1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 14:05:03 -05:00

Curl_smtp_escape_eob: fix EOB escaping

As the EOB string can come byte by byte over a series of writes we must
match byte-wise.

Bug: http://curl.haxx.se/mail/lib-2011-10/0172.html
This commit is contained in:
Daniel Stenberg 2011-10-20 00:13:09 +02:00
parent 2c8c46619b
commit 2621dd42a4

View File

@ -1661,35 +1661,36 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
} }
/* This loop can be improved by some kind of Boyer-Moore style of /* This loop can be improved by some kind of Boyer-Moore style of
approach but that is saved for later... */ approach but that is saved for later... */
for(i = 0, si = 0; i < nread; i++, si++) { for(i = 0, si = 0; i < nread; i++) {
ssize_t left = nread - i;
if(left >= (ssize_t)(SMTP_EOB_LEN - smtpc->eob)) { if(SMTP_EOB[smtpc->eob] == data->req.upload_fromhere[i])
if(!memcmp(SMTP_EOB + smtpc->eob, &data->req.upload_fromhere[i], smtpc->eob++;
SMTP_EOB_LEN - smtpc->eob)) { else if(smtpc->eob) {
/* It matched, copy the replacement data to the target buffer /* previously a substring matched, output that first */
instead. Note that the replacement does not contain the memcpy(&data->state.scratch[si], SMTP_EOB, smtpc->eob);
trailing CRLF but we instead continue to match on that one si += smtpc->eob;
to deal with repeated sequences. Like CRLF.CRLF.CRLF etc
*/ /* then compare the first byte */
memcpy(&data->state.scratch[si], SMTP_EOB_REPL, if(SMTP_EOB[smtpc->eob] == data->req.upload_fromhere[i])
SMTP_EOB_REPL_LEN); smtpc->eob=1;
si += SMTP_EOB_REPL_LEN - 1; /* minus one since the for() increments else
it */ smtpc->eob = 0;
i += SMTP_EOB_LEN - smtpc->eob - 1 - 2;
smtpc->eob = 0; /* start over */
continue;
}
}
else if(!memcmp(SMTP_EOB + smtpc->eob, &data->req.upload_fromhere[i],
left)) {
/* the last piece of the data matches the EOB so we can't send that
until we know the rest of it */
smtpc->eob += left;
break;
} }
data->state.scratch[si] = data->req.upload_fromhere[i]; if(SMTP_EOB_LEN == smtpc->eob) {
/* It matched, copy the replacement data to the target buffer
instead. Note that the replacement does not contain the
trailing CRLF but we instead continue to match on that one
to deal with repeated sequences. Like CRLF.CRLF.CRLF etc
*/
memcpy(&data->state.scratch[si], SMTP_EOB_REPL,
SMTP_EOB_REPL_LEN);
si += SMTP_EOB_REPL_LEN;
smtpc->eob = 2; /* start over at two bytes */
}
else if(!smtpc->eob)
data->state.scratch[si++] = data->req.upload_fromhere[i];
} /* for() */ } /* for() */
if(si != nread) { if(si != nread) {