From: Todd C. Miller <millert@openbsd.org>
Subject: Re: whois: use getline(3) instead of fgetln(3)
To: Omar Polo <op@omarpolo.com>
Cc: tech@openbsd.org
Date: Mon, 25 Mar 2024 09:53:41 -0600

On Mon, 25 Mar 2024 12:15:06 +0100, Omar Polo wrote:

> side question as it's not introduced with this but shouldn't we also do
>
> --- usr.bin/whois/whois.c
> +++ usr.bin/whois/whois.c
> @@ -275,7 +275,6 @@ whois(const char *query, const char *server, const cha
>  
>  		/* Verisign etc. */
>  		if (!(flags & WHOIS_SPAM_ME) &&
> -		    len >= sizeof(CHOPSPAM)-1 &&
>  		    (strncasecmp(buf, CHOPSPAM, sizeof(CHOPSPAM)-1) == 0 ||
>  		     strncasecmp(buf, &CHOPSPAM[4], sizeof(CHOPSPAM)-5) == 0)) 
> {
>  			printf("\n");
>
>
> as len is initialy the length of the line, but then the two go out of
> sync, and strncasecmp() is safe to call since buf is always
> NUL-terminated?

Yes, we should.  OK millert@ for that diff if you'd like to commit it.

 - todd