From: mortenp <none@none>
Date: Sun, 12 Nov 2006 21:10:33 +0000 (+1100)
Subject: Fixed invalid read in cleanquotedp()
X-Git-Tag: RELEASE_1_2_12_RC4~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7d90f2fa266966fa7be8bc5accc5c4d5ca4d90d8;p=thirdparty%2Fmlmmj.git

Fixed invalid read in cleanquotedp()
---

diff --git a/ChangeLog b/ChangeLog
index c8c4c184..a8665495 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+ o Fixed invalid read in cleanquotedp()
  o Fixed bug in gethdrline() introduced in 1.2.12-RC3
 1.2.12-RC4
  o Fixed memory leak in checkwait_smtpreply()
diff --git a/src/strgen.c b/src/strgen.c
index 9121f4c3..ed97f5f1 100644
--- a/src/strgen.c
+++ b/src/strgen.c
@@ -29,6 +29,7 @@
 #include <netdb.h>
 #include <libgen.h>
 #include <time.h>
+#include <ctype.h>
 
 #include "strgen.h"
 #include "wrappers.h"
@@ -194,12 +195,16 @@ char *cleanquotedp(const char *qpstr)
 	retstr = mymalloc(len + 1);
 	retstr[len] = '\0';
 	qc[2] = '\0';
-	while(*c != '\0') {
+	while(c < qpstr+len) {
 		switch(*c) {
 			case '=':
-				qc[0] = *(++c);
-				qc[1] = *(++c);
 				c++;
+				if (!isxdigit(*c))
+					break;
+				qc[0] = *(c++);
+				if (!isxdigit(*c))
+					break;
+				qc[1] = *(c++);
 				qcval = strtol(qc, NULL, 16);
 				if(qcval)
 					retstr[i++] = (char)qcval;