Fixed bug in prot_a_parse_string that sometimes caused it to try to allocate

4 Gbyte om memory.

src/server/prot-a-parse.c

@@ -103,6 +103,16 @@ prot_a_parse_string(Connection  *client,
     switch ( client->string_parse_pos )
     {
     case 0:
+	if ( (result->len != 0 || result->string != NULL) && err_cnt++ < 20 )
+	{
+	    log ("prot_a_parse_string(): result->len == %lu, "
+		 "result->string == %lu. This memory will not be free()'d.\n",
+		 (u_long)result->len, (u_long)result->string);
+	    *result = EMPTY_STRING;
+	    if ( err_cnt == 20 )
+		log("Won't log the above warning no more.");
+	}
+
 	/* Get number and discard trailing 'H' */
 	client_len = s_strtol(s_fsubstr(client->unparsed,
 					client->first_to_parse,
@@ -129,8 +139,10 @@ prot_a_parse_string(Connection  *client,
 
 	client->first_to_parse += 1 + hptr;
 	client->string_parse_pos = 1;
+	result->len = client_len; /* +++ Transfer */
 	/* Fall through */
     case 1:
+	client_len = result->len;
 	/* Check that the entire string is transmitted. */
 	/* (Don't care about the trailing part that will be skipped if the
 	 *  string is longer than maxlen) */
@@ -142,15 +154,7 @@ prot_a_parse_string(Connection  *client,
 	    longjmp(parse_env, ISC_MSG_INCOMPLETE);
 	}
 
-	if ( (result->len != 0 || result->string != NULL) && err_cnt++ < 20 )
-	{
-	    log ("prot_a_parse_string(): result->len == %lu, "
-		 "result->string == %lu. This memory will not be free()'d.\n",
-		 (u_long)result->len, (u_long)result->string);
-	    *result = EMPTY_STRING;
-	    if ( err_cnt == 20 )
-		log("Won't log the above warning no more.");
-	}
+	*result = EMPTY_STRING;
 
 	s_mem_crea_str(result,
 		       client->unparsed.string + client->first_to_parse,
@@ -164,7 +168,7 @@ prot_a_parse_string(Connection  *client,
 	/* Was the string too long? If so, skip the truncated data. */
 
 	client_len = result->len;
-	truncated_len = min(maxlen+1, result->len);
+	truncated_len = min(maxlen+1, client_len);
 	
 	if ( client_len > truncated_len )
 	{