summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--msg.c20
-rw-r--r--template.c2
3 files changed, 20 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 5001cf65..b3720489 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,12 @@ Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04
in tplToString() - thanks varmojfekoj for patching
- added a man-version of the config file documenation - thanks to Michel
Samia for providing the man file
+- fixed bug: a template like this causes an infinite loop:
+ $template opts,"%programname:::a,b%"
+ thanks varmojfekoj for the patch
+- fixed bug: case changing options crash freeing the string pointer
+ because they modify it: $template opts2,"%programname::1:lowercase%"
+ thanks varmojfekoj for the patch
---------------------------------------------------------------------------
Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31
- small mem leak fixed (after calling parseSelectorAct) - Thx varmojkekoj
diff --git a/msg.c b/msg.c
index 80cdb09e..6313d083 100644
--- a/msg.c
+++ b/msg.c
@@ -1435,6 +1435,7 @@ char *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe,
} else if(pTpe->data.field.iFromPos != 0 || pTpe->data.field.iToPos != 0) {
/* we need to obtain a private copy */
int iFrom, iTo;
+ char *pSb;
iFrom = pTpe->data.field.iFromPos;
iTo = pTpe->data.field.iToPos;
/* need to zero-base to and from (they are 1-based!) */
@@ -1450,19 +1451,20 @@ char *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe,
*pbMustBeFreed = 0;
return "**OUT OF MEMORY**";
}
+ pSb = pRes;
if(iFrom) {
/* skip to the start of the substring (can't do pointer arithmetic
* because the whole string might be smaller!!)
*/
- while(*pRes && iFrom) {
+ while(*pSb && iFrom) {
--iFrom;
- ++pRes;
+ ++pSb;
}
}
/* OK, we are at the begin - now let's copy... */
- while(*pRes && iLen) {
- *pBuf++ = *pRes;
- ++pRes;
+ while(*pSb && iLen) {
+ *pBuf++ = *pSb;
+ ++pSb;
--iLen;
}
*pBuf = '\0';
@@ -1523,6 +1525,7 @@ char *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe,
int iBufLen = strlen(pRes);
char *pBStart;
char *pB;
+ char *pSrc;
pBStart = pB = malloc((iBufLen + 1) * sizeof(char));
if(pB == NULL) {
if(*pbMustBeFreed == 1)
@@ -1530,11 +1533,12 @@ char *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe,
*pbMustBeFreed = 0;
return "**OUT OF MEMORY**";
}
- while(*pRes) {
+ pSrc = pRes;
+ while(*pSrc) {
*pB++ = (pTpe->data.field.eCaseConv == tplCaseConvUpper) ?
- toupper(*pRes) : tolower(*pRes);
+ toupper(*pSrc) : tolower(*pSrc);
/* currently only these two exist */
- ++pRes;
+ ++pSrc;
}
*pB = '\0';
if(*pbMustBeFreed == 1)
diff --git a/template.c b/template.c
index 7f9c70f0..91c24b24 100644
--- a/template.c
+++ b/template.c
@@ -420,6 +420,8 @@ static void doOptions(unsigned char **pp, struct templateEntry *pTpe)
/* check if we need to skip oversize option */
while(*p && *p != '%' && *p != ',')
++p; /* just skip */
+ if(*p == ',')
+ ++p; /* eat ',' */
/* OK, we got the option, so now lets look what
* it tells us...
*/