diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2016-08-11 21:14:43 -0600 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2016-08-11 21:14:43 -0600 |
| commit | aa5a0714e2ae3c401ac9e6901dde87ad70568d8c (patch) | |
| tree | 77499e2bf845fe982004d88fb42a71ed8a15ccd7 /pith | |
| parent | 3d3df2b3153af567b6b17c05052ab21e9b2e9a00 (diff) | |
| download | alpine-aa5a0714e2ae3c401ac9e6901dde87ad70568d8c.tar.xz | |
* Protect all calls to mail_elt in pith/ and alpine/ code. Protect means
to check for correct range of message number before calling mail_elt.
* Work in progress: correct some uses of system calls that do not check
for returned value. This work will follow the lead given by Christian
Kujau and Asheesh Laroia. Expect more changes of this type in
subsequent commits.
Diffstat (limited to 'pith')
| -rw-r--r-- | pith/icache.c | 2 | ||||
| -rw-r--r-- | pith/mailcmd.c | 9 | ||||
| -rw-r--r-- | pith/mailindx.c | 3 | ||||
| -rw-r--r-- | pith/pine.hlp | 2 |
4 files changed, 10 insertions, 6 deletions
diff --git a/pith/icache.c b/pith/icache.c index d69c6134..eeb0ff35 100644 --- a/pith/icache.c +++ b/pith/icache.c @@ -45,7 +45,7 @@ clear_index_cache_ent(MAILSTREAM *stream, long int msgno, unsigned int flags) MESSAGECACHE *mc; if(stream){ - if(flags && IC_USE_RAW_MSGNO) + if(flags & IC_USE_RAW_MSGNO) rawno = msgno; else rawno = mn_m2raw(sp_msgmap(stream), msgno); diff --git a/pith/mailcmd.c b/pith/mailcmd.c index 903d43c8..69a491e7 100644 --- a/pith/mailcmd.c +++ b/pith/mailcmd.c @@ -2595,15 +2595,18 @@ search_for_our_regex_addresses(MAILSTREAM *stream, char type, int not, } if(addr1 && address_is_us(addr1, ps_global)){ - if((mc=mail_elt(stream, rawno)) != NULL) + if(rawno > 0L && rawno <= stream->nmsgs + && (mc=mail_elt(stream, rawno)) != NULL) mm_searched(stream, rawno); } else if(addr2 && address_is_us(addr2, ps_global)){ - if((mc=mail_elt(stream, rawno)) != NULL) + if(rawno > 0L && rawno <= stream->nmsgs + && (mc=mail_elt(stream, rawno)) != NULL) mm_searched(stream, rawno); } else if(addr3 && address_is_us(addr3, ps_global)){ - if((mc=mail_elt(stream, rawno)) != NULL) + if(rawno > 0L && rawno <= stream->nmsgs + && (mc=mail_elt(stream, rawno)) != NULL) mm_searched(stream, rawno); } } diff --git a/pith/mailindx.c b/pith/mailindx.c index 0a6eaaf1..323e451d 100644 --- a/pith/mailindx.c +++ b/pith/mailindx.c @@ -2066,7 +2066,8 @@ format_index_index_line(INDEXDATA_S *idata) cdesc->ctype); } else{ - if((mc=mail_elt(idata->stream,idata->rawno)) && mc->flagged) + if(idata->rawno > 0L && idata->rawno <= idata->stream->nmsgs + && (mc=mail_elt(idata->stream,idata->rawno)) && mc->flagged) to_us = '*'; /* simple */ else if(!IS_NEWS(idata->stream)){ for(addr = fetch_to(idata); addr; addr = addr->next) diff --git a/pith/pine.hlp b/pith/pine.hlp index dd3339b3..14b5fa71 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 159 2016-08-09 07:49:22 +Alpine Commit 160 2016-08-11 21:14:39 ============= h_news ================= <HTML> <HEAD> |