fix bug in newline conversion causing buffer overflows.

this leads to segfaults and has some security impact.
2006-08-10 07:01:02 +00:00 · 2006-08-10 07:01:02 +00:00 · 9b657a46a0
commit 9b657a46a0
parent 617d1a6e49
1 changed files with 8 additions and 7 deletions
--- a/src/sync.c
+++ b/src/sync.c
@ -211,7 +211,7 @@ msg_fetched( int sts, void *aux )
 	copy_vars_t *vars = (copy_vars_t *)aux;
 	SVARS(vars->aux)
 	char *fmap, *buf;
-	int i, len, extra, cra, crd, scr, tcr;
+	int i, len, extra, cra, crd, scr, tcr, crds;
 	int start, sbreak = 0, ebreak = 0;
 	char c;

@ -234,20 +234,21 @@ msg_fetched( int sts, void *aux )
 				extra += 8 + TUIDL + 1 + tcr;
 			  nloop:
 				start = i;
+				crds = 0;
 				while (i < len) {
 					c = fmap[i++];
 					if (c == '\r')
-						extra += crd;
+						crds += crd;
 					else if (c == '\n') {
-						extra += cra;
-						if (i - 1 - scr == start) {
-							sbreak = ebreak = i - 1 - scr;
-							goto oke;
-						}
 						if (!memcmp( fmap + start, "X-TUID: ", 8 )) {
 							extra -= (ebreak = i) - (sbreak = start);
 							goto oke;
 						}
+						extra += cra + crds;
+						if (i - 1 - scr == start) {
+							sbreak = ebreak = i - 1 - scr;
+							goto oke;
+						}
 						goto nloop;
 					}
 				}