Fix and/or check more fishy code.

diff --git a/base64.c b/base64.c
index 228a927e57666f631c7d61d3bf928276148ebb26..0bcc865d6ba336bff69d58fdb77476d826c3f7e2 100644 (file)
--- a/base64.c
+++ b/base64.c
@@ -45,20 +45,22 @@
 #define BAD     -1
 
 /* raw bytes to null-terminated base 64 string */
-void mutt_to_base64 (unsigned char *out, const unsigned char *in, int len)
+void mutt_to_base64 (unsigned char *out, const unsigned char *in, size_t len,
+                    size_t olen)
 {
-  while (len >= 3)
+  while (len >= 3 && olen > 10)
   {
     *out++ = B64Chars[in[0] >> 2];
     *out++ = B64Chars[((in[0] << 4) & 0x30) | (in[1] >> 4)];
     *out++ = B64Chars[((in[1] << 2) & 0x3c) | (in[2] >> 6)];
     *out++ = B64Chars[in[2] & 0x3f];
-    len -= 3;
-    in += 3;
+    olen  -= 4;
+    len   -= 3;
+    in    += 3;
   }
 
   /* clean up remainder */
-  if (len > 0)
+  if (len > 0 && olen > 4)
   {
     unsigned char fragment;
 

diff --git a/browser.c b/browser.c
index 486b0d361c2f5e8d91875600cc23977db03e3af0..cb2ee24e72e1046452d096f5572a567a8494b237 100644 (file)
--- a/browser.c
+++ b/browser.c
@@ -176,7 +176,7 @@ folder_format_str (char *dest, size_t destlen, char op, const char *src,
       strfcpy (fn, folder->ff->name, sizeof(fn));
       if (folder->ff->st != NULL)
       {
-       strcat (fn, S_ISLNK (folder->ff->st->st_mode) ? "@" : 
+       strcat (fn, S_ISLNK (folder->ff->st->st_mode) ? "@" :           /* __STRCAT_CHECKED__ */
                (S_ISDIR (folder->ff->st->st_mode) ? "/" : 
                 ((folder->ff->st->st_mode & S_IXUSR) != 0 ? "*" : "")));
       }
@@ -566,7 +566,7 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num
       else
       {
        getcwd (LastDir, sizeof (LastDir));
-       strcat (LastDir, "/");
+       strcat (LastDir, "/");  /* __STRCAT_CHECKED__ */
        strncat (LastDir, f, i);
       }
     }
@@ -682,7 +682,7 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num
            if (mutt_strcmp (state.entry[menu->current].name, "..") == 0)
            {
              if (mutt_strcmp ("..", LastDir + mutt_strlen (LastDir) - 2) == 0)
-               strcat (LastDir, "/..");
+               strcat (LastDir, "/..");        /* __STRCAT_CHECKED__ */
              else
              {
                char *p = strrchr (LastDir + 1, '/');
@@ -694,13 +694,13 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num
                  if (LastDir[0] == '/')
                    LastDir[1] = 0;
                  else
-                   strcat (LastDir, "/..");
+                   strcat (LastDir, "/..");    /* __STRCAT_CHECKED__ */
                }
              }
            }
            else if (buffy)
            {
-             sprintf (LastDir, "%s", state.entry[menu->current].name);
+             strfcpy (LastDir, state.entry[menu->current].name, sizeof (LastDir));
              mutt_expand_path (LastDir, sizeof (LastDir));
            }
 #ifdef USE_IMAP
@@ -726,8 +726,11 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num
            }
 #endif
            else
-             sprintf (LastDir + mutt_strlen (LastDir), "/%s",
-                      state.entry[menu->current].name);
+           {
+             char tmp[_POSIX_PATH_MAX];
+             snprintf (tmp, sizeof (tmp), "%s/%s", LastDir, state.entry[menu->current].name);
+             strfcpy (LastDir, tmp, sizeof (LastDir));
+           }
 
            destroy_state (&state);
            if (killPrefix)

diff --git a/check_sec.sh b/check_sec.sh
index d0c1b2f7b5e421e12ae72c666000d4106da07986..185752ac83d3900d34a7ba44115e6c345c31548b 100755 (executable)
--- a/check_sec.sh
+++ b/check_sec.sh
@@ -20,7 +20,7 @@ do_check ()
 
 do_check '\<fopen.*'\"'.*w' __FOPEN_CHECKED__ "Alert: Unchecked fopen calls."
 do_check '\<(mutt_)?strcpy' __STRCPY_CHECKED__ "Alert: Unchecked strcpy calls."
-# do_check '\<strcat' __STRCAT_CHECKED__ "Alert: Unchecked strcat calls."
+do_check '\<strcat' __STRCAT_CHECKED__ "Alert: Unchecked strcat calls."
 do_check 'sprintf.*%s' __SPRINTF_CHECKED__ "Alert: Unchecked sprintf calls."
 
