diff options
-rw-r--r-- | alpine/imap.c | 22 | ||||
-rw-r--r-- | alpine/ldapconf.c | 2 | ||||
-rw-r--r-- | alpine/mailcmd.c | 33 | ||||
-rw-r--r-- | alpine/mailpart.c | 2 | ||||
-rw-r--r-- | alpine/roleconf.c | 3 | ||||
-rw-r--r-- | alpine/smime.c | 43 | ||||
-rw-r--r-- | alpine/takeaddr.c | 2 | ||||
-rw-r--r-- | imap/src/osdep/unix/dummy.c | 2 | ||||
-rw-r--r-- | imap/src/osdep/unix/mmdf.c | 2 | ||||
-rw-r--r-- | imap/src/osdep/unix/tcp_unix.c | 2 | ||||
-rw-r--r-- | imap/src/osdep/unix/unix.c | 2 | ||||
-rw-r--r-- | pico/browse.c | 27 | ||||
-rw-r--r-- | pico/osdep/color.c | 2 | ||||
-rw-r--r-- | pith/conf.c | 2 | ||||
-rw-r--r-- | pith/filter.c | 2 | ||||
-rw-r--r-- | pith/pine.hlp | 2 | ||||
-rw-r--r-- | pith/reply.c | 9 | ||||
-rw-r--r-- | pith/smime.c | 27 | ||||
-rw-r--r-- | pith/smkeys.c | 7 |
19 files changed, 118 insertions, 75 deletions
diff --git a/alpine/imap.c b/alpine/imap.c index 578281ad..69442242 100644 --- a/alpine/imap.c +++ b/alpine/imap.c @@ -3788,11 +3788,12 @@ write_passfile(pinerc, l) } #else /* PASSFILE */ - char tmp[10*MAILTMPLEN], blob[10*MAILTMPLEN]; + char *tmp = NULL, passfile[MAXPATH + 1], blob[MAILTMPLEN]; int i, n; + size_t tmplen = 0, newlen; FILE *fp; #ifdef SMIME - char *text = NULL, tmp2[10*MAILTMPLEN]; + char *text = NULL, tmp2[MAXPATH + 1]; int len = 0; #endif @@ -3802,13 +3803,13 @@ write_passfile(pinerc, l) dprint((9, "write_passfile\n")); /* if there's no passfile to read, bag it!! */ - if(!passfile_name(pinerc, tmp, sizeof(tmp)) || !(fp = our_fopen(tmp, "wb"))){ + if(!passfile_name(pinerc, passfile, sizeof(tmp)) || !(fp = our_fopen(passfile, "wb"))){ using_passfile = 0; return; } #ifdef SMIME - strncpy(tmp2, tmp, sizeof(tmp2)); + strncpy(tmp2, passfile, sizeof(tmp2)); tmp2[sizeof(tmp2)-1] = '\0'; #endif /* SMIME */ @@ -3823,8 +3824,18 @@ write_passfile(pinerc, l) else sprintf(blob, "%d", l->altflag); + newlen = strlen(l->passwd) + strlen(l->user) + strlen(l->hosts->name) + + strlen(blob) + strlen((l->hosts->next && l->hosts->next->name) ? "\t" : "") + + strlen((l->hosts->next && l->hosts->next->name) ? l->hosts->next->name : "") + + 4 + 1; + + if(tmplen < newlen){ + fs_resize((void **)&tmp, newlen); + tmplen = newlen; + } + /*** do any necessary ENcryption here ***/ - snprintf(tmp, sizeof(tmp), "%s\t%s\t%s\t%s%s%s\n", l->passwd, l->user, + sprintf(tmp, "%s\t%s\t%s\t%s%s%s\n", l->passwd, l->user, l->hosts->name, blob, (l->hosts->next && l->hosts->next->name) ? "\t" : "", (l->hosts->next && l->hosts->next->name) ? l->hosts->next->name @@ -3844,6 +3855,7 @@ write_passfile(pinerc, l) #endif /* SMIME */ } + if(tmp) fs_give((void **) &tmp); fclose(fp); #ifdef SMIME if(text != NULL){ diff --git a/alpine/ldapconf.c b/alpine/ldapconf.c index 8841f7ce..42c6e034 100644 --- a/alpine/ldapconf.c +++ b/alpine/ldapconf.c @@ -1805,7 +1805,7 @@ dir_edit_screen(struct pine *ps, LDAP_SERV_S *def, char *title, char **raw_serve */ if(rv == 1 && raw_server){ - char