Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:bmwiedemann:reproducible:distribution:ring1
metamail
metamail-2.7-19-security.dif
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File metamail-2.7-19-security.dif of Package metamail
--- a/metamail/metamail.c +++ b/metamail/metamail.c @@ -445,7 +445,7 @@ int nestingdepth; } LineBuf = malloc(LINE_BUF_SIZE); if (!LineBuf) ExitWithError(nomem); - sprintf(LineBuf, "--%s", boundary); + snprintf(LineBuf, LINE_BUF_SIZE, "--%s", boundary); strcpy(boundary, LineBuf); boundarylen = strlen(boundary); if (BoundaryCt >= BoundaryAlloc) { @@ -1202,9 +1202,9 @@ char *SquirrelFile; fprintf(outfp, "Content-type: %s", ContentType); for (j=0; j<CParamsUsed; ++j) { fprintf(outfp, " ; "); - fprintf(outfp, CParams[j]); + fprintf(outfp, "%s", CParams[j]); fprintf(outfp, " = "); - fprintf(outfp, CParamValues[j]); + fprintf(outfp, "%s", CParamValues[j]); } fprintf(outfp, "\n\n"); TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType); @@ -2022,7 +2022,8 @@ int ShowLeadingWhitespace; if (lc2strcmp(charset, PrevCharset)) { char *s2, *charsetinuse; - strcpy(PrevCharset, charset); + strncpy(PrevCharset, charset, sizeof(PrevCharset)); + PrevCharset[sizeof(PrevCharset) - 1] = '\0'; for (s2=PrevCharset; *s2; ++s2) { if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2); } @@ -2032,7 +2033,7 @@ int ShowLeadingWhitespace; } } if (ecode == ENCODING_NONE) { - printf(txt+1); + printf("%s", txt+1); } else { /* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */ MkTmpFileName(TmpFile); @@ -2115,7 +2116,7 @@ struct part **PartsWritten; if (boundary[0] == '"') { boundary=UnquoteString(boundary); } - sprintf(LineBuf, "--%s", boundary); + snprintf(LineBuf, LINE_BUF_SIZE, "--%s", boundary); strcpy(boundary, LineBuf); boundarylen = strlen(boundary); if (BoundaryCt >= BoundaryAlloc) { --- a/metamail/splitmail.c +++ b/metamail/splitmail.c @@ -194,7 +194,7 @@ char **argv; s = endofheader(from); /* would be index(from, '\n'), but need to check for continuation lines */ *s = '\0'; - if (ShareThisHeader(from, SubjectBuf, &OrigID)) { + if (ShareThisHeader(from, SubjectBuf, sizeof(SubjectBuf), &OrigID)) { strcat(SharedHeaders, from); strcat(SharedHeaders, "\n"); } @@ -339,9 +339,10 @@ static char *SharedHeads[] = { NULL }; -ShareThisHeader(s, SubjectBuf, OrigID) +ShareThisHeader(s, SubjectBuf, SubjectBufLen, OrigID) char *s; char *SubjectBuf; +size_t SubjectBufLen; char **OrigID; { int i; @@ -361,7 +362,8 @@ char **OrigID; } if (!ULstrcmp(s, "subject")) { *colon = ':'; - strcpy(SubjectBuf, ++colon); + strncpy(SubjectBuf, ++colon, SubjectBufLen); + SubjectBuf[SubjectBufLen - 1] = '\0'; return(0); } if (!ULstrcmp(s, "content-type")) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor