dovecot-sieve-1.0: libsieve: Fixed several sprintf() buffer over...
dovecot at dovecot.org
dovecot at dovecot.org
Mon Sep 14 02:31:37 EEST 2009
details: http://hg.dovecot.org/dovecot-sieve-1.0/rev/4b8589d7d555
changeset: 40:4b8589d7d555
user: Timo Sirainen <tss at iki.fi>
date: Sun Sep 13 19:31:34 2009 -0400
description:
libsieve: Fixed several sprintf() buffer overflows.
diffstat:
3 files changed, 13 insertions(+), 13 deletions(-)
src/libsieve/bc_eval.c | 4 ++--
src/libsieve/script.c | 20 ++++++++++----------
src/libsieve/sieve.y | 2 +-
diffs (117 lines):
diff -r 1ddefc5e4e33 -r 4b8589d7d555 src/libsieve/bc_eval.c
--- a/src/libsieve/bc_eval.c Sun Dec 21 18:59:57 2008 +0200
+++ b/src/libsieve/bc_eval.c Sun Sep 13 19:31:34 2009 -0400
@@ -475,7 +475,7 @@ static int eval_bc_test(sieve_interp_t *
int comparator=ntohl(bc[i+3].value);
int apart=ntohl(bc[i+4].value);
int count=0;
- char scount[3];
+ char scount[20];
int isReg = (match==B_REGEX);
int ctag = 0;
regex_t *reg;
@@ -643,7 +643,7 @@ static int eval_bc_test(sieve_interp_t *
int relation=ntohl(bc[i+2].value);
int comparator=ntohl(bc[i+3].value);
int count=0;
- char scount[3];
+ char scount[20];
int isReg = (match==B_REGEX);
int ctag = 0;
regex_t *reg;
diff -r 1ddefc5e4e33 -r 4b8589d7d555 src/libsieve/script.c
--- a/src/libsieve/script.c Sun Dec 21 18:59:57 2008 +0200
+++ b/src/libsieve/script.c Sun Sep 13 19:31:34 2009 -0400
@@ -526,9 +526,9 @@ static int do_sieve_error(int ret,
if ((ret != SIEVE_OK) && interp->err) {
char buf[1024];
if (lastaction == -1) /* we never executed an action */
- sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret));
+ snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg : sieve_errstr(ret));
else
- sprintf(buf, "%s: %s", action_to_string(lastaction),
+ snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction),
errmsg ? errmsg : sieve_errstr(ret));
ret |= interp->execute_err(buf, interp->interp_context,
@@ -546,7 +546,7 @@ static int do_sieve_error(int ret,
ret |= keep_ret;
if (keep_ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Kept\n");
else {
implicit_keep = 0; /* don't try an implicit keep again */
@@ -599,7 +599,7 @@ static int do_action_list(sieve_interp_t
if (ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Rejected with: %s\n", a->u.rej.msg);
break;
@@ -615,7 +615,7 @@ static int do_action_list(sieve_interp_t
if (ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Filed into: %s\n",a->u.fil.mailbox);
break;
case ACTION_KEEP:
@@ -629,7 +629,7 @@ static int do_action_list(sieve_interp_t
&errmsg);
if (ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Kept\n");
break;
case ACTION_REDIRECT:
@@ -643,7 +643,7 @@ static int do_action_list(sieve_interp_t
&errmsg);
if (ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Redirected to %s\n", a->u.red.addr);
break;
case ACTION_DISCARD:
@@ -655,7 +655,7 @@ static int do_action_list(sieve_interp_t
&errmsg);
if (ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Discarded\n");
break;
@@ -689,12 +689,12 @@ static int do_action_list(sieve_interp_t
if (ret == SIEVE_OK)
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Sent vacation reply\n");
} else if (ret == SIEVE_DONE) {
snprintf(actions_string+strlen(actions_string),
- sizeof(actions_string)-strlen(actions_string),
+ ACTIONS_STRING_LEN-strlen(actions_string),
"Vacation reply suppressed\n");
ret = SIEVE_OK;
diff -r 1ddefc5e4e33 -r 4b8589d7d555 src/libsieve/sieve.y
--- a/src/libsieve/sieve.y Sun Dec 21 18:59:57 2008 +0200
+++ b/src/libsieve/sieve.y Sun Sep 13 19:31:34 2009 -0400
@@ -922,7 +922,7 @@ static int verify_relat(char *r)
else if (!strcmp(r, "ne")) {return NE;}
else if (!strcmp(r, "eq")) {return EQ;}
else{
- sprintf(errbuf, "flag '%s': not a valid relational operation", r);
+ snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational operation", r);
yyerror(errbuf);
return -1;
}
More information about the dovecot-cvs
mailing list