From 13534576df34df4740204bc789fc9cabcdaa2763 Mon Sep 17 00:00:00 2001 From: SJ Date: Thu, 6 Dec 2012 16:43:40 +0100 Subject: [PATCH] fixed a buffer overflow when processing extremly long body lines --- src/misc.c | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/src/misc.c b/src/misc.c index c08d49de..98f9dd38 100644 --- a/src/misc.c +++ b/src/misc.c @@ -114,30 +114,20 @@ void replaceCharacterInBuffer(char *p, char from, char to){ char *split(char *row, int ch, char *s, int size){ char *r; - int len; - if(row == NULL) + if(row == NULL || s == NULL) return NULL; r = strchr(row, ch); - if(r == NULL){ - len = strlen(row); - if(len > size) - len = size; - } - else { - len = strlen(row) - strlen(r); - if(len > size) - len = size; + if(r) *r = '\0'; + snprintf(s, size, "%s", row); + + if(r){ + *r = ch; r++; } - if(s != NULL){ - strncpy(s, row, len); - s[len] = '\0'; - } - return r; }