa70 100644
--- a/src/sync.c
+++ b/src/sync.c
@@ -211,7 +211,7 @@ msg_fetched( int sts, void *aux )
copy_vars_t *vars = (copy_vars_t *)aux;
SVARS(vars->aux)
char *fmap, *buf;
- int i, len, extra, scr, tcr, lcrs, crs, lines;
+ int i, len, extra, scr, tcr, lcrs, hcrs, bcrs, lines;
int start, sbreak = 0, ebreak = 0;
char c;
@@ -224,7 +224,7 @@ msg_fetched( int sts, void *aux )
if (vars->srec || scr != tcr) {
fmap = vars->data.data;
len = vars->data.len;
- extra = lines = crs = i = 0;
+ extra = lines = hcrs = bcrs = i = 0;
if (vars->srec) {
nloop:
start = i;
@@ -239,7 +239,7 @@ msg_fetched( int sts, void *aux )
goto oke;
}
lines++;
- crs += lcrs;
+ hcrs += lcrs;
if (i - lcrs - 1 == start) {
sbreak = ebreak = start;
goto oke;
@@ -253,17 +253,17 @@ msg_fetched( int sts, void *aux )
free( fmap );
return vars->cb( SYNC_NOGOOD, 0, vars );
oke:
- extra += 8 + TUIDL + 1 + (tcr && crs);
+ extra += 8 + TUIDL + 1 + (tcr && hcrs);
}
if (tcr != scr) {
for (; i < len; i++) {
c = fmap[i];
if (c == '\r')
- crs++;
+ bcrs++;
else if (c == '\n')
lines++;
}
- extra -= crs;
+ extra -= hcrs + bcrs;
if (tcr)
extra += lines;
}
@@ -294,7 +294,7 @@ msg_fetched( int sts, void *aux )
buf += 8;
memcpy( buf, vars->srec->tuid, TUIDL );
buf += TUIDL;
- if (tcr && crs)
+ if (tcr && hcrs)
*buf++ = '\r';
*buf++ = '\n';
i = ebreak;
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel
