aboutsummaryrefslogblamecommitdiff
path: root/mail/emil/files/patch-security-advisory
blob: b37072a49c07de6e3075a824867cc6ddf68bb36a (plain) (tree) 
3cdd75e6358d








































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104








































































































                                                                                       
--- mime.c.old	1996-06-04 15:36:59.000000000 +0200
+++ mime.c	2004-02-26 16:57:42.000000000 +0100
@@ -56,18 +56,18 @@
       if (match(m->sd->type, "TEXT"))
 	{
 	  if (m->td->charset != NULL)
-	    sprintf(buf, "%s; charset=\"%s\"", ct, m->td->charset);
+	    snprintf(buf, sizeof(buf), "%s; charset=\"%s\"", ct, m->td->charset);
 	  else
-	    sprintf(buf, "%s", ct);
+	    snprintf(buf, sizeof(buf), "%s", ct);
 	}
       else
 	if (match(m->sd->type, "MULTIPART"))
 	  {
 	    bb = (char *)getmimebound();
 	    if (m->sd->applefile == AMDOUBLE)
-	      sprintf(buf, "Multipart/AppleDouble; boundary=\"%s\"", bb);
+	      snprintf(buf, sizeof(buf), "Multipart/AppleDouble; boundary=\"%s\"", bb);
 	    else
-	      sprintf(buf,"%s; boundary=\"%s\"", ct, bb);
+	      snprintf(buf, sizeof(buf), "%s; boundary=\"%s\"", ct, bb);
 	    m->td->startbound = (char *)Yalloc(MIMEBOUNDLEN + 5);
 	    m->td->endbound = (char *)Yalloc(MIMEBOUNDLEN + 7);
 	    sprintf(m->td->startbound, "--%s", bb);
@@ -75,7 +75,7 @@
 	  }
 	else
 	  {
-	    sprintf(buf, "%s", ct);
+	    snprintf(buf, sizeof(buf), "%s", ct);
 	  }
     }
   else
@@ -87,7 +87,10 @@
   
   if (m->sd->name != NULL)
     {
-      sprintf(buf, "%s; name=\"%s\"", buf, m->sd->name);
+      char *buf2;
+      buf2 = strdup(buf);
+      snprintf(buf, sizeof(buf), "%s; name=\"%s\"", buf2, m->sd->name);
+      free(buf2);
     }
   add_header(m, "Content-Type", buf, MIME);
   if (bb != NULL)
--- uuencode.c.old	1996-06-04 15:37:02.000000000 +0200
+++ uuencode.c	2004-02-26 17:01:09.000000000 +0100
@@ -116,7 +116,7 @@
   /* Start with uuencode preamble */
   fix_filename(m);
 
-  sprintf(outb,"begin 644 %s\n", m->sd->name);
+  snprintf(outb, sizeof(outb), "begin 644 %s\n", m->sd->name);
   append_data(outbuf, outb, strlen(outb), pz);
   outbuf->lineend += 1;
   i = 0;
@@ -242,7 +242,7 @@
       inb++;
       inbuf->offset += 1;
     }
-  if ((i = sscanf(inb, "begin%*1[ ]%*3[0-7]%*1[ ]%s", filename)) != 1)
+  if ((i = sscanf(inb, "begin%*1[ ]%*3[0-7]%*1[ ]%511s", filename)) != 1)
     {
 #ifdef DEBUG
       if (edebug)
--- main.c.old	1996-06-04 15:36:58.000000000 +0200
+++ main.c	2004-02-26 17:02:18.000000000 +0100
@@ -177,7 +177,7 @@
 			sprintf(ebuf,"Invalid parameter to -f: %s",optarg);
 #ifdef DEBUG
 		  if (edebug)
-		    fprintf(stderr, ebuf);
+		    fprintf(stderr, "%s", ebuf);
 #endif
 			logger(LOG_WARNING,ebuf);
 		}
@@ -303,7 +303,7 @@
 		sprintf(ebuf,"Invalid flag: -%c",c);
 #ifdef DEBUG
 			if (edebug)
-			  fprintf(stderr, ebuf);
+			  fprintf(stderr, "%s", ebuf);
 #endif
 		logger(LOG_WARNING,ebuf);
 	}
@@ -359,7 +359,7 @@
 	sprintf(ebuf, "Invalid mailer specification %s", optarg);
 #ifdef DEBUG
 	if (edebug)
-	  fprintf(stderr, ebuf);
+	  fprintf(stderr, "%s", ebuf);
 #endif
 	logger(LOG_ERR, ebuf);
 	fprintf(stderr, "Emil: %s\n", ebuf);
@@ -448,7 +448,7 @@
 		);
 #ifdef DEBUG
       if (edebug)
-	fprintf(stderr, ebuf);
+	fprintf(stderr, "%s", ebuf);
 #endif
   logger(LOG_DEBUG,ebuf);
   if (source == NULL)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-12 11:27:23 +0000