fix #H6867 - mail buffer overrun
Web contact report of a github pull request. A previous fix from
same user dealt with potential crash caused by freeing mailbox data
when the mailbox came from getenv("MAIL"). getenv() doesn't return
a value obtained by malloc so freeing it was bad. The fix was to
allocate memory to hold a copy of getenv("MAIL") so that free() was
valid. Unfortunately it didn't allocate enough space to hold the
terminating '\0' so potentially corrupted malloc/free bookkeeping
data. And the alloc+copy was being performed every time the mailbox
was checked, resulting in leaked memory from the previous check (if
MAIL came from player's environment). Fortunately the recheck only
takes place after new mail is actually detected and reported to the
player so the leak was probably small for most folks.
This compiles for the set of conditionals that apply to me (after
taking out -DNOMAIL that the hints put in my Makefile) but I can't
test that it actually works since mail is never delivered to this
machine.
projects / nethack / commit