$NetBSD: patch-CVE-2012-4428,v 1.1 2013/02/14 16:51:32 drochner Exp $

try to prevent list overrun (upstream code is completely rewritten)

--- common/slp_compare.c.orig	2005-02-15 20:07:43.000000000 +0000
+++ common/slp_compare.c
@@ -270,9 +270,9 @@ int SLPContainsStringList(int listlen, 
         itembegin = itemend;
 
         /* seek to the end of the next list item */
-        while(1)
+        while(itemend != listend)
         {
-            if(itemend == listend || *itemend == ',')
+            if(*itemend == ',')
             {
                 if(*(itemend - 1) != '\\')
                 {
@@ -326,9 +326,9 @@ int SLPIntersectStringList(int list1len,
         itembegin = itemend;
 
         /* seek to the end of the next list item */
-        while(1)
+        while(itemend != listend)
         {
-            if(itemend == listend || *itemend == ',')
+            if(*itemend == ',')
             {
                 if(*(itemend - 1) != '\\')
                 {
@@ -415,9 +415,9 @@ int SLPUnionStringList(int list1len,
         itembegin = itemend;
 
         /* seek to the end of the next list item */
-        while(1)
+        while(itemend != listend)
         {
-            if(itemend == listend || *itemend == ',')
+            if(*itemend == ',')
             {
                 if(*(itemend - 1) != '\\')
                 {
