summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--alpine/imap.c22
-rw-r--r--alpine/ldapconf.c2
-rw-r--r--alpine/mailcmd.c33
-rw-r--r--alpine/mailpart.c2
-rw-r--r--alpine/roleconf.c3
-rw-r--r--alpine/smime.c43
-rw-r--r--alpine/takeaddr.c2
-rw-r--r--imap/src/osdep/unix/dummy.c2
-rw-r--r--imap/src/osdep/unix/mmdf.c2
-rw-r--r--imap/src/osdep/unix/tcp_unix.c2
-rw-r--r--imap/src/osdep/unix/unix.c2
-rw-r--r--pico/browse.c27
-rw-r--r--pico/osdep/color.c2
-rw-r--r--pith/conf.c2
-rw-r--r--pith/filter.c2
-rw-r--r--pith/pine.hlp2
-rw-r--r--pith/reply.c9
-rw-r--r--pith/smime.c27
-rw-r--r--pith/smkeys.c7
19 files changed, 118 insertions, 75 deletions
diff --git a/alpine/imap.c b/alpine/imap.c
index 578281ad..69442242 100644
--- a/alpine/imap.c
+++ b/alpine/imap.c
@@ -3788,11 +3788,12 @@ write_passfile(pinerc, l)
}
#else /* PASSFILE */
- char tmp[10*MAILTMPLEN], blob[10*MAILTMPLEN];
+ char *tmp = NULL, passfile[MAXPATH + 1], blob[MAILTMPLEN];
int i, n;
+ size_t tmplen = 0, newlen;
FILE *fp;
#ifdef SMIME
- char *text = NULL, tmp2[10*MAILTMPLEN];
+ char *text = NULL, tmp2[MAXPATH + 1];
int len = 0;
#endif
@@ -3802,13 +3803,13 @@ write_passfile(pinerc, l)
dprint((9, "write_passfile\n"));
/* if there's no passfile to read, bag it!! */
- if(!passfile_name(pinerc, tmp, sizeof(tmp)) || !(fp = our_fopen(tmp, "wb"))){
+ if(!passfile_name(pinerc, passfile, sizeof(tmp)) || !(fp = our_fopen(passfile, "wb"))){
using_passfile = 0;
return;
}
#ifdef SMIME
- strncpy(tmp2, tmp, sizeof(tmp2));
+ strncpy(tmp2, passfile, sizeof(tmp2));
tmp2[sizeof(tmp2)-1] = '\0';
#endif /* SMIME */
@@ -3823,8 +3824,18 @@ write_passfile(pinerc, l)
else
sprintf(blob, "%d", l->altflag);
+ newlen = strlen(l->passwd) + strlen(l->user) + strlen(l->hosts->name)
+ + strlen(blob) + strlen((l->hosts->next && l->hosts->next->name) ? "\t" : "")
+ + strlen((l->hosts->next && l->hosts->next->name) ? l->hosts->next->name : "")
+ + 4 + 1;
+
+ if(tmplen < newlen){
+ fs_resize((void **)&tmp, newlen);
+ tmplen = newlen;
+ }
+
/*** do any necessary ENcryption here ***/
- snprintf(tmp, sizeof(tmp), "%s\t%s\t%s\t%s%s%s\n", l->passwd, l->user,
+ sprintf(tmp, "%s\t%s\t%s\t%s%s%s\n", l->passwd, l->user,
l->hosts->name, blob,
(l->hosts->next && l->hosts->next->name) ? "\t" : "",
(l->hosts->next && l->hosts->next->name) ? l->hosts->next->name
@@ -3844,6 +3855,7 @@ write_passfile(pinerc, l)
#endif /* SMIME */
}
+ if(tmp) fs_give((void **) &tmp);
fclose(fp);
#ifdef SMIME
if(text != NULL){
diff --git a/alpine/ldapconf.c b/alpine/ldapconf.c
index 8841f7ce..42c6e034 100644
--- a/alpine/ldapconf.c
+++ b/alpine/ldapconf.c
@@ -1805,7 +1805,7 @@ dir_edit_screen(struct pine *ps, LDAP_SERV_S *def, char *title, char **raw_serve
*/
if(rv == 1 && raw_server){
- char dir_tmp[2200], *p;
+ char dir_tmp[2200+MAXPATH], *p;
int portval = -1, timeval = -1, sizeval = -1;
apval = APVAL(&server_var, ew);
diff --git a/alpine/mailcmd.c b/alpine/mailcmd.c
index 5e1446e8..979cc33f 100644
--- a/alpine/mailcmd.c
+++ b/alpine/mailcmd.c
@@ -3866,7 +3866,7 @@ cmd_export(struct pine *state, MSGNO_S *msgmap, int qline, int aopt)
}
ok = 0;
- snprintf(dir, sizeof(dir), "%s.d", full_filename);
+ snprintf(dir, sizeof(dir), "%.*s.d", MAXPATH-2, full_filename);
dir[sizeof(dir)-1] = '\0';
do {
@@ -3887,7 +3887,7 @@ cmd_export(struct pine *state, MSGNO_S *msgmap, int qline, int aopt)
goto fini;
}
- snprintf(dir, sizeof(dir), "%s.d_%s", full_filename,
+ snprintf(dir, sizeof(dir), "%.*s.d_%s", MAXPATH- (int) strlen(long2string((long) tries))-3, full_filename,
long2string((long) tries));
dir[sizeof(dir)-1] = '\0';
break;
@@ -3960,24 +3960,33 @@ cmd_export(struct pine *state, MSGNO_S *msgmap, int qline, int aopt)
* and if so, we write a counter name in the file name, just before the
* extension of the file, and separate it with an underscore.
*/
- snprintf(filename, sizeof(filename), "%s%s%s", dir, S_FILESEP, lfile);
+ snprintf(filename, sizeof(filename), "%.*s%.*s%.*s", (int) strlen(dir), dir,
+ (int) strlen(S_FILESEP), S_FILESEP,
+ MAXPATH - (int) strlen(dir) - (int) strlen(S_FILESEP), lfile);
filename[sizeof(filename)-1] = '\0';
while((ok = can_access(filename, ACCESS_EXISTS)) == 0 && errs == 0){
- char *ext;
- snprintf(filename, sizeof(filename), "%d", counter);
- if(strlen(dir) + strlen(S_FILESEP) + strlen(lfile) + strlen(filename) + 2
- > sizeof(filename)){
+ char *ext, count[MAXPATH+1];
+ unsigned long total;
+ snprintf(count, sizeof(count), "%d", counter);
+ if((ext = strrchr(lfile, '.')) != NULL)
+ *ext = '\0';
+ total = strlen(dir) + strlen(S_FILESEP) + strlen(lfile) + strlen(count) + 3
+ + (ext ? strlen(ext+1) : 0);
+ if(total > sizeof(filename)){
dprint((2,
"FAILED Att Export: name too long: %s\n",
dir, S_FILESEP, lfile));
errs++;
continue;
}
- if((ext = strrchr(lfile, '.')) != NULL)
- *ext = '\0';
- snprintf(filename, sizeof(filename), "%s%s%s%s%d%s%s",
- dir, S_FILESEP, lfile,
- ext ? "_" : "", counter++, ext ? "." : "", ext ? ext+1 : "");
+ snprintf(filename, sizeof(filename), "%.*s%.*s%.*s%.*s%.*d%.*s%.*s",
+ (int) strlen(dir), dir, (int) strlen(S_FILESEP), S_FILESEP,
+ (int) strlen(lfile), lfile,
+ ext ? 1 : 0, ext ? "_" : "",
+ (int) strlen(count), counter++,
+ ext ? 1 : 0, ext ? "." : "",
+ ext ? (int) (sizeof(filename) - total) : 0,
+ ext ? ext+1 : "");
filename[sizeof(filename)-1] = '\0';
}
diff --git a/alpine/mailpart.c b/alpine/mailpart.c
index bd260861..e6c2bec8 100644
--- a/alpine/mailpart.c
+++ b/alpine/mailpart.c
@@ -2169,7 +2169,7 @@ display_attachment(long int msgno, ATTACH_S *a, int flags)
gf_io_t pc;
char *err;
int we_cancel = 0, rv;
- char prefix[70];
+ char prefix[70 + 1000]; /* 1000 = sizeof(sender_filename) */