dir_tmp[2200], *p; + char dir_tmp[2200+MAXPATH], *p; int portval = -1, timeval = -1, sizeval = -1; apval = APVAL(&server_var, ew); diff --git a/alpine/mailcmd.c b/alpine/mailcmd.c index 5e1446e8..979cc33f 100644 --- a/alpine/mailcmd.c +++ b/alpine/mailcmd.c @@ -3866,7 +3866,7 @@ cmd_export(struct pine *state, MSGNO_S *msgmap, int qline, int aopt) } ok = 0; - snprintf(dir, sizeof(dir), "%s.d", full_filename); + snprintf(dir, sizeof(dir), "%.*s.d", MAXPATH-2, full_filename); dir[sizeof(dir)-1] = '\0'; do { @@ -3887,7 +3887,7 @@ cmd_export(struct pine *state, MSGNO_S *msgmap, int qline, int aopt) goto fini; } - snprintf(dir, sizeof(dir), "%s.d_%s", full_filename, + snprintf(dir, sizeof(dir), "%.*s.d_%s", MAXPATH- (int) strlen(long2string((long) tries))-3, full_filename, long2string((long) tries)); dir[sizeof(dir)-1] = '\0'; break; @@ -3960,24 +3960,33 @@ cmd_export(struct pine *state, MSGNO_S *msgmap, int qline, int aopt) * and if so, we write a counter name in the file name, just before the * extension of the file, and separate it with an underscore. */ - snprintf(filename, sizeof(filename), "%s%s%s", dir, S_FILESEP, lfile); + snprintf(filename, sizeof(filename), "%.*s%.*s%.*s", (int) strlen(dir), dir, + (int) strlen(S_FILESEP), S_FILESEP, + MAXPATH - (int) strlen(dir) - (int) strlen(S_FILESEP), lfile); filename[sizeof(filename)-1] = '\0'; while((ok = can_access(filename, ACCESS_EXISTS)) == 0 && errs == 0){ - char *ext; - snprintf(filename, sizeof(filename), "%d", counter); - if(strlen(dir) + strlen(S_FILESEP) + strlen(lfile) + strlen(filename) + 2 - > sizeof(filename)){ + char *ext, count[MAXPATH+1]; + unsigned long total; + snprintf(count, sizeof(count), "%d", counter); + if((ext = strrchr(lfile, '.')) != NULL) + *ext = '\0'; + total = strlen(dir) + strlen(S_FILESEP) + strlen(lfile) + strlen(count) + 3 + + (ext ? strlen(ext+1) : 0); + if(total > sizeof(filename)){ dprint((2, "FAILED Att Export: name too long: %s\n", dir, S_FILESEP, lfile)); errs++; continue; } - if((ext = strrchr(lfile, '.')) != NULL) - *ext = '\0'; - snprintf(filename, sizeof(filename), "%s%s%s%s%d%s%s", - dir, S_FILESEP, lfile, - ext ? "_" : "", counter++, ext ? "." : "", ext ? ext+1 : ""); + snprintf(filename, sizeof(filename), "%.*s%.*s%.*s%.*s%.*d%.*s%.*s", + (int) strlen(dir), dir, (int) strlen(S_FILESEP), S_FILESEP, + (int) strlen(lfile), lfile, + ext ? 1 : 0, ext ? "_" : "", + (int) strlen(count), counter++, + ext ? 1 : 0, ext ? "." : "", + ext ? (int) (sizeof(filename) - total) : 0, + ext ? ext+1 : ""); filename[sizeof(filename)-1] = '\0'; } diff --git a/alpine/mailpart.c b/alpine/mailpart.c index bd260861..e6c2bec8 100644 --- a/alpine/mailpart.c +++ b/alpine/mailpart.c @@ -2169,7 +2169,7 @@ display_attachment(long int msgno, ATTACH_S *a, int flags) gf_io_t pc; char *err; int we_cancel = 0, rv; - char prefix[70]; + char prefix[70 + 1000]; /* 1000 = sizeof(sender_filename) */ char ext[32]; char mtype[128]; diff --git a/alpine/roleconf.c b/alpine/roleconf.c index 0ee3ec83..93540e87 100644 --- a/alpine/roleconf.c +++ b/alpine/roleconf.c @@ -3402,8 +3402,7 @@ role_config_edit_screen(struct pine *ps, PAT_S *def, char *title, long int rflag rolecolor_vars[1].is_used = 1; rolecolor_vars[1].is_user = 1; rolecolor_vars[0].name = cpystr("ic-foreground-color"); - rolecolor_vars[1].name = cpystr(rolecolor_vars[0].name); - strncpy(rolecolor_vars[1].name + 3, "back", 4); + rolecolor_vars[1].name = cpystr("ic-background-color"); apval = APVAL(&rolecolor_vars[1], ew); *apval = (def && def->action && def->action->incol && def->action->incol->bg[0]) diff --git a/alpine/smime.c b/alpine/smime.c index 284f173e..e831e5ed 100644 --- a/alpine/smime.c +++ b/alpine/smime.c @@ -1288,24 +1288,31 @@ manage_certs_tool(struct pine *ps, int cmd, CONF_S **cl, unsigned flags) && can_access(pathdir, ACCESS_EXISTS) != 0 && our_mkpath(pathdir, 0700) == 0)){ pc = ALPINE_self_signed_certificate(NULL, 0, pathdir, MASTERNAME); - snprintf(filename, sizeof(filename), "%s/%s.key", - pathdir, MASTERNAME); - filename[sizeof(filename)-1] = '\0'; - rv = import_certificate(ctype, pc, filename); - if(rv == 1){ - ps->keyemptypwd = 0; - if(our_stat(pathdir, &sbuf) == 0){ - if(unlink(filename) < 0) - q_status_message1(SM_ORDER, 0, 2, - _("Could not remove private key %s.key"), MASTERNAME); - filename[strlen(filename)-4] = '\0'; - strcat(filename, ".crt"); - if(unlink(filename) < 0) - q_status_message1(SM_ORDER, 0, 2, - _("Could not remove public certificate %s.crt"), MASTERNAME); - if(rmdir(pathdir) < 0) - q_status_message1(SM_ORDER, 0, 2, - _("Could not remove temporary directory %s"), pathdir); + if(strlen(pathdir) + strlen(MASTERNAME) + 5 + 1 > sizeof(filename)){ + q_status_message(SM_ORDER, 0, 2, + _("pathdir for key too long")); + } + else{ + snprintf(filename, sizeof(filename), "%.*s/%.*s.key", + (int) strlen(pathdir), pathdir, + (int) (sizeof(filename) - strlen(MASTERNAME) - 5 - 1), MASTERNAME); + filename[sizeof(filename)-1] = '\0'; + rv = import_certificate(ctype, pc, filename); + if(rv == 1){ + ps->keyemptypwd = 0; + if(our_stat(pathdir, &sbuf) == 0){ + if(unlink(filename) < 0) + q_status_message1(SM_ORDER, 0, 2, + _("Could not remove private key %s.key"), MASTERNAME); + filename[strlen(filename)-4] = '\0'; + strcat(filename, ".crt"); + if(unlink(filename) < 0) + q_status_message1(SM_ORDER, 0, 2, + _("Could not remove public certificate %s.crt"), MASTERNAME); + if(rmdir(pathdir) < 0) + q_status_message1(SM_ORDER, 0, 2, + _("Could not remove temporary directory %s"), pathdir); + } } } } diff --git a/alpine/takeaddr.c b/alpine/takeaddr.c index fb8e0353..b085851d 100644 --- a/alpine/takeaddr.c +++ b/alpine/takeaddr.c @@ -1720,7 +1720,7 @@ update_takeaddr_screen(struct pine *ps, TA_S *current, TA_SCREEN_S *screen, Pos *ctmp; int longest, i, j; char buf1[6*MAX_SCREEN_COLS + 30]; - char buf2[6*MAX_SCREEN_COLS + 30]; + char buf2[6*MAX_SCREEN_COLS + 30 + 10]; char *p, *q; int screen_width = ps->ttyo->screen_cols; Pos cpos; diff --git a/imap/src/osdep/unix/dummy.c b/imap/src/osdep/unix/dummy.c index 4c57c094..244a13cd 100644 --- a/imap/src/osdep/unix/dummy.c +++ b/imap/src/osdep/unix/dummy.c @@ -274,7 +274,7 @@ void dummy_list_work (MAILSTREAM *stream,char *dir,char *pat,char *contents, DIR *dp; struct direct *d; struct stat sbuf; - char tmp[MAILTMPLEN],path[MAILTMPLEN]; + char tmp[MAILTMPLEN],path[MAILTMPLEN + 1]; size_t len = 0; /* punt if bogus name */ if (!mailboxdir (tmp,dir,NIL)) return; diff --git a/imap/src/osdep/unix/mmdf.c b/imap/src/osdep/unix/mmdf.c index 4a9e9934..5cfa197e 100644 --- a/imap/src/osdep/unix/mmdf.c +++ b/imap/src/osdep/unix/mmdf.c @@ -1912,7 +1912,7 @@ int mmdf_parse (MAILSTREAM *stream,DOTLOCK *lock,int op) !compare_cstring (tmp,"X-IMAP") || !compare_cstring (tmp,"X-IMAPBASE")) { char err[MAILTMPLEN]; - sprintf (err,"Discarding bogus %s header in message %lu", + sprintf (err,"Discarding bogus %.20s header in message %lu", (char *) tmp,elt->msgno); MM_LOG (err,WARN); retain = NIL; /* don't retain continuation */ diff --git a/imap/src/osdep/unix/tcp_unix.c b/imap/src/osdep/unix/tcp_unix.c index aaa24675..6ddac4df 100644 --- a/imap/src/osdep/unix/tcp_unix.c +++ b/imap/src/osdep/unix/tcp_unix.c @@ -994,7 +994,7 @@ char *tcp_name (struct sockaddr *sadr,long flag) blocknotify_t bn = (blocknotify_t)mail_parameters(NIL,GET_BLOCKNOTIFY,NIL); void *data; if (tcpdebug) { - sprintf (tmp,"Reverse DNS resolution %s",adr); + sprintf (tmp,"Reverse DNS resolution %.82s",adr); mm_log (tmp,TCPDEBUG); } (*bn) (BLOCK_DNSLOOKUP,NIL);/* quell alarms */ diff --git a/imap/src/osdep/unix/unix.c b/imap/src/osdep/unix/unix.c index 97626576..8fec0ee6 100644 --- a/imap/src/osdep/unix/unix.c +++ b/imap/src/osdep/unix/unix.c @@ -1735,7 +1735,7 @@ int unix_parse (MAILSTREAM *stream,DOTLOCK *lock,int op) !compare_cstring (tmp,"X-IMAP") || !compare_cstring (tmp,"X-IMAPBASE")) { char err[MAILTMPLEN]; - sprintf (err,"Discarding bogus %s header in message %lu", + sprintf (err,"Discarding bogus %.20s header in message %lu", (char *) tmp,elt->msgno); MM_LOG (err,WARN); retain = NIL; /* don't retain continuation */ diff --git a/pico/browse.c b/pico/browse.c index 595185f1..f5fb1e79 100644 --- a/pico/browse.c +++ b/pico/browse.c @@ -721,6 +721,7 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen, case 'e': /* exit or edit */ case 'E': if(gmode&MDBRONLY){ /* run "pico" */ + char *t; snprintf(child, sizeof(child), "%.*s%c%.