From ec06293134b85876f9201d8a52b844c41581b2b3 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sun, 18 Apr 2010 18:01:38 +0200 Subject: SECURITY FIX: DoS on EILSEQ in report_*() in -vv and multibyte-locales. --- rfc822.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'rfc822.c') diff --git a/rfc822.c b/rfc822.c index 6f2dbf30..dbcda322 100644 --- a/rfc822.c +++ b/rfc822.c @@ -25,6 +25,7 @@ MIT license. Compile with -DMAIN to build the demonstrator. #include #include "fetchmail.h" +#include "sdump.h" #ifndef MAIN #include "i18n.h" @@ -74,9 +75,10 @@ char *reply_hack( } #ifndef MAIN - if (outlevel >= O_DEBUG) - report_build(stdout, GT_("About to rewrite %.*s...\n"), - (int)BEFORE_EOL(buf), buf); + if (outlevel >= O_DEBUG) { + report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, BEFORE_EOL(buf)))); + xfree(cp); + } /* make room to hack the address; buf must be malloced */ for (cp = buf; *cp; cp++) @@ -211,9 +213,12 @@ char *reply_hack( } #ifndef MAIN - if (outlevel >= O_DEBUG) - report_complete(stdout, GT_("...rewritten version is %.*s.\n"), - (int)BEFORE_EOL(buf), buf); + if (outlevel >= O_DEBUG) { + report_complete(stdout, GT_("...rewritten version is %s.\n"), + (cp = sdump(buf, BEFORE_EOL(buf)))); + xfree(cp) + } + #endif /* MAIN */ *length = strlen(buf); return(buf); -- cgit v1.2.3