char ext[32];
char mtype[128];
diff --git a/alpine/roleconf.c b/alpine/roleconf.c
index 0ee3ec83..93540e87 100644
--- a/alpine/roleconf.c
+++ b/alpine/roleconf.c
@@ -3402,8 +3402,7 @@ role_config_edit_screen(struct pine *ps, PAT_S *def, char *title, long int rflag
rolecolor_vars[1].is_used = 1;
rolecolor_vars[1].is_user = 1;
rolecolor_vars[0].name = cpystr("ic-foreground-color");
- rolecolor_vars[1].name = cpystr(rolecolor_vars[0].name);
- strncpy(rolecolor_vars[1].name + 3, "back", 4);
+ rolecolor_vars[1].name = cpystr("ic-background-color");
apval = APVAL(&rolecolor_vars[1], ew);
*apval = (def && def->action && def->action->incol &&
def->action->incol->bg[0])
diff --git a/alpine/smime.c b/alpine/smime.c
index 284f173e..e831e5ed 100644
--- a/alpine/smime.c
+++ b/alpine/smime.c
@@ -1288,24 +1288,31 @@ manage_certs_tool(struct pine *ps, int cmd, CONF_S **cl, unsigned flags)
&& can_access(pathdir, ACCESS_EXISTS) != 0
&& our_mkpath(pathdir, 0700) == 0)){
pc = ALPINE_self_signed_certificate(NULL, 0, pathdir, MASTERNAME);
- snprintf(filename, sizeof(filename), "%s/%s.key",
- pathdir, MASTERNAME);
- filename[sizeof(filename)-1] = '\0';
- rv = import_certificate(ctype, pc, filename);
- if(rv == 1){
- ps->keyemptypwd = 0;
- if(our_stat(pathdir, &sbuf) == 0){
- if(unlink(filename) < 0)
- q_status_message1(SM_ORDER, 0, 2,
- _("Could not remove private key %s.key"), MASTERNAME);
- filename[strlen(filename)-4] = '\0';
- strcat(filename, ".crt");
- if(unlink(filename) < 0)
- q_status_message1(SM_ORDER, 0, 2,
- _("Could not remove public certificate %s.crt"), MASTERNAME);
- if(rmdir(pathdir) < 0)
- q_status_message1(SM_ORDER, 0, 2,
- _("Could not remove temporary directory %s"), pathdir);
+ if(strlen(pathdir) + strlen(MASTERNAME) + 5 + 1 > sizeof(filename)){
+ q_status_message(SM_ORDER, 0, 2,
+ _("pathdir for key too long"));
+ }
+ else{
+ snprintf(filename, sizeof(filename), "%.*s/%.*s.key",
+ (int) strlen(pathdir), pathdir,
+ (int) (sizeof(filename) - strlen(MASTERNAME) - 5 - 1), MASTERNAME);
+ filename[sizeof(filename)-1] = '\0';
+ rv = import_certificate(ctype, pc, filename);
+ if(rv == 1){
+ ps->keyemptypwd = 0;
+ if(our_stat(pathdir, &sbuf) == 0){
+ if(unlink(filename) < 0)
+ q_status_message1(SM_ORDER, 0, 2,
+ _("Could not remove private key %s.key"), MASTERNAME);
+ filename[strlen(filename)-4] = '\0';
+ strcat(filename, ".crt");
+ if(unlink(filename) < 0)
+ q_status_message1(SM_ORDER, 0, 2,
+ _("Could not remove public certificate %s.crt"), MASTERNAME);
+ if(rmdir(pathdir) < 0)
+ q_status_message1(SM_ORDER, 0, 2,
+ _("Could not remove temporary directory %s"), pathdir);
+ }
}
}
}
diff --git a/alpine/takeaddr.c b/alpine/takeaddr.c
index fb8e0353..b085851d 100644
--- a/alpine/takeaddr.c
+++ b/alpine/takeaddr.c
