diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2016-08-11 21:14:43 -0600 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2016-08-11 21:14:43 -0600 |
| commit | aa5a0714e2ae3c401ac9e6901dde87ad70568d8c (patch) | |
| tree | 77499e2bf845fe982004d88fb42a71ed8a15ccd7 | |
| parent | 3d3df2b3153af567b6b17c05052ab21e9b2e9a00 (diff) | |
| download | alpine-aa5a0714e2ae3c401ac9e6901dde87ad70568d8c.tar.xz | |
* Protect all calls to mail_elt in pith/ and alpine/ code. Protect means
to check for correct range of message number before calling mail_elt.
* Work in progress: correct some uses of system calls that do not check
for returned value. This work will follow the lead given by Christian
Kujau and Asheesh Laroia. Expect more changes of this type in
subsequent commits.
| -rw-r--r-- | alpine/arg.c | 12 | ||||
| -rw-r--r-- | alpine/mailcmd.c | 6 | ||||
| -rw-r--r-- | alpine/osdep/termin.unx.c | 22 | ||||
| -rw-r--r-- | alpine/radio.c | 5 | ||||
| -rw-r--r-- | alpine/titlebar.c | 7 | ||||
| -rw-r--r-- | imap/src/c-client/auth_md5.c | 7 | ||||
| -rw-r--r-- | imap/src/c-client/newsrc.c | 7 | ||||
| -rw-r--r-- | pith/icache.c | 2 | ||||
| -rw-r--r-- | pith/mailcmd.c | 9 | ||||
| -rw-r--r-- | pith/mailindx.c | 3 | ||||
| -rw-r--r-- | pith/pine.hlp | 2 |
11 files changed, 54 insertions, 28 deletions
diff --git a/alpine/arg.c b/alpine/arg.c index fd987f7c..47ae0740 100644 --- a/alpine/arg.c +++ b/alpine/arg.c @@ -690,8 +690,10 @@ Loop: while(--ac > 0) path[sizeof(path)-1] = '\0'; } else{ - getcwd(dir, sizeof(path)); - build_path(path, dir, str, sizeof(path)); + if(getcwd(dir, sizeof(path)) != NULL) + build_path(path, dir, str, sizeof(path)); + else + alpine_panic(_("getcwd() call failed while parsing argument (1)")); } /* @@ -734,8 +736,10 @@ Loop: while(--ac > 0) path[sizeof(path)-1] = '\0'; } else{ - getcwd(dir, sizeof(path)); - build_path(path, dir, str, sizeof(path)); + if(getcwd(dir, sizeof(path)) != NULL) + build_path(path, dir, str, sizeof(path)); + else + alpine_panic(_("getcwd() call failed while parsing argument (2)")); } if(pine_state->pconf) diff --git a/alpine/mailcmd.c b/alpine/mailcmd.c index 51034f7d..b8b0eaa4 100644 --- a/alpine/mailcmd.c +++ b/alpine/mailcmd.c @@ -4583,8 +4583,10 @@ get_export_filename(struct pine *ps, char *filename, char *deefault, else{ strncpy(filename2, tmp, sizeof(filename2)-1); filename2[sizeof(filename2)-1] = '\0'; - if(!dir[0]) - (void)getcwd(dir2, sizeof(dir2)); + if(!dir[0]){ + if(getcwd(dir2, sizeof(dir2)) == NULL) + alpine_panic(_("getcwd() call failed at get_export_filename")); + } else if(dir[0] == '~' && !dir[1]){ strncpy(dir2, ps->home_dir, sizeof(dir2)-1); dir2[sizeof(dir2)-1] = '\0'; diff --git a/alpine/osdep/termin.unx.c b/alpine/osdep/termin.unx.c index 35fde428..0cb9aad1 100644 --- a/alpine/osdep/termin.unx.c +++ b/alpine/osdep/termin.unx.c @@ -732,8 +732,10 @@ pre_screen_config_opt_enter(char *string, int string_size, char *prompt, return_v = 0; } else{ - fputs("Password too long\n", stderr); - return_v = -1; + if(fputs("Password too long\n", stderr) != EOF) + return_v = -1; + else + alpine_panic(_("error on fputs() call!")); } } else @@ -742,13 +744,15 @@ pre_screen_config_opt_enter(char *string, int string_size, char *prompt, else{ char *p; - fputs(prompt, stdout); - fgets(string, string_size, stdin); - string[string_size-1] = '\0'; - if((p = strpbrk(string, "\r\n")) != NULL) - *p = '\0'; - - return_v = 0; + if(fputs(prompt, stdout) != EOF + && fgets(string, string_size, stdin) != NULL){ + string[string_size-1] = '\0'; + if((p = strpbrk(string, "\r\n")) != NULL) + *p = '\0'; + return_v = 0; + } + else + alpine_panic(_("error on fputs() or fgets() call!")); } } diff --git a/alpine/radio.c b/alpine/radio.c index bd081b0f..2cda5814 100644 --- a/alpine/radio.c +++ b/alpine/radio.c @@ -73,8 +73,9 @@ pre_screen_config_want_to(char *question, int dflt, int on_ctrl_C) } #endif while(!ret){ - fprintf(stdout, "%s? [%c]:", question, dflt); - fgets(rep, WANT_TO_BUF, stdin); + if(fprintf(stdout, "%s? [%c]:", question, dflt) < 0 + || fgets(rep, WANT_TO_BUF, stdin) == NULL) + alpine_panic(_("error on fprintf() or fgets()")); if((p = strpbrk(rep, "\r\n")) != NULL) *p = '\0'; switch(*rep){ diff --git a/alpine/titlebar.c b/alpine/titlebar.c index 7b30827c..53fc7443 100644 --- a/alpine/titlebar.c +++ b/alpine/titlebar.c @@ -287,7 +287,12 @@ set_titlebar(char *title, MAILSTREAM *stream, CONTEXT_S *cntxt, char *folder, && rawno <= as.stream->nmsgs && !