dovecot-sieve-1.1: libsieve: Another sprintf() buffer overflow fix.
dovecot at dovecot.org
dovecot at dovecot.org
Mon Sep 14 02:31:13 EEST 2009
details: http://hg.dovecot.org/dovecot-sieve-1.1/rev/049f22520628
changeset: 73:049f22520628
user: Timo Sirainen <tss at iki.fi>
date: Sun Sep 13 19:31:07 2009 -0400
description:
libsieve: Another sprintf() buffer overflow fix.
(Forgot to change .y file in previous commit.)
diffstat:
1 file changed, 1 insertion(+), 1 deletion(-)
src/libsieve/sieve.y | 2 +-
diffs (12 lines):
diff -r 4577c4e1130d -r 049f22520628 src/libsieve/sieve.y
--- a/src/libsieve/sieve.y Sun Sep 13 19:26:42 2009 -0400
+++ b/src/libsieve/sieve.y Sun Sep 13 19:31:07 2009 -0400
@@ -1135,7 +1135,7 @@ static int verify_relat(char *r)
else if (!strcmp(r, "ne")) {return NE;}
else if (!strcmp(r, "eq")) {return EQ;}
else{
- sprintf(errbuf, "flag '%s': not a valid relational operation", r);
+ snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational operation", r);
yyerror(errbuf);
return -1;
}
More information about the dovecot-cvs
mailing list