Fix segfault when run control file ends with a backslash inside an

unterminated quoted string.
In quoted strings, support backslash as last character on a line to 
join the following line to the current.

svn path=/trunk/; revision=4446

3 files changed, 32 insertions, 17 deletions

diff --git a/NEWS b/NEWS
index b3bb8dea..2bd1958c 100644
--- a/NEWS
+++ b/NEWS
@@ -288,6 +288,10 @@ fetchmail 6.3.0 (not yet released officially):
   contain the control characters (CR or LF). Document explicitly the backslash
   escape sequences and their differences from the escape sequences used in the
   C programming language.  Matthias Andree
+* Fix segfault when run control file ends with a backslash inside an
+  unterminated quoted string. Matthias Andree.
+* In quoted strings, support backslash as last character on a line to join the
+  following line to the current. Matthias Andree.
 
 # INTERNAL CHANGES
 * Switched to automake. Matthias Andree.
diff --git a/fetchmail.man b/fetchmail.man
index 70e9c6ba..c1fedc0d 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -1320,26 +1320,29 @@ There are four kinds of tokens: grammar keywords, numbers
 A quoted string is bounded by double quotes and may contain
 whitespace (and quoted digits are treated as a string).  Note that
 quoted strings will also contain line feed characters if they run across
-two or more lines - so be sure that your strings are not word-wrapped
-unless you want the embedded CR or LF characters.
+two or more lines, unless you use a backslash to join lines (see below).
 An unquoted string is any whitespace-delimited token that is neither
 numeric, string quoted nor contains the special characters ',', ';',
 ':', or '='.
 .PP
 Any amount of whitespace separates tokens in server entries, but is
-otherwise ignored. You may use escapes (\en for LF, \et for HT,
-\&\eb for BS, \er for CR, \e\fInnn\fP for decimal (where nnn cannot start
-with a 0), \e0\fIooo\fP for octal, and \ex\fIhh\fP for hex) to embed
-non-printable characters or string delimiters in strings.
+otherwise ignored. You may use backslash escape sequences (\en for LF,
+\&\et for HT, \&\eb for BS, \er for CR, \e\fInnn\fP for decimal (where
+nnn cannot start with a 0), \e0\fIooo\fP for octal, and \ex\fIhh\fP for
+hex) to embed non-printable characters or string delimiters in strings.
+In quoted strings, a backslash at the very end of a line will cause the
+backslash itself and the line feed (LF or NL, new line) character to be
+ignored, so that you can wrap long strings. Without the backslash at the
+line end, the line feed character would become part of the string.
 .PP
 .B Warning:
-while these resemble C-style escape sequences, fetchmail only supports
-these seven styles. C supports more escape sequences that consist of
-backslash (\e) and a single character, but does not support decimal
-codes and does not require the leading 0 in octal notation.  Example:
-fetchmail interprets \e233 the same as \exE9 (Latin small letter e
-with acute), where C would interpret \e233 as octal 0233 = \ex9B (CSI,
-control sequence introducer).
+while these resemble C-style escape sequences, they are not the same.
+fetchmail only supports these eight styles. C supports more escape
+sequences that consist of backslash (\e) and a single character, but
+does not support decimal codes and does not require the leading 0 in
+octal notation.  Example: fetchmail interprets \e233 the same as \exE9
+(Latin small letter e with acute), where C would interpret \e233 as
+octal 0233 = \ex9B (CSI, control sequence introducer).
 .PP
 Each server entry consists of one of the keywords 'poll' or 'skip',
 followed by a server name, followed by server options, followed by any
@@ -2427,6 +2430,9 @@ Interactively entered passwords are truncated after 63 characters. If
 you really need to use a longer password, you will have to use a
 configuration file.
 .PP
+A backslash as the last character of a configuration file will be
+flagged as a syntax error rather than ignored.
+.PP
 Send comments, bug reports, gripes, and the like to the
 fetchmail-devel list <fetchmail-devel@lists.berlios.de>.  An HTML FAQ is
 available at the fetchmail home page; surf to
diff --git a/rcfile_l.l b/rcfile_l.l
index 89728f59..506e8e20 100644
--- a/rcfile_l.l
+++ b/rcfile_l.l
@@ -234,26 +234,30 @@ char		*tp;	/* target buffer for digested string */
     {
 	int	cval = 0;
 
-	if (*cp == '\\' && strchr("0123456789xX", cp[1]))
+	/* we MUST check for NUL explicitly, as strchr(string, 0) will
+	 * always succeed! */
+	if (*cp == '\\' && cp[1] && strchr("0123456789xX", cp[1]))
 	{
 	    char *dp;
 	    const char *hex = "00112233445566778899aAbBcCdDeEfF";
 	    int dcount = 0;
 
 	    if (*++cp == 'x' || *cp == 'X')
-		for (++cp; (dp = strchr(hex, *cp)) && (dcount++ < 2); cp++)
+		for (++cp; *cp && (dp = strchr(hex, *cp)) && (dcount++ < 2); cp++)
 		    cval = (cval * 16) + (dp - hex) / 2;
 	    else if (*cp == '0')
-		while (strchr("01234567",*cp) != (char*)NULL && (dcount++ < 3))
+		while (*cp && strchr("01234567",*cp) != (char*)NULL && (dcount++ < 3))
 		    cval = (cval * 8) + (*cp++ - '0');
 	    else
-		while ((strchr("0123456789",*cp)!=(char*)NULL)&&(dcount++ < 3))
+		while (*cp && (strchr("0123456789",*cp)!=(char*)NULL)&&(dcount++ < 3))
 		    cval = (cval * 10) + (*cp++ - '0');
 	}
 	else if (*cp == '\\')		/* C-style character escapes */
 	{
 	    switch (*++cp)
 	    {
+	    case '\n': cp++; continue;	/* backslash before LF to join lines */
+	    case '\0': goto done;	   /* ignore backslash at file end */
 	    case '\\': cval = '\\'; break;
 	    case 'n': cval = '\n'; break;
 	    case 't': cval = '\t'; break;
@@ -267,5 +271,6 @@ char		*tp;	/* target buffer for digested string */
 	    cval = *cp++;
 	*tp++ = cval;
     }
+done:
     *tp = '\0';
 }