konijn@ace.UUCP (03/24/87)
Index: /usr/src/new/mh/sbr/m_getfld.c
Description:
The MH package as distributed on the Florence EUUG tape and
with BSD 4.3 was tuned for speed on a vax. It shows.
The routine matchc() is written both in vax assembler and
C code. The C version can find a match even after the
end of the string to be searched. This means inc(1)
can copy a chunk of data too large to fit the output buffer,
corrupting the malloc(3) administration.
Repeat-By:
Receive a message with lots of "\nFro" strings in it,
hope for a specific constellation of buffer and message sizes
and watch inc(1) drop core.
Fix:
Apply the following diff to ~mh/sbr/m_getfld.c for a new
implementation of matchc().
*** m_getfld.c Fri Mar 20 15:59:20 1987
--- /tmp/1 Fri Mar 20 16:47:35 1987
***************
*** 579,605 ****
register int strln;
register char *str;
{
! register char *s;
! register char *p;
! register int pcnt;
! register char pfirst;
! strln -= patln;
! patln --;
! pfirst = *pat++;
! while (strln-- >= 0) {
! s = str;
! if (*s++ == pfirst) {
! p = pat;
! pcnt = patln;
! do {
! if (pcnt-- == 0)
! return str;
! } while (*p++ == *s++);
! }
! str++;
}
- return 0;
}
#endif
--- 579,601 ----
register int strln;
register char *str;
{
! register char *pp;
! register int pl;
! register char pc = *pat++;
! for(;;) {
! while (pc != *str++ && --strln > 0)
! ;
! if (strln < 0)
! return 0;
!
! pp = pat; pl = patln;
! while (--pl > 0 && *str++ == *pp++)
! ;
! str += (pl - patln);
! if (pl == 0)
! return (str);
}
}
#endif
---------
Erik van Konijnenburg, <konijn@ace.nl>, ...!mcvax!ace!konijn,
ACE Associated Computer Experts bv, Amsterdam, the Netherlandskonijn@ace.UUCP (04/14/87)
Index: /usr/src/new/mh/uip/scansbr.c
Description:
The inc(1) command, part of MH-6.4, will loose mail
if writing in a folder fails. This happens only for
small messages.
Repeat-By:
For System V systems:
sh
$ date | mail me
$ ulimit -f 0
$ inc
incorporating new mail ...
$ inc
no mail to incorporate ...
$ scan last
25 empty
$ ^D
Fix:
Test return value of fclose().
*** /tmp/1 Tue Apr 14 20:27:45 1987
--- scansbr.c Tue Apr 14 20:16:01 1987
***************
*** 263,269 ****
*--nxtbuf = tmpbuf;
if (outnum)
! (void) fclose (scnout);
return (state != FILEEOF ? SCNERR : encrypted ? SCNENC : SCNMSG);
}
--- 263,270 ----
*--nxtbuf = tmpbuf;
if (outnum)
! if (fclose (scnout) == EOF)
! adios (scnmsg, "Write error on");
return (state != FILEEOF ? SCNERR : encrypted ? SCNENC : SCNMSG);
}
---------
Erik van Konijnenburg, <konijn@ace.nl>, ...!mcvax!ace!konijn,
ACE Associated Computer Experts bv, Amsterdam, the Netherlands