get_preppedhdrs_from_map: fix null terminations issues

Null terminate the returned string
mmap is not null terminated, pass the len to ensure the lookup is done
based on a length determined manner

diff --git a/ChangeLog b/ChangeLog
index d83016c2ae59b76d96c93743399378401988e0d9..0ebd4877ef626726de7fdd1a91de6644dcccee63 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,5 @@
+1.4.0-a3
+ o Fix a potential crash with mail without separator between headers and body
 1.4.0-a2
  o Fix a crash with forged probe emails
  o mlmmj-send does not need anymore absolute path

diff --git a/include/mail-functions.h b/include/mail-functions.h
index 2c17c77eec0df7ee084570b735692a1011a3c265..f01dd0e7106ccba4c724bc969a7031d61f5d2b42 100644 (file)
--- a/include/mail-functions.h
+++ b/include/mail-functions.h
@@ -35,7 +35,7 @@ int write_rcpt_to(int sockfd, const char *rcpt_addr);
 int write_custom_line(int sockfd, const char *line);
 int write_mailbody_from_map(int sockfd, char *mailmap, size_t mailsize,
                            const char *tohdr);
-char *get_preppedhdrs_from_map(char *mapstart, size_t *hdrslen);
+char *get_preppedhdrs_from_map(char *mapstart, size_t maplen, size_t *hdrslen);
 char *get_prepped_mailbody_from_map(char *mapstart, size_t size,
                                    size_t *bodylen);
 int write_replyto(int sockfd, const char *replyaddr);

diff --git a/src/mail-functions.c b/src/mail-functions.c
index ee2793620b3fd413ca5804fbee6dd632b1149dc2..a8b1a1024bbcfabf7508e88905c29b330297389d 100644 (file)
--- a/src/mail-functions.c
+++ b/src/mail-functions.c
@@ -118,13 +118,13 @@ int write_mailbody_from_map(int sockfd, char *mapstart, size_t size,
        return 0;
 }
 
-char *get_preppedhdrs_from_map(char *mapstart, size_t *hlen)
+char *get_preppedhdrs_from_map(char *mapstart, size_t maplen, size_t *hlen)
 {
        char *cur, *next, *endhdrs, *retstr, *r;
        const char newlinebuf[] = "\r\n";
        size_t hdrlen, n = 0;
 
-       endhdrs = strstr(mapstart, "\n\n");
+       endhdrs = strnstr(mapstart, "\n\n", maplen);
        if(endhdrs == NULL)
                return NULL; /* The map doesn't map a file with a mail */
 
@@ -134,7 +134,7 @@ char *get_preppedhdrs_from_map(char *mapstart, size_t *hlen)
                if(*next == '\n')
                        n++;
 
-       retstr = xmalloc(hdrlen + n);
+       retstr = xmalloc(hdrlen + n + 1);
        *hlen = hdrlen + n;     
        r = retstr;     
 
@@ -147,6 +147,7 @@ char *get_preppedhdrs_from_map(char *mapstart, size_t *hlen)
                        cur = next + 1;
                }
        }
+       retstr[*hlen] = '\0';
 
        return retstr;
 }

diff --git a/src/mlmmj-send.c b/src/mlmmj-send.c
index d5458a5bbe3bff3a95b6c8112022424ae4b15a58..89de6881db0ac2cfa1c17264ff21cd057a9b3aeb 100644 (file)
--- a/src/mlmmj-send.c
+++ b/src/mlmmj-send.c
@@ -606,7 +606,7 @@ int main(int argc, char **argv)
        mail.size = st.st_size;
 
        if(mail.inmem) {
-               mail.hdrs = get_preppedhdrs_from_map(mail.map, &hdrslen);
+               mail.hdrs = get_preppedhdrs_from_map(mail.map, mail.size, &hdrslen);
                if(mail.hdrs == NULL) {
                        log_error(LOG_ARGS, "Could not prepare headers");
                        exit(EXIT_FAILURE);

diff --git a/tests/mlmmj.c b/tests/mlmmj.c
index fb7e42e9f5161d346217459d35644789bf1c6f1e..a04b30df5cb2d1e98694c22a8caf03fbf4c2dee8 100644 (file)
--- a/tests/mlmmj.c
+++ b/tests/mlmmj.c
@@ -125,6 +125,7 @@ ATF_TC_WITHOUT_HEAD(controls);
 ATF_TC_WITHOUT_HEAD(incindexfile);
 ATF_TC_WITHOUT_HEAD(log_oper);
 ATF_TC_WITHOUT_HEAD(get_preppedhdrs_from_map);
+ATF_TC_WITHOUT_HEAD(get_preppedhdrs_from_map_1);
 
 #ifndef NELEM
 #define NELEM(array)    (sizeof(array) / sizeof((array)[0]))
@@ -1876,6 +1877,7 @@ ATF_TC_BODY(log_oper, tc)
 ATF_TC_BODY(get_preppedhdrs_from_map, tc)
 {
        struct stat st;
+       char *hdr;
        FILE *f = fopen("./mailfile", "w+");
 
        fprintf(f, "head1: plop\nhead2\n\nbody\n");
@@ -1887,8 +1889,29 @@ ATF_TC_BODY(get_preppedhdrs_from_map, tc)
        char *map = mmap(0, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
        ATF_REQUIRE(map != NULL);
        size_t len = 0;
-       ATF_REQUIRE(get_preppedhdrs_from_map(map, &len) != NULL);
+       ATF_REQUIRE((hdr = get_preppedhdrs_from_map(map, st.st_size, &len)) != NULL);
        ATF_REQUIRE_EQ(len, 20);
+       ATF_REQUIRE(strncmp(hdr, "head1: plop\r\nhead2\r\n", len) == 0);
+       ATF_REQUIRE_STREQ(hdr, "head1: plop\r\nhead2\r\n");
+       munmap(map, st.st_size);
+       close(fd);
+}
+
+ATF_TC_BODY(get_preppedhdrs_from_map_1, tc)
+{
+       struct stat st;
+       FILE *f = fopen("./mailfile", "w+");
+
+       fprintf(f, "head1: plop\nhead2\nbody\n");
+       fclose(f);
+
+       stat("./mailfile", &st);
+       int fd = open("./mailfile", O_RDONLY);
+       ATF_REQUIRE(fd != -1);
+       char *map = mmap(0, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
+       ATF_REQUIRE(map != NULL);
+       size_t len = 0;
+       ATF_REQUIRE(get_preppedhdrs_from_map(map, st.st_size, &len) == NULL);
        munmap(map, st.st_size);
        close(fd);
 }
@@ -1959,6 +1982,7 @@ ATF_TP_ADD_TCS(tp)
        ATF_TP_ADD_TC(tp, incindexfile);
        ATF_TP_ADD_TC(tp, log_oper);
        ATF_TP_ADD_TC(tp, get_preppedhdrs_from_map);
+       ATF_TP_ADD_TC(tp, get_preppedhdrs_from_map_1);
 
        return (atf_no_error());
 }