NUL termination
Matt Armstrong
matt at lickey.com
Tue Jan 28 05:15:31 CET 2003
David Relson <relson at osagesoftware.com> writes:
> At 09:12 PM 1/27/03, Matthias Andree wrote:
>
>
>>As a side note, I noticed David "fixed" lexer stuff to NUL-terminate
>>strings. I wonder if that's safe, because we need to pass on NUL bytes
>>as far as possible -- instead of making low-level functions that do have
>>a count compatible with C strings (which is bound to wreak havoc when
>>NUL bytes are in the input because then strlen() doesn't match the
>>count), the functions that use C strings need to be fixed to use fwrite
>>and all that.
>
> Matthis,
>
> The lexer routines that work with the buffer use a byte count and
> don't stop on a NUL byte. I added the NUL byte because index() was
> going past the end of the buffer and segfaulting. My changes
> deliberately allow only size-1 bytes in the buffer so that the NUL
> byte can be stored at buffer[count] without going beyond the buffer.
> An alternate solution would be to use a length controlled version of
> index(). I think that would be overkill in this situation.
NUL is actually a valid character for mail content, so in general
using functions that are sensitive to NUL are a bad idea when
processing mail.
Though I doubt any spammer would start inserting NULs into mail to
defeat bogofilter, since it probably defeats most every MUA around.
E.g. I once inserted a NUL in an HTML page and the only browser I
could find that could render it was an early version of Netscape 4.x.
More information about the bogofilter-dev
mailing list