((mc = mail_elt(as.stream, rawno)) && mc->valid)){ pine_mail_fetch_flags(as.stream, long2string(rawno), NIL); - mc = mail_elt(as.stream, rawno); + if(rawno <= as.stream->nmsgs && as.stream && rawno > 0L) + mc = mail_elt(as.stream, rawno); + else + mc = NULL; + if(mc && !mc->valid) + mc = NULL; } } diff --git a/imap/src/c-client/auth_md5.c b/imap/src/c-client/auth_md5.c index 9c81d308..8c989769 100644 --- a/imap/src/c-client/auth_md5.c +++ b/imap/src/c-client/auth_md5.c @@ -1,3 +1,7 @@ +/* + * Copyright 2016 - Eduardo Chappa + * Last Modified: August 11, 2016 + */ /* ======================================================================== * Copyright 2008-2011 Mark Crispin * ======================================================================== @@ -191,7 +195,8 @@ char *auth_md5_pwd (char *user) char *ret = NIL; if (fd >= 0) { /* found the file? */ fstat (fd,&sbuf); /* yes, slurp it into memory */ - read (fd,buf = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size); + if(read (fd,buf = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size) < 0) + fatal("error on read() call in auth_md5_pwd"); /* see if any uppercase characters in user */ for (s = user; *s && ((*s < 'A') || (*s > 'Z')); s++); /* yes, make lowercase copy */ diff --git a/imap/src/c-client/newsrc.c b/imap/src/c-client/newsrc.c index 8036b1ac..0f15264d 100644 --- a/imap/src/c-client/newsrc.c +++ b/imap/src/c-client/newsrc.c @@ -1,6 +1,6 @@ /* * Copyright 2016 - Eduardo Chappa - * Last Modified: June 15, 2016 + * Last Modified: August 11, 2016 */ /* ======================================================================== * Copyright 1988-2006 University of Washington @@ -471,8 +471,9 @@ char *newsrc_state (MAILSTREAM *stream,char *group) c = getc (f); /* now copy it */ s = (char *) fs_get (size + 1); - fseek (f,pos,SEEK_SET); - fread (s,(size_t) 1,size,f); + if(fseek (f,pos,SEEK_SET) < 0 + || fread (s,(size_t) 1,size,f) != size) + fatal("error on fseek() or fread() in newsrc module."); s[size] = '\0'; /* tie off string */ fclose (f); /* all done - close the file */ return s; diff --git a/pith/icache.c b/pith/icache.c index d69c6134..eeb0ff35 100644 --- a/pith/icache.c +++ b/pith/icache.c @@ -45,7 +45,7 @@ clear_index_cache_ent(MAILSTREAM *stream, long int msgno, unsigned int flags) MESSAGECACHE *mc; if(stream){ - if(flags && IC_USE_RAW_MSGNO) + if(flags & IC_USE_RAW_MSGNO) rawno = msgno; else rawno = mn_m2raw(sp_msgmap(stream), msgno); diff --git a/pith/mailcmd.c b/pith/mailcmd.c index 903d43c8..69a491e7 100644 --- a/pith/mailcmd.c +++ b/pith/mailcmd.c @@ -2595,15 +2595,18 @@ search_for_our_regex_addresses(MAILSTREAM *stream, char type, int not, } if(addr1 && address_is_us(addr1, ps_global)){ - if((mc=mail_elt(stream, rawno)) != NULL) + if(rawno > 0L && rawno <= stream->nmsgs + && (mc=mail_elt(stream, rawno)) != NULL) mm_searched(stream, rawno); } else if(addr2 && address_is_us(addr2, ps_global)){ - if((mc=mail_elt(stream, rawno)) != NULL) + if(rawno > 0L && rawno <= stream->nmsgs + && (mc=mail_elt(stream, rawno)) != NULL) mm_searched(stream, rawno); } else if(addr3 && address_is_us(addr3, ps_global)){ - if((mc=mail_elt(stream, rawno)) != NULL) + if(rawno > 0L && rawno <= stream->nmsgs + && (mc=mail_elt(stream, rawno)) != NULL) mm_searched(stream, rawno); } } diff --git a/pith/mailindx.c b/pith/mailindx.c index 0a6eaaf1..323e451d 100644 --- a/pith/mailindx.c +++ b/pith/mailindx.c @@ -2066,7 +2066,8 @@ format_index_index_line(INDEXDATA_S *idata) cdesc->ctype); } else{ - if((mc=mail_elt(idata->stream,idata->rawno)) && mc->flagged) + if(idata->rawno > 0L && idata->rawno <= idata->stream->nmsgs + && (mc=mail_elt(idata->stream,idata->rawno)) && mc->flagged) to_us = '*'; /* simple */ else if(!IS_NEWS(idata->stream)){ for(addr = fetch_to(idata); addr; addr = addr->next) diff --git a/pith/pine.hlp b/pith/pine.hlp index dd3339b3..14b5fa71 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 159 2016-08-09 07:49:22 +Alpine Commit 160 2016-08-11 21:14:39 ============= h_news ================= <HTML> <HEAD> |