From a92017cfc7b41989d87287f62df3451accce400c Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 4 Sep 2007 15:32:00 +0000 Subject: - fixed bug: a template like this causes an infinite loop: $template opts,"%programname:::a,b%" thanks varmojfekoj for the patch - fixed bug: case changing options crash freeing the string pointer because they modify it: $template opts2,"%programname::1:lowercase%" thanks varmojfekoj for the patch --- ChangeLog | 6 ++++++ msg.c | 20 ++++++++++++-------- template.c | 2 ++ 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5001cf65..b3720489 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,12 @@ Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04 in tplToString() - thanks varmojfekoj for patching - added a man-version of the config file documenation - thanks to Michel Samia for providing the man file +- fixed bug: a template like this causes an infinite loop: + $template opts,"%programname:::a,b%" + thanks varmojfekoj for the patch +- fixed bug: case changing options crash freeing the string pointer + because they modify it: $template opts2,"%programname::1:lowercase%" + thanks varmojfekoj for the patch --------------------------------------------------------------------------- Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31 - small mem leak fixed (after calling parseSelectorAct) - Thx varmojkekoj diff --git a/msg.c b/msg.c index 80cdb09e..6313d083 100644 --- a/msg.c +++ b/msg.c @@ -1435,6 +1435,7 @@ char *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, } else if(pTpe->data.field.iFromPos != 0 || pTpe->data.field.iToPos != 0) { /* we need to obtain a private copy */ int iFrom, iTo; + char *pSb; iFrom = pTpe->data.field.iFromPos; iTo = pTpe->data.field.iToPos; /* need to zero-base to and from (they are 1-based!) */ @@ -1450,19 +1451,20 @@ char *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, *pbMustBeFreed = 0; return "**OUT OF MEMORY**"; } + pSb = pRes; if(iFrom) { /* skip to the start of the substring (can't do pointer arithmetic * because the whole string might be smaller!!) */ - while(*pRes && iFrom) { + while(*pSb && iFrom) { --iFrom; - ++pRes; + ++pSb; } } /* OK, we are at the begin - now let's copy... */ - while(*pRes && iLen) { - *pBuf++ = *pRes; - ++pRes; + while(*pSb && iLen) { + *pBuf++ = *pSb; + ++pSb; --iLen; } *pBuf = '\0'; @@ -1523,6 +1525,7 @@ char *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, int iBufLen = strlen(pRes); char *pBStart; char *pB; + char *pSrc; pBStart = pB = malloc((iBufLen + 1) * sizeof(char)); if(pB == NULL) { if(*pbMustBeFreed == 1) @@ -1530,11 +1533,12 @@ char *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, *pbMustBeFreed = 0; return "**OUT OF MEMORY**"; } - while(*pRes) { + pSrc = pRes; + while(*pSrc) { *pB++ = (pTpe->data.field.eCaseConv == tplCaseConvUpper) ? - toupper(*pRes) : tolower(*pRes); + toupper(*pSrc) : tolower(*pSrc); /* currently only these two exist */ - ++pRes; + ++pSrc; } *pB = '\0'; if(*pbMustBeFreed == 1) diff --git a/template.c b/template.c index 7f9c70f0..91c24b24 100644 --- a/template.c +++ b/template.c @@ -420,6 +420,8 @@ static void doOptions(unsigned char **pp, struct templateEntry *pTpe) /* check if we need to skip oversize option */ while(*p && *p != '%' && *p != ',') ++p; /* just skip */ + if(*p == ',') + ++p; /* eat ',' */ /* OK, we got the option, so now lets look what * it tells us... */ -- cgit