*s", NLINE, gmp->dname, C_FILESEP, NLINE, gmp->current->fname); /* make sure selected isn't a directory or executable */ @@ -729,17 +730,22 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen, break; } - if((envp = (char *) getenv("EDITOR")) != NULL) - snprintf(tmp, sizeof(tmp), "%s \'%s\'", envp, child); - else - snprintf(tmp, sizeof(tmp), "pico%s%s%s \'%s\'", + if((envp = (char *) getenv("EDITOR")) != NULL){ + t = fs_get(strlen(envp) + strlen(child) + 3 + 1); + sprintf(t, "%s \'%s\'", envp, child); + } + else{ + t = fs_get(strlen(child) + 16 + 1); + sprintf(t, "pico%s%s%s \'%s\'", (gmode & MDFKEY) ? " -f" : "", (gmode & MDSHOCUR) ? " -g" : "", (gmode & MDMOUSE) ? " -m" : "", child); + } - BrowserRunChild(tmp, gmp->dname); /* spawn pico */ + BrowserRunChild(t, gmp->dname); /* spawn pico */ PaintBrowser(gmp, 0, &crow, &ccol); /* redraw browser */ + if(t) fs_give((void **) &t); } else{ zotmaster(&gmp); @@ -1585,11 +1591,14 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen, NLINE, gmp->current->fname); if(LikelyASCII(child)){ - snprintf(tmp, sizeof(tmp), "%s \'%s\'", - (envp = (char *) getenv("PAGER")) - ? envp : BROWSER_PAGER, child); - BrowserRunChild(tmp, gmp->dname); + char *t; + envp = (char *) getenv("PAGER"); + t = fs_get((envp ? strlen(envp) : strlen(BROWSER_PAGER)) + + strlen(child) + 3 + 1); + sprintf(t, "%s \'%s\'", envp ? envp : BROWSER_PAGER, child); + BrowserRunChild(t, gmp->dname); PaintBrowser(gmp, 0, &crow, &ccol); + if(t) fs_give((void **) &t); } break; diff --git a/pico/osdep/color.c b/pico/osdep/color.c index 312348c1..4dcb5881 100644 --- a/pico/osdep/color.c +++ b/pico/osdep/color.c @@ -1680,7 +1680,7 @@ color_to_asciirgb(char *colorName) * but at least the embedded colors in filter.c will get properly * sucked up when they're encountered. */ - strncpy(c_to_a_buf[whichbuf], "xxxxxxxxxxx", RGBLEN); /* RGBLEN is 11 */ + strcpy(c_to_a_buf[whichbuf], "xxxxxxxxxxx"); l = strlen(colorName); strncpy(c_to_a_buf[whichbuf], colorName, (l < RGBLEN) ? l : RGBLEN); c_to_a_buf[whichbuf][RGBLEN] = '\0'; diff --git a/pith/conf.c b/pith/conf.c index 809dfe6d..452c6db2 100644 --- a/pith/conf.c +++ b/pith/conf.c @@ -4885,7 +4885,7 @@ set_feature_list_current_val(struct variable *var) */ j = 0; - strncpy(no_allow, "no-", 3); + strcpy(no_allow, "no-"); strncpy(no_allow+3, feature_list_name(F_ALLOW_CHANGING_FROM), sizeof(no_allow)-3-1); no_allow[sizeof(no_allow)-1] = '\0'; diff --git a/pith/filter.c b/pith/filter.c index 4607cc63..e4f72058 100644 --- a/pith/filter.c +++ b/pith/filter.c @@ -5794,7 +5794,7 @@ html_li(HANDLER_S *hd, int ch, int cmd) if(PASS_HTML(hd->html_data)){ } else{ - char buf[16], tmp[16], *p; + char buf[20], tmp[16], *p; int wrapstate; /* Start a new line */ diff --git a/pith/pine.hlp b/pith/pine.hlp index 08eb3077..9c8a5f90 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 568 2021-07-30 09:00:01 +Alpine Commit 569 2021-07-31 21:16:12 ============= h_news ================= <HTML> <HEAD> diff --git a/pith/reply.c b/pith/reply.c index 636afa45..92172c05 100644 --- a/pith/reply.c +++ b/pith/reply.c @@ -2331,10 +2331,11 @@ forward_subject(ENVELOPE *env, int flags) removing_trailing_white_space(tmp_20k_buf); if((l = strlen(tmp_20k_buf)) < 1000 && (l < 5 || strcmp(tmp_20k_buf+l-5,"(fwd)"))){ - snprintf(tmp_20k_buf+2000, SIZEOF_20KBUF-2000, "%s (fwd)", tmp_20k_buf); - tmp_20k_buf[SIZEOF_20KBUF-2000-1] = '\0'; - memmove(tmp_20k_buf, tmp_20k_buf+2000, strlen(tmp_20k_buf+2000)); - tmp_20k_buf[strlen(tmp_20k_buf+2000)] = '\0'; + char *s = cpystr(tmp_20k_buf); + snprintf(tmp_20k_buf, SIZEOF_20KBUF, "%.1000s (fwd)", s); + tmp_20k_buf[SIZEOF_20KBUF-1] = '\0'; + strcpy(tmp_20k_buf, s); + fs_give((void **) &s); } /* diff --git a/pith/smime.c b/pith/smime.c index 0ef77e50..e6f207f9 100644 --- a/pith/smime.c +++ b/pith/smime.c @@ -782,15 +782,16 @@ import_certificate(WhichCerts ctype, PERSONAL_CERT *p_cert, char *fname) text = decrypt_file((char *)tmp, NULL, pwdcert); if(text != NULL){ if(pc == NULL){ - pc = fs_get(sizeof(PERSONAL_CERT)); - memset((void *)pc, 0, sizeof(PERSONAL_CERT)); filename[strlen(filename)-strlen(EXTCERT(Private))] = '\0'; - pc->name = cpystr(filename); - snprintf(buf, sizeof(buf), "%s%s", filename, EXTCERT(Public)); - buf[sizeof(buf)-1] = '\0'; - pc->cname = cpystr(buf); - pc->key = key; - pc->cert = cert; + if(strlen(filename) + strlen(EXTCERT(Public)) < MAXPATH){ + pc = fs_get(sizeof(PERSONAL_CERT)); + memset((void *)pc, 0, sizeof(PERSONAL_CERT)); + pc->name = cpystr(filename); + pc->cname = fs_get(strlen(filename) + strlen(EXTCERT(Public)) + 1); + sprintf(pc->cname, "%s%s", filename, EXTCERT(Public)); + pc->key = key; + pc->cert = cert; + } } if(encrypt_file((char *)tmp, text, pc)){ /* we did it! */ @@ -855,7 +856,7 @@ import_certificate(WhichCerts ctype, PERSONAL_CERT *p_cert, char *fname) if(!ps_global->smime->privatecertlist){ ps_global->smime->privatecertlist = fs_get(sizeof(CertList)); - memset((void *)DATACERT(ctype), 0, sizeof(CertList)); + memset((void *) ps_global->smime->privatecertlist, 0, sizeof(CertList)); } for(s = t = filename; (t = strstr(s, ".key")) != NULL; s = t + 1); @@ -1930,9 +1931,11 @@ copy_dir_to_container(WhichCerts which, char *contents) fpath[sizeof(fpath) - 1] = '\0'; } else if(ret_dir){ - if(strlen(dstpath) + strlen(configcontainer) - strlen(ret_dir) + 1 < sizeof(dstpath)) - snprintf(fpath, sizeof(fpath), "%s%c%s", - dstpath, tempfile[strlen(ret_dir)], configcontainer); + if(strlen(dstpath) + strlen(configcontainer) + 2 < sizeof(dstpath)) + snprintf(fpath, sizeof(fpath), "%.*s%c%.*s", + (int) strlen(dstpath), dstpath, + tempfile[strlen(ret_dir)], + (int) (sizeof(fpath) - strlen(dstpath) - 1), configcontainer); else ret = -1; } diff --git a/pith/smkeys.c b/pith/smkeys.c index 495f0a53..e4402c24 100644 --- a/pith/smkeys.c +++ b/pith/smkeys.c @@ -1053,8 +1053,11 @@ save_cert_for(char *email, X509 *cert, WhichCerts ctype) } else{ if(strlen(path) + strlen(tempfile) - strlen(ret_dir) + 1 < sizeof(path)) - snprintf(fpath, sizeof(fpath), "%s%c%s", - path, tempfile[strlen(ret_dir)], tempfile + strlen(ret_dir) + 1); + snprintf(fpath, sizeof(fpath), "%.*s%c%.*s", + (int) strlen(path), path, + tempfile[strlen(ret_dir)], + (int) (sizeof(fpath) - strlen(fpath) - 1), + tempfile + strlen(ret_dir) + 1); else err++; } |