diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2010-04-18 18:01:38 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2010-04-18 18:06:35 +0200 |
| commit | ec06293134b85876f9201d8a52b844c41581b2b3 (patch) | |
| tree | 3fec8f3fea397c3c47f9ca1c73d73dd560a3bb55 /rfc822.c | |
| parent | 414a380974f78d0bb62ca953398bf1f54b28a58d (diff) | |
| download | fetchmail-ec06293134b85876f9201d8a52b844c41581b2b3.tar.gz fetchmail-ec06293134b85876f9201d8a52b844c41581b2b3.tar.bz2 fetchmail-ec06293134b85876f9201d8a52b844c41581b2b3.zip | |
SECURITY FIX: DoS on EILSEQ in report_*() in -vv and multibyte-locales.
Diffstat (limited to 'rfc822.c')
| -rw-r--r-- | rfc822.c | 17 |
1 files changed, 11 insertions, 6 deletions
@@ -25,6 +25,7 @@ MIT license. Compile with -DMAIN to build the demonstrator. #include <stdlib.h> #include "fetchmail.h" +#include "sdump.h" #ifndef MAIN #include "i18n.h" @@ -74,9 +75,10 @@ char *reply_hack( } #ifndef MAIN - if (outlevel >= O_DEBUG) - report_build(stdout, GT_("About to rewrite %.*s...\n"), - (int)BEFORE_EOL(buf), buf); + if (outlevel >= O_DEBUG) { + report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, BEFORE_EOL(buf)))); + xfree(cp); + } /* make room to hack the address; buf must be malloced */ for (cp = buf; *cp; cp++) @@ -211,9 +213,12 @@ char *reply_hack( } #ifndef MAIN - if (outlevel >= O_DEBUG) - report_complete(stdout, GT_("...rewritten version is %.*s.\n"), - (int)BEFORE_EOL(buf), buf); + if (outlevel >= O_DEBUG) { + report_complete(stdout, GT_("...rewritten version is %s.\n"), + (cp = sdump(buf, BEFORE_EOL(buf)))); + xfree(cp) + } + #endif /* MAIN */ *length = strlen(buf); return(buf); |