@@ -1720,7 +1720,7 @@ update_takeaddr_screen(struct pine *ps, TA_S *current, TA_SCREEN_S *screen, Pos
*ctmp;
int longest, i, j;
char buf1[6*MAX_SCREEN_COLS + 30];
- char buf2[6*MAX_SCREEN_COLS + 30];
+ char buf2[6*MAX_SCREEN_COLS + 30 + 10];
char *p, *q;
int screen_width = ps->ttyo->screen_cols;
Pos cpos;
diff --git a/imap/src/osdep/unix/dummy.c b/imap/src/osdep/unix/dummy.c
index 4c57c094..244a13cd 100644
--- a/imap/src/osdep/unix/dummy.c
+++ b/imap/src/osdep/unix/dummy.c
@@ -274,7 +274,7 @@ void dummy_list_work (MAILSTREAM *stream,char *dir,char *pat,char *contents,
DIR *dp;
struct direct *d;
struct stat sbuf;
- char tmp[MAILTMPLEN],path[MAILTMPLEN];
+ char tmp[MAILTMPLEN],path[MAILTMPLEN + 1];
size_t len = 0;
/* punt if bogus name */
if (!mailboxdir (tmp,dir,NIL)) return;
diff --git a/imap/src/osdep/unix/mmdf.c b/imap/src/osdep/unix/mmdf.c
index 4a9e9934..5cfa197e 100644
--- a/imap/src/osdep/unix/mmdf.c
+++ b/imap/src/osdep/unix/mmdf.c
@@ -1912,7 +1912,7 @@ int mmdf_parse (MAILSTREAM *stream,DOTLOCK *lock,int op)
!compare_cstring (tmp,"X-IMAP") ||
!compare_cstring (tmp,"X-IMAPBASE")) {
char err[MAILTMPLEN];
- sprintf (err,"Discarding bogus %s header in message %lu",
+ sprintf (err,"Discarding bogus %.20s header in message %lu",
(char *) tmp,elt->msgno);
MM_LOG (err,WARN);
retain = NIL; /* don't retain continuation */
diff --git a/imap/src/osdep/unix/tcp_unix.c b/imap/src/osdep/unix/tcp_unix.c
index aaa24675..6ddac4df 100644
--- a/imap/src/osdep/unix/tcp_unix.c
+++ b/imap/src/osdep/unix/tcp_unix.c
@@ -994,7 +994,7 @@ char *tcp_name (struct sockaddr *sadr,long flag)
blocknotify_t bn = (blocknotify_t)mail_parameters(NIL,GET_BLOCKNOTIFY,NIL);
void *data;
if (tcpdebug) {
- sprintf (tmp,"Reverse DNS resolution %s",adr);
+ sprintf (tmp,"Reverse DNS resolution %.82s",adr);
mm_log (tmp,TCPDEBUG);
}
(*bn) (BLOCK_DNSLOOKUP,NIL);/* quell alarms */
diff --git a/imap/src/osdep/unix/unix.c b/imap/src/osdep/unix/unix.c
index 97626576..8fec0ee6 100644
--- a/imap/src/osdep/unix/unix.c
+++ b/imap/src/osdep/unix/unix.c
@@ -1735,7 +1735,7 @@ int unix_parse (MAILSTREAM *stream,DOTLOCK *lock,int op)
!compare_cstring (tmp,"X-IMAP") ||
!compare_cstring (tmp,"X-IMAPBASE")) {
char err[MAILTMPLEN];
- sprintf (err,"Discarding bogus %s header in message %lu",
+ sprintf (err,"Discarding bogus %.20s header in message %lu",
(char *) tmp,elt->msgno);
MM_LOG (err,WARN);
retain = NIL; /* don't retain continuation */
diff --git a/pico/browse.c b/pico/browse.c
index 595185f1..f5fb1e79 100644
--- a/pico/browse.c
+++ b/pico/browse.c
@@ -721,6 +721,7 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen,
case 'e': /* exit or edit */
case 'E':
if(gmode&MDBRONLY){ /* run "pico" */
+ char *t;
snprintf(child, sizeof(child), "%.*s%c%.*s", NLINE, gmp->dname, C_FILESEP,
NLINE, gmp->current->fname);
/* make sure selected isn't a directory or executable */
@@ -729,17 +730,22 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen,
break;
}
- if((envp = (char *) getenv("EDITOR")) != NULL)
- snprintf(tmp, sizeof(tmp), "%s \'%s\'", envp, child);
- else
- snprintf(tmp, sizeof(tmp), "pico%s%s%s \'%s\'",
+ if((envp = (char *) getenv("EDITOR")) != NULL){
+ t = fs_get(strlen(envp) + strlen(child) + 3 + 1);
+ sprintf(t, "%s \'%s\'", envp, child);
+ }
+ else{
+ t = fs_get(strlen(child) + 16 + 1);
+ sprintf(t, "pico%s%s%s \'%s\'",
(gmode & MDFKEY) ? " -f" : "",
(gmode & MDSHOCUR) ? " -g" : "",
(gmode & MDMOUSE) ? " -m" : "",
child);
+ }
- BrowserRunChild(tmp, gmp->dname); /* spawn pico */
+ BrowserRunChild(t, gmp->dname); /* spawn pico */
PaintBrowser(gmp, 0, &crow, &ccol); /* redraw browser */
+ if(t) fs_give((void **) &t);
}
else{
zotmaster(&gmp);
@@ -1585,11 +1591,14 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen,
NLINE, gmp->current->fname);
if(LikelyASCII(child)){
- snprintf(tmp, sizeof(tmp), "%s \'%s\'",
- (envp = (char *) getenv("PAGER"))
- ? envp : BROWSER_PAGER, child);
- BrowserRunChild(tmp, gmp->dname);
+ char *t;
+ envp = (char *) getenv("PAGER");
+ t = fs_get((envp ? strlen(envp) : strlen(BROWSER_PAGER))
+ + strlen(child) + 3 + 1);
+ sprintf(t, "%s \'%s\'", envp ? envp : BROWSER_PAGER, child);
+ BrowserRunChild(t, gmp->dname);
PaintBrowser(gmp, 0, &crow, &ccol);
+ if(t) fs_give((void **) &t);
}
break;
diff --git a/pico/osdep/color.c b/pico/osdep/color.c
index 312348c1..4dcb5881 100644
--- a/pico/osdep/color.c
+++ b/pico/osdep/color.c
@@ -1680,7 +1680,7 @@ color_to_asciirgb(char *colorName)
* but at least the embedded colors in filter.c will get properly
* sucked up when they're encountered.
*/
- strncpy(c_to_a_buf[whichbuf], "xxxxxxxxxxx", RGBLEN); /* RGBLEN is 11 */
+ strcpy(c_to_a_buf[whichbuf], "xxxxxxxxxxx");
l = strlen(colorName);
strncpy(c_to_a_buf[whichbuf], colorName, (l < RGBLEN) ? l : RGBLEN);
c_to_a_buf[whichbuf][RGBLEN] = '\0';
diff --git a/pith/conf.c b/pith/conf.c
index 809dfe6d..452c6db2 100644
--- a/pith/conf.c
+++ b/pith/conf.c
@@ -4885,7 +4885,7 @@ set_feature_list_current_val(struct variable *var)
*/
j = 0;
- strncpy(no_allow, "no-", 3);
+ strcpy(no_allow, "no-");
strncpy(no_allow+3, feature_list_name(F_ALLOW_CHANGING_FROM), sizeof(no_allow)-3-1);
no_allow[sizeof(no_allow)-1] = '\0';
diff --git a/pith/filter.c b/pith/filter.c
index 4607cc63..e4f72058 100644
--- a/pith/filter.c
+++ b/pith/filter.c
@@ -5794,7 +5794,7 @@ html_li(HANDLER_S *hd, int ch, int cmd)
if(PASS_HTML(hd->html_data)){
}
else{
- char buf[16], tmp[16], *p;
+ char buf[20], tmp[16], *p;
int wrapstate;
/* Start a new line */
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 08eb3077..9c8a5f90 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
reasonable place to be called from.
