Fix heap corruption of qp_decode()
qp_decode (quoted-printable in-place decode of a string) could write 2 characters *beyond* the allocated buffer by appending "\r\n" to a string that was not quoted-printable in the first place. i.e. the contents of buf were not actually changed in the decode loop. This could result in a corrupted heap and crash of sbbs or smbutil when reading such a message. This change may result in a lack of CRLF appended to decoded plain text output, so we'll have to keep an eye out for that and resolve it some other way. One possibility could be to only append the CRLF if the destination pointer is sufficiently behind the source pointer. This solves the crash that Kirkman reported with a specific message in his "mail" base. The header for the message said it was quoted-printable encoded, but the body text was not actually encoded at all: OtherHeader Content-Type: text/plain; charset="iso-8859-1" OtherHeader MIME-Version: 1.0 OtherHeader Content-Transfer-Encoding: quoted-printable
| Status | Job ID | Name | Coverage | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Build | |||||||||
| passed |
#33226
FreeBSD
|
jsdoor-freebsd |
00:04:16
|
|
|||||
| passed |
#33227
Linux
|
jsdoor-linux |
00:06:46
|
|
|||||
| passed |
#33229
FreeBSD
|
jsdoor-windows |
00:01:57
|
|
|||||
| passed |
#33221
FreeBSD
|
sbbs-freebsd |
00:05:45
|
|
|||||
| passed |
#33216
Linux
|
sbbs-linux |
00:10:02
|
|
|||||
| passed |
#33219
Windows
|
sbbs-windows |
00:05:08
|
|
|||||
| passed |
#33228
FreeBSD
|
sexpots-freebsd |
00:00:13
|
|
|||||
| passed |
#33217
Linux
|
sexpots-linux |
00:00:26
|
|
|||||
| passed |
#33220
Windows
|
sexpots-windows |
00:00:23
|
|
|||||
| passed |
#33224
FreeBSD
|
syncdraw-freebsd |
00:00:26
|
|
|||||
| passed |
#33225
Linux
|
syncdraw-linux |
00:01:07
|
|
|||||
| passed |
#33222
FreeBSD
|
syncterm-freebsd |
00:01:04
|
|
|||||
| passed |
#33218
Linux
|
syncterm-linux |
00:03:05
|
|
|||||
| passed |
#33223
FreeBSD
|
syncterm-windows |
00:01:48
|
|
|||||