Fix possible output buffer overflow in base64 encoder.

* libmailutils/filter/base64.c (_base64_encoder): Continue after incrementing nbytes. * mh/mhn.c: Additional error checking.

Fix possible output buffer overflow in base64 encoder.
* libmailutils/filter/base64.c (_base64_encoder): Continue after incrementing nbytes. * mh/mhn.c: Additional error checking.
Sergey Poznyakoff
Commit a4b7febb ... a4b7febbcb907b96181361824fac23e24485c023 authored 2011-12-12 14:07:26 +0200 by Sergey Poznyakoff
Showing 2 changed files with 16 additions and 4 deletions
libmailutils/filter/base64.c
mh/mhn.c
--- a/libmailutils/filter/base64.c
View file @a4b7feb
+++ b/libmailutils/filter/base64.c
View file @a4b7feb
@@ -267,12 +267,14 @@ _base64_encoder (void *xd,
 	{
 	case base64_init:
 	  break;
+
 	case base64_newline:
 	  *optr++ = '\n';
 	  nbytes++;
 	  lp->cur_len = 0;
 	  lp->state = base64_rollback;
-	  /* Fall through */
+	  continue;
+
 	case base64_rollback:
 	  if (lp->idx < 3)
 	    {
--- a/mh/mhn.c
View file @a4b7feb
+++ b/mh/mhn.c
View file @a4b7feb
@@ -2187,9 +2187,14 @@ finish_text_msg (struct compose_env *env, mu_message_t *msg, int ascii)
 			     MU_STREAM_READ);
      if (rc == 0)
 	{
-	  mu_stream_copy (output, fstr, 0, NULL);
+	  rc = mu_stream_copy (output, fstr, 0, NULL);
 	  mu_stream_destroy (&fstr);
 	  mu_message_unref (*msg);
+	  if (rc)
+	    {
+	      mu_diag_funcall (MU_DIAG_ERROR, "mu_stream_copy", NULL, rc);
+	      exit (1);
+	    }
 	  *msg = newmsg;
 	}
      else
@@ -2533,8 +2538,13 @@ edit_mime (char *cmd, struct compose_env *env, mu_message_t *msg, int level)

  mu_message_get_body (*msg, &body);
  mu_body_get_streamref (body, &out);
-  mu_stream_copy (out, fstr, 0, NULL);
-
+  rc = mu_stream_copy (out, fstr, 0, NULL);
+  if (rc)
+    {
+      mu_diag_funcall (MU_DIAG_ERROR, "mu_stream_copy", NULL, rc);
+      exit (1);
+    }
+  
  mu_stream_close (out);
  mu_stream_destroy (&out);
  mu_stream_destroy (&fstr);