yyredo and yy_use_redo_text
David Relson
relson at osagesoftware.com
Sat May 10 03:54:48 CEST 2003
Matthias,
The yyredo code is a crude hack because I didn't have a better way to
reprocess part of an input line and bogofilter needs to do that at
times. Since then, I have learned more about flex and how it works. I can
probably rewrite the code so that it is simpler and clearer. If you care
to take on that task, feel free to do so.
In any case, yy_use_redo_text does not present any vulnerabilities. I'll
try to explain why...
When parsing some of the header fields, bogofilter takes two actions. The
first is to call a function to process the whole line. The second is to
tokenize the informational portion of the line. These actions are driven
by code in lexer_v3.l, which has 4 calls to yyredo(). In each case
yyredo() is called with the line that has just been processed and a
delimiting character. yyredo() saves the part of the line after the
delimiter in yysave.
The next time get_decoded_line() is called, yy_use_redo_text() will be
called to return the text in yysave. At the time of this call, the "buff_t
*buff" parameter represents flex's buffer which has just been cleared by
the first function call (described above). What's put into "buff" is
always less than what was there previously.
The code may be more complex than necessary (and likely is). None the
less, it's safe.
David
More information about the bogofilter-dev
mailing list