From 18a5af00c1cf15852d694d20c58e7271112263d8 Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sun, 2 Feb 2014 00:18:35 -0700 Subject: * Update to version 2.19.5 * check bounds and tie strings off to improve security. Contributed by James Jerkins. * Alpine crashed when a user attempted to add a folder collection, due to bug in GET_NAMESPACE in imap4r1.c. --- alpine/mailcmd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'alpine/mailcmd.c') diff --git a/alpine/mailcmd.c b/alpine/mailcmd.c index 1cffd586..93a08c1f 100644 --- a/alpine/mailcmd.c +++ b/alpine/mailcmd.c @@ -5,7 +5,7 @@ static char rcsid[] = "$Id: mailcmd.c 1266 2009-07-14 18:39:12Z hubert@u.washing /* * ======================================================================== * Copyright 2006-2009 University of Washington - * Copyright 2013 Eduardo Chappa + * Copyright 2013-2014 Eduardo Chappa * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -7813,7 +7813,8 @@ select_by_text(MAILSTREAM *stream, MSGNO_S *msgmap, long int msgno, SEARCHSET ** break; case 'h' : - strcpy(tmp, "Name of HEADER to match : "); + strncpy(tmp, "Name of HEADER to match : ", sizeof(tmp)-1); + tmp[sizeof(tmp)-1] = '\0'; flags = OE_APPEND_CURRENT; namehdr[0] = '\0'; r = 'x'; -- cgit v1.2.3-54-g00ecf