From aa5a0714e2ae3c401ac9e6901dde87ad70568d8c Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Thu, 11 Aug 2016 21:14:43 -0600 Subject: * Protect all calls to mail_elt in pith/ and alpine/ code. Protect means to check for correct range of message number before calling mail_elt. * Work in progress: correct some uses of system calls that do not check for returned value. This work will follow the lead given by Christian Kujau and Asheesh Laroia. Expect more changes of this type in subsequent commits. --- imap/src/c-client/auth_md5.c | 7 ++++++- imap/src/c-client/newsrc.c | 7 ++++--- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'imap/src') diff --git a/imap/src/c-client/auth_md5.c b/imap/src/c-client/auth_md5.c index 9c81d308..8c989769 100644 --- a/imap/src/c-client/auth_md5.c +++ b/imap/src/c-client/auth_md5.c @@ -1,3 +1,7 @@ +/* + * Copyright 2016 - Eduardo Chappa + * Last Modified: August 11, 2016 + */ /* ======================================================================== * Copyright 2008-2011 Mark Crispin * ======================================================================== @@ -191,7 +195,8 @@ char *auth_md5_pwd (char *user) char *ret = NIL; if (fd >= 0) { /* found the file? */ fstat (fd,&sbuf); /* yes, slurp it into memory */ - read (fd,buf = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size); + if(read (fd,buf = (char *) fs_get (sbuf.st_size + 1),sbuf.st_size) < 0) + fatal("error on read() call in auth_md5_pwd"); /* see if any uppercase characters in user */ for (s = user; *s && ((*s < 'A') || (*s > 'Z')); s++); /* yes, make lowercase copy */ diff --git a/imap/src/c-client/newsrc.c b/imap/src/c-client/newsrc.c index 8036b1ac..0f15264d 100644 --- a/imap/src/c-client/newsrc.c +++ b/imap/src/c-client/newsrc.c @@ -1,6 +1,6 @@ /* * Copyright 2016 - Eduardo Chappa - * Last Modified: June 15, 2016 + * Last Modified: August 11, 2016 */ /* ======================================================================== * Copyright 1988-2006 University of Washington @@ -471,8 +471,9 @@ char *newsrc_state (MAILSTREAM *stream,char *group) c = getc (f); /* now copy it */ s = (char *) fs_get (size + 1); - fseek (f,pos,SEEK_SET); - fread (s,(size_t) 1,size,f); + if(fseek (f,pos,SEEK_SET) < 0 + || fread (s,(size_t) 1,size,f) != size) + fatal("error on fseek() or fread() in newsrc module."); s[size] = '\0'; /* tie off string */ fclose (f); /* all done - close the file */ return s; -- cgit v1.2.3-70-g09d2