Dummy change to get revision in pine.hlp
============= h_revision =================
-Alpine Commit 568 2021-07-30 09:00:01
+Alpine Commit 569 2021-07-31 21:16:12
============= h_news =================
<HTML>
<HEAD>
diff --git a/pith/reply.c b/pith/reply.c
index 636afa45..92172c05 100644
--- a/pith/reply.c
+++ b/pith/reply.c
@@ -2331,10 +2331,11 @@ forward_subject(ENVELOPE *env, int flags)
removing_trailing_white_space(tmp_20k_buf);
if((l = strlen(tmp_20k_buf)) < 1000 &&
(l < 5 || strcmp(tmp_20k_buf+l-5,"(fwd)"))){
- snprintf(tmp_20k_buf+2000, SIZEOF_20KBUF-2000, "%s (fwd)", tmp_20k_buf);
- tmp_20k_buf[SIZEOF_20KBUF-2000-1] = '\0';
- memmove(tmp_20k_buf, tmp_20k_buf+2000, strlen(tmp_20k_buf+2000));
- tmp_20k_buf[strlen(tmp_20k_buf+2000)] = '\0';
+ char *s = cpystr(tmp_20k_buf);
+ snprintf(tmp_20k_buf, SIZEOF_20KBUF, "%.1000s (fwd)", s);
+ tmp_20k_buf[SIZEOF_20KBUF-1] = '\0';
+ strcpy(tmp_20k_buf, s);
+ fs_give((void **) &s);
}
/*
diff --git a/pith/smime.c b/pith/smime.c
index 0ef77e50..e6f207f9 100644
--- a/pith/smime.c
+++ b/pith/smime.c
@@ -782,15 +782,16 @@ import_certificate(WhichCerts ctype, PERSONAL_CERT *p_cert, char *fname)
text = decrypt_file((char *)tmp, NULL, pwdcert);
if(text != NULL){
if(pc == NULL){
- pc = fs_get(sizeof(PERSONAL_CERT));
- memset((void *)pc, 0, sizeof(PERSONAL_CERT));
filename[strlen(filename)-strlen(EXTCERT(Private))] = '\0';
- pc->name = cpystr(filename);
- snprintf(buf, sizeof(buf), "%s%s", filename, EXTCERT(Public));
- buf[sizeof(buf)-1] = '\0';
- pc->cname = cpystr(buf);
- pc->key = key;
- pc->cert = cert;
+ if(strlen(filename) + strlen(EXTCERT(Public)) < MAXPATH){
+ pc = fs_get(sizeof(PERSONAL_CERT));
+ memset((void *)pc, 0, sizeof(PERSONAL_CERT));
+ pc->name = cpystr(filename);
+ pc->cname = fs_get(strlen(filename) + strlen(EXTCERT(Public)) + 1);
+ sprintf(pc->cname, "%s%s", filename, EXTCERT(Public));
+ pc->key = key;
+ pc->cert = cert;
+ }
}
if(encrypt_file((char *)tmp, text, pc)){ /* we did it! */
@@ -855,7 +856,7 @@ import_certificate(WhichCerts ctype, PERSONAL_CERT *p_cert, char *fname)
if(!ps_global->smime->privatecertlist){
ps_global->smime->privatecertlist = fs_get(sizeof(CertList));
- memset((void *)DATACERT(ctype), 0, sizeof(CertList));
+ memset((void *) ps_global->smime->privatecertlist, 0, sizeof(CertList));
}
for(s = t = filename; (t = strstr(s, ".key")) != NULL; s = t + 1);
@@ -1930,9 +1931,11 @@ copy_dir_to_container(WhichCerts which, char *contents)
fpath[sizeof(fpath) - 1] = '\0';
}
else if(ret_dir){
- if(strlen(dstpath) + strlen(configcontainer) - strlen(ret_dir) + 1 < sizeof(dstpath))
- snprintf(fpath, sizeof(fpath), "%s%c%s",
- dstpath, tempfile[strlen(ret_dir)], configcontainer);
+ if(strlen(dstpath) + strlen(configcontainer) + 2 < sizeof(dstpath))
+ snprintf(fpath, sizeof(fpath), "%.*s%c%.*s",
+ (int) strlen(dstpath), dstpath,
+ tempfile[strlen(ret_dir)],
+ (int) (sizeof(fpath) - strlen(dstpath) - 1), configcontainer);
else
ret = -1;
}
diff --git a/pith/smkeys.c b/pith/smkeys.c
index 495f0a53..e4402c24 100644
--- a/pith/smkeys.c
+++ b/pith/smkeys.c
@@ -1053,8 +1053,11 @@ save_cert_for(char *email, X509 *cert, WhichCerts ctype)
}
else{
if(strlen(path) + strlen(tempfile) - strlen(ret_dir) + 1 < sizeof(path))
- snprintf(fpath, sizeof(fpath), "%s%c%s",
- path, tempfile[strlen(ret_dir)], tempfile + strlen(ret_dir) + 1);
+ snprintf(fpath, sizeof(fpath), "%.*s%c%.*s",
+ (int) strlen(path), path,
+ tempfile[strlen(ret_dir)],
+ (int) (sizeof(fpath) - strlen(fpath) - 1),
+ tempfile + strlen(ret_dir) + 1);
else
err++;
}