From aa5a0714e2ae3c401ac9e6901dde87ad70568d8c Mon Sep 17 00:00:00 2001
From: Eduardo Chappa <chappa@washington.edu>
Date: Thu, 11 Aug 2016 21:14:43 -0600
Subject:   * Protect all calls to mail_elt in pith/ and alpine/ code. Protect
 means     to check for correct range of message number before calling
 mail_elt.

  * Work in progress: correct some uses of system calls that do not check
    for returned value. This work will follow the lead given by Christian
    Kujau and Asheesh Laroia. Expect more changes of this type in
    subsequent commits.
---
 imap/src/c-client/auth_md5.c | 7 ++++++-
 imap/src/c-client/newsrc.c   | 7 ++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

(limited to 'imap/src')

diff --git a/imap/src/c-client/auth_md5.c b/imap/src/c-client/auth_md5.c
index 9c81d308..8c989769 100644
--- a/imap/src/c-client/auth_md5.c
+++ b/imap/src/c-client/auth_md5.c
@@ -1,3 +1,7 @@
+/*
+ * Copyright 2016 - Eduardo Chappa
+ * Last Modified: August 11, 2016
+ */
 /* ========================================================================
  * Copyright 2008-2011 Mark Crispin
  * ========================================================================
@@ -191,7 +195,8 @@ char *auth_md5_pwd (char *user)
   char *ret = NIL;
   if (fd >= 0) {		/* found the file? */
     fstat (fd,&sbuf);		/* yes, slurp it into memory */
-    read (fd,buf = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size);
+    if(read (fd,buf = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size) < 0)
+	fatal("error on read() call in auth_md5_pwd");
 				/* see if any uppercase characters in user */
     for (s = user; *s && ((*s < 'A') || (*s > 'Z')); s++);
 				/* yes, make lowercase copy */
diff --git a/imap/src/c-client/newsrc.c b/imap/src/c-client/newsrc.c
index 8036b1ac..0f15264d 100644
--- a/imap/src/c-client/newsrc.c
+++ b/imap/src/c-client/newsrc.c
@@ -1,6 +1,6 @@
 /* 
  * Copyright 2016 - Eduardo Chappa
- * Last Modified: June 15, 2016
+ * Last Modified: August 11, 2016
  */
 /* ========================================================================
  * Copyright 1988-2006 University of Washington
@@ -471,8 +471,9 @@ char *newsrc_state (MAILSTREAM *stream,char *group)
 	  c = getc (f);
 				/* now copy it */
 	s = (char *) fs_get (size + 1);
-	fseek (f,pos,SEEK_SET);
-	fread (s,(size_t) 1,size,f);
+	if(fseek (f,pos,SEEK_SET) < 0
+	   || fread (s,(size_t) 1,size,f) != size)
+	  fatal("error on fseek() or fread() in newsrc module.");
 	s[size] = '\0';		/* tie off string */
 	fclose (f);		/* all done - close the file */
 	return s;
-- 
cgit v1.2.3-54-g00ecf