From 71b8b60b220945aa0c2b541bf144182e2bb6e032 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 5 Nov 2010 10:41:44 +0100
Subject: bugfix: segfault when an *empty* template was used

Bug: http://bugzilla.adiscon.com/show_bug.cgi?id=206
Thanks to David Hill for alerting us.
---
 ChangeLog  |  3 +++
 template.c | 12 ++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8b735a94..e78dcd48 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 ---------------------------------------------------------------------------
 Version 5.6.1  [V5-BETA] (rgerhards), 2010-??-??
+- bugfix: segfault when an *empty* template was used
+  Bug: http://bugzilla.adiscon.com/show_bug.cgi?id=206
+  Thanks to David Hill for alerting us.
 - bugfix: compile failed with --enable-unlimited-select
   thanks varmojfekoj for the patch
 ---------------------------------------------------------------------------
diff --git a/template.c b/template.c
index c46d144e..06949e45 100644
--- a/template.c
+++ b/template.c
@@ -85,7 +85,7 @@ rsRetVal tplToString(struct template *pTpl, msg_t *pMsg, uchar **ppBuf, size_t *
 {
 	DEFiRet;
 	struct templateEntry *pTpe;
-	int iBuf;
+	size_t iBuf;
 	unsigned short bMustBeFreed;
 	uchar *pVal;
 	size_t iLenVal;
@@ -141,7 +141,15 @@ rsRetVal tplToString(struct template *pTpl, msg_t *pMsg, uchar **ppBuf, size_t *
 		pTpe = pTpe->pNext;
 	}
 
-	(*ppBuf)[iBuf] = '\0'; /* space was reserved above (see copy) */
+	if(iBuf == *pLenBuf) {
+		/* in the weired case of an *empty* template, this can happen.
+		 * it is debatable if we should really fix it here or simply
+		 * forbid that case. However, performance toll is minimal, so 
+		 * I tend to permit it. -- 201011-05 rgerhards
+		 */
+		CHKiRet(ExtendBuf(ppBuf, pLenBuf, iBuf + 1));
+	}
+	(*ppBuf)[iBuf] = '\0';
 	
 finalize_it:
 	RETiRet;
-- 
cgit