From 2167dd645e64107eee8af5072a02953f9eb0ffd5 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Sun, 3 Jul 2005 18:21:04 +0000
Subject: Nalin Dahyabhai's fix for sink.c/transact.c to reserve sufficient
 space for \r\n trailers in snprintf calls. Sent by Miloslav Trmac, possibly
 fixing Red Hat bug #114470.

svn path=/trunk/; revision=4071
---
 NEWS       | 3 +++
 sink.c     | 2 +-
 transact.c | 8 ++++----
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/NEWS b/NEWS
index 3b4c5564..a0103ce2 100644
--- a/NEWS
+++ b/NEWS
@@ -80,6 +80,9 @@ fetchmail 6.3.0 (not yet released officially):
   sizeof(int) != sizeof(size_t). (Matthias Andree)
 * Nalin Dahyabhai's fix for driver.c to not call the private Kerberos
   krb5_init_ets() function. Sent by Miloslav Trmac. (Matthias Andree)
+* Nalin Dahyabhai's fix for sink.c/transact.c to reserve sufficient
+  space for \r\n trailers in snprintf calls. Sent by Miloslav Trmac,
+  possibly fixing Red Hat bug #114470. (Matthias Andree).
 
 fetchmail-6.2.5 (Wed Oct 15 18:39:22 EDT 2003), 23079 lines:
 
diff --git a/sink.c b/sink.c
index 68a1739b..59c4fab7 100644
--- a/sink.c
+++ b/sink.c
@@ -1540,7 +1540,7 @@ va_dcl
 #else
     va_start(ap);
 #endif
-    vsnprintf(buf, sizeof(buf), fmt, ap);
+    vsnprintf(buf, sizeof(buf) - 2, fmt, ap);
     va_end(ap);
 
     snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "\r\n");
diff --git a/transact.c b/transact.c
index f9328df2..85cf0f38 100644
--- a/transact.c
+++ b/transact.c
@@ -1413,7 +1413,7 @@ va_dcl
     va_list ap;
 
     if (protocol->tagged && !suppress_tags)
-	(void) sprintf(buf, "%s ", GENSYM);
+        snprintf(buf, sizeof(buf) - 2, "%s ", GENSYM);
     else
 	buf[0] = '\0';
 
@@ -1422,7 +1422,7 @@ va_dcl
 #else
     va_start(ap);
 #endif
-    vsnprintf(buf + strlen(buf), sizeof(buf)-strlen(buf), fmt, ap);
+    vsnprintf(buf + strlen(buf), sizeof(buf)-2-strlen(buf), fmt, ap);
     va_end(ap);
 
     snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "\r\n");
@@ -1490,7 +1490,7 @@ va_dcl
     phase = SERVER_WAIT;
 
     if (protocol->tagged && !suppress_tags)
-	(void) sprintf(buf, "%s ", GENSYM);
+	snprintf(buf, sizeof(buf) - 2, "%s ", GENSYM);
     else
 	buf[0] = '\0';
 
@@ -1499,7 +1499,7 @@ va_dcl
 #else
     va_start(ap);
 #endif
-    vsnprintf(buf + strlen(buf), sizeof(buf)-strlen(buf), fmt, ap);
+    vsnprintf(buf + strlen(buf), sizeof(buf)-2-strlen(buf), fmt, ap);
     va_end(ap);
 
     snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "\r\n");
-- 
cgit v1.2.3