Module Name: src Committed By: shm Date: Fri Sep 8 20:46:45 UTC 2023
Modified Files: src/usr.bin/mail: support.c Log Message: Add check for space presence after comma in skin() Check if comma is followed by space, otherwise it may lead to overflow in the output buffer as space might be extra appended to the output buffer without consuming anything from the input. This condition breaks the assumption that length(input) >= length(output) while the code relies on it. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/usr.bin/mail/support.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/usr.bin/mail/support.c diff -u src/usr.bin/mail/support.c:1.26 src/usr.bin/mail/support.c:1.27 --- src/usr.bin/mail/support.c:1.26 Fri Sep 8 20:37:07 2023 +++ src/usr.bin/mail/support.c Fri Sep 8 20:46:45 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: support.c,v 1.26 2023/09/08 20:37:07 shm Exp $ */ +/* $NetBSD: support.c,v 1.27 2023/09/08 20:46:45 shm Exp $ */ /* * Copyright (c) 1980, 1993 @@ -34,7 +34,7 @@ #if 0 static char sccsid[] = "@(#)aux.c 8.1 (Berkeley) 6/6/93"; #else -__RCSID("$NetBSD: support.c,v 1.26 2023/09/08 20:37:07 shm Exp $"); +__RCSID("$NetBSD: support.c,v 1.27 2023/09/08 20:46:45 shm Exp $"); #endif #endif /* not lint */ @@ -537,7 +537,7 @@ skin(char *name) *cp2++ = ' '; } *cp2++ = c; - if (c == ',' && !gotlt) { + if (c == ',' && *cp == ' ' && !gotlt) { *cp2++ = ' '; for (/*EMPTY*/; *cp == ' '; cp++) continue;