diff options
| author | Eric S. Raymond <esr@thyrsus.com> | 1997-09-22 20:25:34 +0000 |
|---|---|---|
| committer | Eric S. Raymond <esr@thyrsus.com> | 1997-09-22 20:25:34 +0000 |
| commit | 206e749fc33982847124b3714c2749f80e3b9407 (patch) | |
| tree | 45f892c4642c9d0999bbe4aaae96bcf05e0ad7ab | |
| parent | 349bb82a9c88ec849f27b42e904fecbdc159399f (diff) | |
| download | fetchmail-206e749fc33982847124b3714c2749f80e3b9407.tar.gz fetchmail-206e749fc33982847124b3714c2749f80e3b9407.tar.bz2 fetchmail-206e749fc33982847124b3714c2749f80e3b9407.zip | |
Prevent buffer overruns.
svn path=/trunk/; revision=1384
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | driver.c | 7 | ||||
| -rw-r--r-- | fetchmail.h | 2 | ||||
| -rw-r--r-- | rfc822.c | 15 |
4 files changed, 18 insertions, 7 deletions
@@ -15,7 +15,6 @@ ------------------------------------------------------------------------------ fetchmail-4.2.5 () -* Alexander Kourakos corrected his patch to avoid a buffer overrun. * Greg Stark's patch for better autoconfiguration on mixed libc5/libc6 systems. * We no longer mess with CFLAGS/LDFLAGS to get Kerberos support linked. @@ -562,8 +562,9 @@ int num; /* index of message */ } set_timeout(ctl->server.timeout); - /* leave extra room for reply_hack to play with */ - line = (char *) realloc(line, strlen(line) + strlen(buf) + HOSTLEN + 1); + + line = (char *) realloc(line, strlen(line) + strlen(buf) +1); + strcat(line, buf); if (line[0] == '\r' && line[1] == '\n') break; @@ -671,7 +672,7 @@ int num; /* index of message */ } if (ctl->rewrite) - reply_hack(line, realname); + line = reply_hack(line, realname); if (!headers) { diff --git a/fetchmail.h b/fetchmail.h index 376c5f83..f9de3d20 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -237,7 +237,7 @@ int gen_transact (); #endif /* rfc822.c: RFC822 header parsing */ -void reply_hack(char *, const char *); +char *reply_hack(char *, const char *); char *nxtaddr(const char *); /* uid.c: UID support */ @@ -20,13 +20,14 @@ static int verbose; #endif /* TESTMAIN */ -void reply_hack(buf, host) +char *reply_hack(buf, host) /* hack message headers so replies will work properly */ char *buf; /* header to be hacked */ const char *host; /* server hostname */ { char *from, *cp; int parendepth, state, has_bare_name_part, has_host_part; + int addresscount = 1; if (strncasecmp("From: ", buf, 6) && strncasecmp("To: ", buf, 4) @@ -34,9 +35,17 @@ const char *host; /* server hostname */ && strncasecmp("Return-Path: ", buf, 13) && strncasecmp("Cc: ", buf, 4) && strncasecmp("Bcc: ", buf, 5)) { - return; + return(buf); } +#ifndef TESTMAIN + /* make room to hack the address; buf must be malloced */ + for (cp = buf; *cp; cp++) + if (*cp == ',' || isspace(*cp)) + addresscount++; + buf = (char *)realloc(buf, strlen(buf) + addresscount * strlen(host) + 1); +#endif /* TESTMAIN */ + parendepth = state = 0; has_host_part = has_bare_name_part = FALSE; for (from = buf; *from; from++) @@ -130,6 +139,8 @@ const char *host; /* server hostname */ has_host_part = has_bare_name_part = FALSE; } } + + return(buf); } char *nxtaddr(hdr) |