Fix buffer underread for empty header values. (closes #3736)

When a header has no value (*p == '\0' so l == 0), do not read outside
the buffer but print the newline anyway when a tag is already printed
(col != 0).

Caught by ASAN while opening a draft with no Subject.

diff --git a/sendlib.c b/sendlib.c
index f364f9f1eb374f0e5b0ebfb6ac9dbd80d216937e..9a3242ba0944ac0998c4b206c9f20a4c08dfad7d 100644 (file)
--- a/sendlib.c
+++ b/sendlib.c
@@ -1728,7 +1728,7 @@ static int fold_one_header (FILE *fp, const char *tag, const char *value,
 
   /* if we have printed something but didn't \n-terminate it, do it
    * except the last word we printed ended in \n already */
-  if (col && buf[l - 1] != '\n')
+  if (col && (l == 0 || buf[l - 1] != '\n'))
     if (putc ('\n', fp) == EOF)
       return -1;