Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.1:Update
dovecot11
dovecot-1.1.x_sieve_buffer_overflows.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File dovecot-1.1.x_sieve_buffer_overflows.patch of Package dovecot11
# HG changeset patch # User Timo Sirainen <tss@iki.fi> # Date 1252884667 14400 # Node ID 049f2252062869c1ec70d854e7160e46d70bd41b # Parent 4577c4e1130d3f5a7d9919181cf8282879d975d1 libsieve: Another sprintf() buffer overflow fix. (Forgot to change .y file in previous commit.) --- dovecot-sieve-1.1.5/src/libsieve/sieve.y Sun Sep 13 19:26:42 2009 -0400 +++ dovecot-sieve-1.1.5/src/libsieve/sieve.y Sun Sep 13 19:31:07 2009 -0400 @@ -1135,7 +1135,7 @@ static int verify_relat(char *r) else if (!strcmp(r, "ne")) {return NE;} else if (!strcmp(r, "eq")) {return EQ;} else{ - sprintf(errbuf, "flag '%s': not a valid relational operation", r); + snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational operation", r); yyerror(errbuf); return -1; } # HG changeset patch # User Timo Sirainen <tss@iki.fi> # Date 1252884402 14400 # Node ID 4577c4e1130d3f5a7d9919181cf8282879d975d1 # Parent c1402bcf9bd36a7006a3004ace7f0ab30aa34f64 libsieve: Fixed several sprintf() buffer overflows. --- dovecot-sieve-1.1.5/src/libsieve/bc_eval.c Tue Sep 01 13:24:21 2009 -0400 +++ dovecot-sieve-1.1.5/src/libsieve/bc_eval.c Sun Sep 13 19:26:42 2009 -0400 @@ -477,7 +477,7 @@ static int eval_bc_test(sieve_interp_t * int comparator=ntohl(bc[i+3].value); int apart=ntohl(bc[i+4].value); int count=0; - char scount[3]; + char scount[20]; int isReg = (match==B_REGEX); int ctag = 0; regex_t *reg; @@ -646,7 +646,7 @@ static int eval_bc_test(sieve_interp_t * int relation=ntohl(bc[i+2].value); int comparator=ntohl(bc[i+3].value); int count=0; - char scount[3]; + char scount[20]; int isReg = (match==B_REGEX); int ctag = 0; regex_t *reg; @@ -767,7 +767,7 @@ static int eval_bc_test(sieve_interp_t * int transform=ntohl(bc[i+4].value); /*int offset=ntohl(bc[i+5].value);*/ int count=0; - char scount[3]; + char scount[20]; int isReg = (match==B_REGEX); int ctag = 0; regex_t *reg; --- dovecot-sieve-1.1.5/src/libsieve/script.c Tue Sep 01 13:24:21 2009 -0400 +++ dovecot-sieve-1.1.5/src/libsieve/script.c Sun Sep 13 19:26:42 2009 -0400 @@ -609,9 +609,9 @@ static int do_sieve_error(int ret, if ((ret != SIEVE_OK) && interp->err) { char buf[1024]; if (lastaction == -1) /* we never executed an action */ - sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret)); + snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg : sieve_errstr(ret)); else - sprintf(buf, "%s: %s", action_to_string(lastaction), + snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction), errmsg ? errmsg : sieve_errstr(ret)); ret |= interp->execute_err(buf, interp->interp_context, @@ -629,7 +629,7 @@ static int do_sieve_error(int ret, ret |= keep_ret; if (keep_ret == SIEVE_OK) snprintf(actions_string+strlen(actions_string), - sizeof(actions_string)-strlen(actions_string), + ACTIONS_STRING_LEN-strlen(actions_string), "Kept\n"); else { implicit_keep = 0; /* don't try an implicit keep again */ @@ -682,7 +682,7 @@ static int do_action_list(sieve_interp_t if (ret == SIEVE_OK) snprintf(actions_string+strlen(actions_string), - sizeof(actions_string)-strlen(actions_string), + ACTIONS_STRING_LEN-strlen(actions_string), "Rejected with: %s\n", a->u.rej.msg); break; @@ -697,7 +697,7 @@ static int do_action_list(sieve_interp_t if (ret == SIEVE_OK) snprintf(actions_string+strlen(actions_string), - sizeof(actions_string)-strlen(actions_string), + ACTIONS_STRING_LEN-strlen(actions_string), "Filed into: %s\n",a->u.fil.mailbox); break; case ACTION_KEEP: @@ -710,7 +710,7 @@ static int do_action_list(sieve_interp_t &errmsg); if (ret == SIEVE_OK) snprintf(actions_string+strlen(actions_string), - sizeof(actions_string)-strlen(actions_string), + ACTIONS_STRING_LEN-strlen(actions_string), "Kept\n"); break; case ACTION_REDIRECT: @@ -723,7 +723,7 @@ static int do_action_list(sieve_interp_t &errmsg); if (ret == SIEVE_OK) snprintf(actions_string+strlen(actions_string), - sizeof(actions_string)-strlen(actions_string), + ACTIONS_STRING_LEN-strlen(actions_string), "Redirected to %s\n", a->u.red.addr); break; case ACTION_DISCARD: @@ -734,7 +734,7 @@ static int do_action_list(sieve_interp_t &errmsg); if (ret == SIEVE_OK) snprintf(actions_string+strlen(actions_string), - sizeof(actions_string)-strlen(actions_string), + ACTIONS_STRING_LEN-strlen(actions_string), "Discarded\n"); break; @@ -760,12 +760,12 @@ static int do_action_list(sieve_interp_t if (ret == SIEVE_OK) snprintf(actions_string+strlen(actions_string), - sizeof(actions_string)-strlen(actions_string), + ACTIONS_STRING_LEN-strlen(actions_string), "Sent vacation reply\n"); } else if (ret == SIEVE_DONE) { snprintf(actions_string+strlen(actions_string), - sizeof(actions_string)-strlen(actions_string), + ACTIONS_STRING_LEN-strlen(actions_string), "Vacation reply suppressed\n"); ret = SIEVE_OK;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor