Index: bogofilter/src/lexer.c
===================================================================
--- bogofilter/src/lexer.c (revision 7029)
+++ bogofilter/src/lexer.c (revision 7030)
@@ -329,7 +329,7 @@
count += cnt;
/* Note: some malformed messages can cause xfgetsl() to report
- ** "Invalid buffer size, exiting." ** and then abort. This
+ ** "Invalid buffer size, exiting." and then abort. This
** can happen when the parser is in html mode and there's a
** leading '<' but no closing '>'.
**
@@ -343,9 +343,12 @@
if (count >= MAX_TOKEN_LEN * 2 &&
long_token(buff.t.u.text, (uint) count)) {
- uint start = buff.t.leng - count;
- uint length = count - max_token_len;
- buff_shift(&buff, start, length);
+ /* Make sure not to shift bytes outside the buffer */
+ if (buff.t.leng >= (uint) count) {
+ uint start = buff.t.leng - count;
+ uint length = count - max_token_len;
+ buff_shift(&buff, start, length);
+ }
count = buff.t.leng;
}
else
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7029)
+++ bogofilter/NEWS (revision 7030)
@@ -15,6 +15,14 @@
-------------------------------------------------------------------------------
+ 2015-02-28
+
+ * Fix the lexer to not try to delete parts from HTML tokens if it is
+ reading garbage (for instance, binary files misdeclared as HTML).
+ This was exposed on Fedora 20 and 21 but not Ubuntu 14.04 (x86_64),
+ and is possibly related to its newer flex 2.5.37 that may have
+ changed the way it uses yyinput() a bit. Reported by Matt Garretson.
+
2015-02-25
* Fix the lexer to handle MIME multipart messages properly when the