diff options
Diffstat (limited to 'patch.r7030')
-rw-r--r-- | patch.r7030 | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/patch.r7030 b/patch.r7030 new file mode 100644 index 0000000..1465e8a --- /dev/null +++ b/patch.r7030 @@ -0,0 +1,48 @@ +Index: bogofilter/src/lexer.c +=================================================================== +--- bogofilter/src/lexer.c (revision 7029) ++++ bogofilter/src/lexer.c (revision 7030) +@@ -329,7 +329,7 @@ + count += cnt; + + /* Note: some malformed messages can cause xfgetsl() to report +- ** "Invalid buffer size, exiting." ** and then abort. This ++ ** "Invalid buffer size, exiting." and then abort. This + ** can happen when the parser is in html mode and there's a + ** leading '<' but no closing '>'. + ** +@@ -343,9 +343,12 @@ + + if (count >= MAX_TOKEN_LEN * 2 && + long_token(buff.t.u.text, (uint) count)) { +- uint start = buff.t.leng - count; +- uint length = count - max_token_len; +- buff_shift(&buff, start, length); ++ /* Make sure not to shift bytes outside the buffer */ ++ if (buff.t.leng >= (uint) count) { ++ uint start = buff.t.leng - count; ++ uint length = count - max_token_len; ++ buff_shift(&buff, start, length); ++ } + count = buff.t.leng; + } + else +Index: bogofilter/NEWS +=================================================================== +--- bogofilter/NEWS (revision 7029) ++++ bogofilter/NEWS (revision 7030) +@@ -15,6 +15,14 @@ + + ------------------------------------------------------------------------------- + ++ 2015-02-28 ++ ++ * Fix the lexer to not try to delete parts from HTML tokens if it is ++ reading garbage (for instance, binary files misdeclared as HTML). ++ This was exposed on Fedora 20 and 21 but not Ubuntu 14.04 (x86_64), ++ and is possibly related to its newer flex 2.5.37 that may have ++ changed the way it uses yyinput() a bit. Reported by Matt Garretson. ++ + 2015-02-25 + + * Fix the lexer to handle MIME multipart messages properly when the |