From: Ron Stanonik (stanonik@cogsci.ucsd.edu)
Date: Mon Jan 25 1999 - 09:25:14 CST
Sorry if you've already seen this. I didn't see my
posting in the archives, www.landfield seemed to be
down about the time I posted, and I wasn't subscribed
at the time.
We ran into a problem with hypermail core dumping
when parsing messages with long lines, QP encoded
with soft line breaks. The problem was a buffer
overflow, which the appended diff seems to have fixed.
The messages were coming from Outlook Express, multipart/alternative,
the alternatives being text and html. It appears the
messages were composed as html, then Outlook Express generated
the text alternative by turning each paragraph into one
line, QP encoded with soft line breaks (= at the end of
the maximum 76 character lines to satisfy mime's maximum
line length requirement). When the decoded line exceeded
the size of tempbuff, then hypermail would core dump.
Thanks,
Ron Stanonik
stanonik@cogsci.ucsd.edu
*** string.c 1999/01/20 16:08:25 1.1
--- string.c 1999/01/21 04:09:38
***************
*** 701,712 ****
}
if (lastpos < input) {
int size;
- sprintf(tempbuff, "%.*s", input-lastpos, lastpos);
! size = strlen(tempbuff);
if(out + size < outsize) {
! strcpy(output, tempbuff);
output += size;
out += size;
}
--- 701,711 ----
}
if (lastpos < input) {
int size;
! size = input-lastpos;
if(out + size < outsize) {
! sprintf(output, "%.*s", input-lastpos, lastpos);
output += size;
out += size;
}