dovecot-sieve-1.1: libsieve: Fixed several sprintf() buffer over...
dovecot at dovecot.org
dovecot at dovecot.org
Mon Sep 14 02:26:46 EEST 2009
details: http://hg.dovecot.org/dovecot-sieve-1.1/rev/4577c4e1130d
changeset: 72:4577c4e1130d
user: Timo Sirainen <tss at iki.fi>
date: Sun Sep 13 19:26:42 2009 -0400
description:
libsieve: Fixed several sprintf() buffer overflows.
diffstat:
2 files changed, 13 insertions(+), 13 deletions(-)
src/libsieve/bc_eval.c | 6 +++---
src/libsieve/script.c | 20 ++++++++++----------
diffs (114 lines):
diff -r c1402bcf9bd3 -r 4577c4e1130d src/libsieve/bc_eval.c
--- a/src/libsieve/bc_eval.c Tue Sep 01 13:24:21 2009 -0400
+++ b/src/libsieve/bc_eval.c Sun Sep 13 19:26:42 2009 -0400
@@ -477,7 +477,7 @@ static int eval_bc_test(sieve_interp_t *
int comparator=ntohl(bc[i+3].value);
int apart=ntohl(bc[i+4].value);
int count=0;
- char scount[3];
+ char scount[20];
int isReg = (match==B_REGEX);
int ctag = 0;
regex_t *reg;
@@ -646,7 +646,7 @@ static int eval_bc_test(sieve_interp_t *
int relation=ntohl(bc[i+2].value);
int comparator=ntohl(bc[i+3].value);
int count=0;
- char scount[3];
+ char scount[20];
int isReg = (match==B_REGEX);
int ctag = 0;
regex_t *reg;
@@ -767,7 +767,7 @@ static int eval_bc_test(sieve_interp_t *
int transform=ntohl(bc[i+4].value);
/*int offset=ntohl(bc[i+5].value);*/
int count=0;
- char scount[3];
+ char scount[20];
int isReg = (match==B_REGEX);
int ctag = 0;
regex_t *reg;
diff -r c1402bcf9bd3 -r 4577c4e1130d src/libsieve/script.c
--- a/src/libsieve/script.c Tue Sep 01 13:24:21 2009 -0400
+++ b/src/libsieve/script.c Sun Sep 13 19:26:42 2009 -0400
@@ -609,9 +609,9 @@ static int do_sieve_error(int ret,
if ((ret != SIEVE_OK) && interp->err) {
char buf[1024];
if (lastaction == -1) /* we never executed an action */
- sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret));
+ snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg : sieve_errstr(ret));
else
- sprintf(buf, "%s: %s", action_to_string(lastaction),
+ snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction),
errmsg ? errmsg : sieve_errstr(ret));
ret |= interp->execute_err(buf, interp->interp_context,
@@ -629,7 +629,7 @@ static int do_sieve_error(int ret,
ret |= keep_ret;
if (keep_ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Kept\n");
else {
implicit_keep = 0; /* don't try an implicit keep again */
@@ -682,7 +682,7 @@ static int do_action_list(sieve_interp_t
if (ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Rejected with: %s\n", a->u.rej.msg);
break;
@@ -697,7 +697,7 @@ static int do_action_list(sieve_interp_t
if (ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Filed into: %s\n",a->u.fil.mailbox);
break;
case ACTION_KEEP:
@@ -710,7 +710,7 @@ static int do_action_list(sieve_interp_t
&errmsg);
if (ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Kept\n");
break;
case ACTION_REDIRECT:
@@ -723,7 +723,7 @@ static int do_action_list(sieve_interp_t
&errmsg);
if (ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Redirected to %s\n", a->u.red.addr);
break;
case ACTION_DISCARD:
@@ -734,7 +734,7 @@ static int do_action_list(sieve_interp_t
&errmsg);
if (ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Discarded\n");
break;
@@ -760,12 +760,12 @@ static int do_action_list(sieve_interp_t
if (ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Sent vacation reply\n");
} else if (ret == SIEVE_DONE) {
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Vacation reply suppressed\n");
ret = SIEVE_OK;
More information about the dovecot-cvs
mailing list