Module Name: src
Committed By: shm
Date: Fri Sep 8 20:37:07 UTC 2023
Modified Files:
src/usr.bin/mail: support.c
Log Message:
Fix writing outside of the nbuf buffer in skin()
Data provided to skin() can be longer than LINEBUF (if same header is provided
multiple times, hfield returns concatenated data).
Thanks to riastradh@ for the review and comments
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/usr.bin/mail/support.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/mail/support.c
diff -u src/usr.bin/mail/support.c:1.25 src/usr.bin/mail/support.c:1.26
--- src/usr.bin/mail/support.c:1.25 Thu Nov 9 20:27:50 2017
+++ src/usr.bin/mail/support.c Fri Sep 8 20:37:07 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: support.c,v 1.25 2017/11/09 20:27:50 christos Exp $ */
+/* $NetBSD: support.c,v 1.26 2023/09/08 20:37:07 shm Exp $ */
/*
* Copyright (c) 1980, 1993
@@ -34,7 +34,7 @@
#if 0
static char sccsid[] = "@(#)aux.c 8.1 (Berkeley) 6/6/93";
#else
-__RCSID("$NetBSD: support.c,v 1.25 2017/11/09 20:27:50 christos Exp $");
+__RCSID("$NetBSD: support.c,v 1.26 2023/09/08 20:37:07 shm Exp $");
#endif
#endif /* not lint */
@@ -456,13 +456,15 @@ skin(char *name)
char *cp, *cp2;
char *bufend;
int gotlt, lastsp;
- char nbuf[LINESIZE];
+ char *nbuf, *ret;
if (name == NULL)
return NULL;
if (strchr(name, '(') == NULL && strchr(name, '<') == NULL
&& strchr(name, ' ') == NULL)
return name;
+
+ nbuf = emalloc(strlen(name) + 1);
gotlt = 0;
lastsp = 0;
bufend = nbuf;
@@ -545,8 +547,11 @@ skin(char *name)
}
}
*cp2 = 0;
+
+ ret = savestr(nbuf);
+ free(nbuf);
- return savestr(nbuf);
+ return ret;
}
/*
