From 4f11e1dff8fc6d37557e5b25b879b9e6471e5a56 Mon Sep 17 00:00:00 2001
From: Rob Swindell <rob@synchro.net>
Date: Tue, 1 Mar 2022 22:42:59 -0800
Subject: [PATCH] Better detection of correctly-null-terminated body text

CID 229603
---
 src/sbbs3/fmsgdump.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/sbbs3/fmsgdump.c b/src/sbbs3/fmsgdump.c
index 943fd994bf..e95666e377 100644
--- a/src/sbbs3/fmsgdump.c
+++ b/src/sbbs3/fmsgdump.c
@@ -85,7 +85,7 @@ int msgdump(FILE* fp, const char* fname)
 	if(hdr.subj[sizeof(hdr.subj)-1] != 0)
 		fprintf(stderr,"%s Unterminated 'subj' field\n", fname);
 	if(hdr.time[sizeof(hdr.time)-1] != 0)
-		fprintf(stderr,"%s Untermianted 'time' field\n", fname);
+		fprintf(stderr,"%s Unterminated 'time' field\n", fname);
 
 
 	printf("Subj: %.*s\n", (int)sizeof(hdr.subj)-1, hdr.subj);
@@ -103,16 +103,17 @@ int msgdump(FILE* fp, const char* fname)
 		return(__COUNTER__);
 	}
 
-	char* body = calloc((end - sizeof(hdr)) + 1, 1);
+	long len = end - sizeof(hdr);
+	char* body = calloc(len + 1, 1);
 	if(body == NULL) {
 		fprintf(stderr, "!MALLOC failure\n");
 		return __COUNTER__;
 	}
 	fseek(fp, sizeof(hdr), SEEK_SET);
-	fread(body, end - sizeof(hdr), 1, fp);
+	fread(body, len, 1, fp);
 	fprintf(bodyfp, "\n-start of message text-\n");
 	char* p = body;
-	while(*p) {
+	while(*p && p < body + len) {
 		if((p == body || *(p - 1) == '\r') && *p == 1) {
 			fputc('@', ctrlfp);
 			p++;
@@ -132,7 +133,10 @@ int msgdump(FILE* fp, const char* fname)
 			fputc('\n', bodyfp);
 		}
 	}
-	fprintf(bodyfp, "-end of message text-\n");
+	if(p == (body + len) - 1)
+		fprintf(bodyfp, "-end of message text-\n");
+	else
+		fprintf(bodyfp, "-PREMATURE end of message text-\n");
 
 	free(body);
 	printf("\n");
-- 
GitLab