From 9b657a46a0652dc702beccc518bc83a50825ab19 Mon Sep 17 00:00:00 2001
From: Oswald Buddenhagen <ossi@users.sf.net>
Date: Thu, 10 Aug 2006 07:01:02 +0000
Subject: [PATCH] fix bug in newline conversion causing buffer overflows. this
 leads to segfaults and has some security impact.

---
 src/sync.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/sync.c b/src/sync.c
index a929822..837726c 100644
--- a/src/sync.c
+++ b/src/sync.c
@@ -211,7 +211,7 @@ msg_fetched( int sts, void *aux )
 	copy_vars_t *vars = (copy_vars_t *)aux;
 	SVARS(vars->aux)
 	char *fmap, *buf;
-	int i, len, extra, cra, crd, scr, tcr;
+	int i, len, extra, cra, crd, scr, tcr, crds;
 	int start, sbreak = 0, ebreak = 0;
 	char c;
 
@@ -234,20 +234,21 @@ msg_fetched( int sts, void *aux )
 				extra += 8 + TUIDL + 1 + tcr;
 			  nloop:
 				start = i;
+				crds = 0;
 				while (i < len) {
 					c = fmap[i++];
 					if (c == '\r')
-						extra += crd;
+						crds += crd;
 					else if (c == '\n') {
-						extra += cra;
-						if (i - 1 - scr == start) {
-							sbreak = ebreak = i - 1 - scr;
-							goto oke;
-						}
 						if (!memcmp( fmap + start, "X-TUID: ", 8 )) {
 							extra -= (ebreak = i) - (sbreak = start);
 							goto oke;
 						}
+						extra += cra + crds;
+						if (i - 1 - scr == start) {
+							sbreak = ebreak = i - 1 - scr;
+							goto oke;
+						}
 						goto nloop;
 					}
 				}