procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Formail bug [was: linux users - can you duplicate ?]

1998-06-07 12:05:17
from [Philip Guenther] [Permanent Link] 
Liviu Daia <daia(_at_)stoilow(_dot_)imar(_dot_)ro> writes:

On 6 June 1998, mark david mcCreary <mdm(_at_)internet-tools(_dot_)com> wrote:

I am having trouble with the following formail command

      formail -rtzxTo: <test-file

where the headers in test-file have a Tab (^I) character after the
From: string, and before the email address. I get Segmenation fault
(core dumped).

[...]

test-file (should contain tab characters in Date, From, To fields)

Date:        Thu, 4 Jun 1998 16:07:24 -0400 (EDT)
Sender: Jack Jones <jones(_at_)email(_dot_)unc(_dot_)edu>
From:        Jack Jones <jones(_at_)email(_dot_)unc(_dot_)edu>
Reply-To: Jack Jones <jones(_at_)email(_dot_)unc(_dot_)edu>
To:  list-off(_at_)mail-list(_dot_)com
Subject: off
Message-ID: 
<Pine(_dot_)A41(_dot_)3(_dot_)95L(_dot_)980604160514(_dot_)38034A-100000(_at_)isis(_dot_)unc(_dot_)edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

[...]

   Yes, I can reproduce it here, although this seems to be caused by
the tab in the "To:" field rather than the one in "From:".  Formail
segfaults in free() at formail.c:625:


Okay, I've found the problem: when formail inserts a space after the
colon in headers where there isn't one there already, it copies
character too many, which for some header sizes will overwrite the
first byte of the next malloc block header.

The patch is attached below.

Philip Guenther


Index: src/formail.c
===================================================================
RCS file: /src/CVS/net/daemon/procmail/src/formail.c,v
retrieving revision 1.1.1.3
diff -c -r1.1.1.3 formail.c
*** formail.c   1997/04/11 22:46:52     1.1.1.3
--- formail.c   1998/06/07 18:44:36
***************
*** 589,595 ****
           if(chp[-1]==HEAD_DELIMITER)
              if(*chp!=' '&&fldp->Tot_len>j+1)
               { chp=j+(*afldp=fldp=
!                 realloc(fldp,FLD_HEADSIZ+(i= ++fldp->Tot_len)))->fld_text;
                 tmemmove(chp+1,chp,i-j);*chp=' ';
               }
              else if(fldp->Tot_len<=j+2)
--- 589,595 ----
           if(chp[-1]==HEAD_DELIMITER)
              if(*chp!=' '&&fldp->Tot_len>j+1)
               { chp=j+(*afldp=fldp=
!                 realloc(fldp,FLD_HEADSIZ+(i=fldp->Tot_len++)))->fld_text;
                 tmemmove(chp+1,chp,i-j);*chp=' ';
               }
              else if(fldp->Tot_len<=j+2)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: improvements on recipe solicted, Stan Ryckman
Next by Date:  Re: Formail bug [was: linux users - can you duplicate ?], Liviu Daia
Previous by Thread:  Re: linux users - can you duplicate ?, Liviu Daia
Next by Thread:  Re: Formail bug [was: linux users - can you duplicate ?], Liviu Daia
Indexes:  [Date] [Thread] [Top] [All Lists]