Commit a4b7febb a4b7febbcb907b96181361824fac23e24485c023 by Sergey Poznyakoff

Fix possible output buffer overflow in base64 encoder.

* libmailutils/filter/base64.c (_base64_encoder): Continue after
incrementing nbytes.
* mh/mhn.c: Additional error checking.
1 parent 89669008
......@@ -267,12 +267,14 @@ _base64_encoder (void *xd,
{
case base64_init:
break;
case base64_newline:
*optr++ = '\n';
nbytes++;
lp->cur_len = 0;
lp->state = base64_rollback;
/* Fall through */
continue;
case base64_rollback:
if (lp->idx < 3)
{
......
......@@ -2187,9 +2187,14 @@ finish_text_msg (struct compose_env *env, mu_message_t *msg, int ascii)
MU_STREAM_READ);
if (rc == 0)
{
mu_stream_copy (output, fstr, 0, NULL);
rc = mu_stream_copy (output, fstr, 0, NULL);
mu_stream_destroy (&fstr);
mu_message_unref (*msg);
if (rc)
{
mu_diag_funcall (MU_DIAG_ERROR, "mu_stream_copy", NULL, rc);
exit (1);
}
*msg = newmsg;
}
else
......@@ -2533,7 +2538,12 @@ edit_mime (char *cmd, struct compose_env *env, mu_message_t *msg, int level)
mu_message_get_body (*msg, &body);
mu_body_get_streamref (body, &out);
mu_stream_copy (out, fstr, 0, NULL);
rc = mu_stream_copy (out, fstr, 0, NULL);
if (rc)
{
mu_diag_funcall (MU_DIAG_ERROR, "mu_stream_copy", NULL, rc);
exit (1);
}
mu_stream_close (out);
mu_stream_destroy (&out);
......