[tin-dev] [PATCH] guard get_only_respcode(strtol()) against \0

Urs Jan├čen urs at tin.org
Thu Nov 5 20:13:59 CET 2015


shouldn't show up the real world but was found with
zzuf -p 119 -n -E'.' -r 0.01 -P '\n' -R '\x00-\x1f\x7f-\xff' -b4- tin -r[..]

=== modified file 'src/nntplib.c'
--- src/nntplib.c	2015-11-01 17:07:01 +0000
+++ src/nntplib.c	2015-11-05 18:47:22 +0000
@@ -1745,7 +1745,7 @@
 		put_server(last_put);
 		ptr = tin_fgets(FAKE_NNTP_FP, FALSE);
 
-		if (tin_errno) {
+		if (tin_errno || ptr == NULL) {
 #	ifdef DEBUG
 			if (debug & DEBUG_NNTP)
 				debug_print_file("NNTP", "<<<%sError: tin_errno <> 0", logtime());






More information about the tin-dev mailing list