Critical fix: don't embed NUL in unterminated last IMAP line.

Found by Antoine Levitt.
author: Matthias Andree <matthias.andree@gmx.de> 2011-08-21 15:07:48 +0200
committer: Matthias Andree <matthias.andree@gmx.de> 2011-08-21 15:33:04 +0200
commit: 138baebcae334c2c222c0d0299148fe1aef0315c (patch)
tree: 3de1053601b6f7ea49ac15593892e22ecdf57a8c /transact.c
parent: ba842a38242a6c322c3324b476a9aeec40c2ccd3 (diff)
download: fetchmail-138baebcae334c2c222c0d0299148fe1aef0315c.tar.gz
fetchmail-138baebcae334c2c222c0d0299148fe1aef0315c.tar.bz2
fetchmail-138baebcae334c2c222c0d0299148fe1aef0315c.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/transact.c b/transact.c
index d1e4f6a9..ec8013a5 100644
--- a/transact.c
+++ b/transact.c
@@ -1435,7 +1435,15 @@ int readbody(int sock, struct query *ctl, flag forward, int len)
 	 * so we might end truncating messages prematurely.
 	 */
 	if (!protocol->delimited && linelen > len) {
+	    /* FIXME: HACK ALERT! This \r\n is only here to make sure the
+	     * \n\0 hunt works later on. The \n generated here was not
+	     * part of the original message!
+	     * The real fix will be to use buffer + length strings,
+	     * rather than 0-terminated C strings. */
+	    inbufp[len++] = '\r';
+	    inbufp[len++] = '\n';
 	    inbufp[len] = '\0';
+	    linelen = len;
 	}
 
 	len -= linelen;
author	Matthias Andree <matthias.andree@gmx.de>	2011-08-21 15:07:48 +0200
committer	Matthias Andree <matthias.andree@gmx.de>	2011-08-21 15:33:04 +0200
commit	138baebcae334c2c222c0d0299148fe1aef0315c (patch)
tree	3de1053601b6f7ea49ac15593892e22ecdf57a8c /transact.c
parent	ba842a38242a6c322c3324b476a9aeec40c2ccd3 (diff)
download	fetchmail-138baebcae334c2c222c0d0299148fe1aef0315c.tar.gz fetchmail-138baebcae334c2c222c0d0299148fe1aef0315c.tar.bz2 fetchmail-138baebcae334c2c222c0d0299148fe1aef0315c.zip