[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [leafnode-list] fetchnews segfaults
Stefan Wiens <s.wi@xxxxxxx> writes:
> The way doxover() parses the server response may lead to
> dereferencing a NULL pointer if an XOVER line is truncated.
> In that case, fetchnews will call strchr(NULL, '\t').
To prevent problems because of broken XOVER lines, I suggest the
appended patch. It will ignore an incomplete XOVER line, so the
corresponding article will NOT be downloaded (from that server).
Stefan
--- fetchnews.c.orig Wed Jan 10 10:16:06 2001
+++ fetchnews.c Sat Jan 27 17:04:10 2001
@@ -538,28 +538,28 @@
/* to check whether this is correct, one should do a LIST OVERVIEW.FMT
before */
xoverlen = strlen( l );
- p = strchr( l, '\t' );
- if ( p && *p )
- *p++ = '\0';
+ if (!(p = strchr(l, '\t')))
+ continue;
+ *p++ = '\0';
artno = l;
- q = strchr( p, '\t' );
- if ( q && *q )
- *q++ = '\0';
+ if (!(q = strchr(p, '\t')))
+ continue;
+ *q++ = '\0';
subject = p;
p = q;
- q = strchr( p, '\t' );
- if ( q && *q )
- *q++ = '\0';
+ if (!(q = strchr(p, '\t')))
+ continue;
+ *q++ = '\0';
from = p;
p = q;
- q = strchr( p, '\t' );
- if ( q && *q )
- *q++ = '\0';
+ if (!(q = strchr(p, '\t')))
+ continue;
+ *q++ = '\0';
date = p;
p = q;
- q = strchr( p, '\t' );
- if ( q && *q )
- *q++ = '\0';
+ if (!(q = strchr(p, '\t')))
+ continue;
+ *q++ = '\0';
messageid = p;
p = q;
q = strchr( p, '\t' );