 rm -f $TMPFILE

diff --git a/commands.c b/commands.c
index 4ca832b508c9b35743c26b2671b62342a69ef1f7..1eaabd3607f2808e90837750626365d8b02d150e 100644 (file)
--- a/commands.c
+++ b/commands.c
@@ -238,12 +238,12 @@ void ci_bounce_message (HEADER *h, int *redraw)
    * This is the printing width of "...? ([y=yes]/n=no): ?" plus 2
    * for good measure. This is not ideal. FIXME.
    */
-  snprintf (prompt, sizeof (prompt),
+  snprintf (prompt, sizeof (prompt) - 4,
            (h ? _("Bounce message to %s") : _("Bounce messages to %s")), buf);
-  mutt_format_string (prompt, sizeof (prompt),
+  mutt_format_string (prompt, sizeof (prompt) - 4,
                      0, COLS-extra_space, 0, 0,
                      prompt, sizeof (prompt), 0);
-  strcat (prompt, "...?");
+  strcat (prompt, "...?");     /* __STRCAT_CHECKED__ */
   if (mutt_yesorno (prompt, 1) != 1)
   {
     rfc822_free_address (&adr);

diff --git a/complete.c b/complete.c
index ccd6019f651a08572185bc7cfc27fdded3df82fd..86f41e27269e94e7554876644d02cfdafa101028 100644 (file)
--- a/complete.c
+++ b/complete.c
@@ -83,9 +83,12 @@ int mutt_complete (char *s, size_t slen)
       strfcpy (exp_dirpart, NONULL (Maildir), sizeof (exp_dirpart));
     if ((p = strrchr (s, '/')))
     {
+      char buf[_POSIX_PATH_MAX];
       *p++ = 0;
-      sprintf (exp_dirpart + mutt_strlen (exp_dirpart), "/%s", s+1);
-      sprintf (dirpart + mutt_strlen (dirpart), "%s/", s+1);
+      snprintf (buf, sizeof (buf), "%s/%s", exp_dirpart, s+1);
+      strfcpy (exp_dirpart, buf, sizeof (exp_dirpart));
+      snprintf (buf, sizeof (buf), "%s/%s", dirpart, s+1);
+      strfcpy (dirpart, buf, sizeof (dirpart));
       strfcpy (filepart, p, sizeof (filepart));
     }
     else

diff --git a/copy.c b/copy.c
index 1a9c61ca6d9cefe39df7f14799e42ad2d145f25e..b1f5d3590f9b4be57dd700c35ab43465bcc6e1e7 100644 (file)
--- a/copy.c
+++ b/copy.c
@@ -193,7 +193,7 @@ mutt_copy_hdr (FILE *in, FILE *out, long off_start, long off_end, int flags,
       {
        safe_realloc ((void **) &headers[x],
                      mutt_strlen (headers[x]) + mutt_strlen (buf) + sizeof (char));
-       strcat (headers[x], buf);
+       strcat (headers[x], buf);       /* __STRCAT_CHECKED__ */
       }
     }
   } /* while (ftell (in) < off_end) */

diff --git a/curs_lib.c b/curs_lib.c
index 02c657292be028dffa8a22ea0937607f77a0cd88..ccbb084822cfcd5a58afc8ff8e88949968569e18 100644 (file)
--- a/curs_lib.c
+++ b/curs_lib.c
@@ -411,7 +411,7 @@ int _mutt_enter_fname (const char *prompt, char *buf, size_t blen, int *redraw,
   {
     char *pc = safe_malloc (mutt_strlen (prompt) + 3);
 
-    sprintf (pc, "%s: ", prompt);
+    sprintf (pc, "%s: ", prompt);      /* __SPRINTF_CHECKED__ */
     mutt_ungetch (ch.op ? 0 : ch.ch, ch.op ? ch.op : 0);
     if (_mutt_get_field (pc, buf, blen, (buffy ? M_EFILE : M_FILE) | M_CLEAR, multiple, files, numfiles)
        != 0)

diff --git a/edit.c b/edit.c
index 57cb82c045e2fa91e6985e30775da0996f833f23..ff31bff129ffaa8eee7be3c15d2a626efb10cb5f 100644 (file)
--- a/edit.c
+++ b/edit.c
@@ -152,7 +152,7 @@ be_include_messages (char *msg, char **buf, int *bufmax, int *buflen,
       if (Attribution)
       {
        mutt_make_string (tmp, sizeof (tmp) - 1, Attribution, Context, Context->hdrs[n]);
-       strcat (tmp, "\n");
+       strcat (tmp, "\n");     /* __STRCAT_CHECKED__ */
       }
 
       if (*bufmax == *buflen)

diff --git a/handler.c b/handler.c
index 6e8e2e8d176d35fa1cedccc97b679902b2eb3431..9bf8cae16bd7b3f4a649697b341da19b32db1b2e 100644 (file)
--- a/handler.c
+++ b/handler.c
@@ -588,7 +588,7 @@ static void enriched_flush (struct enriched_state *stte, int wrap)
       stte->line_max = stte->line_used;
       safe_realloc ((void **) &stte->line, stte->line_max + 1);
     }
-    strcat (stte->line, stte->buffer);
+    strcat (stte->line, stte->buffer); /* __STRCAT_CHECKED__ */
     stte->line_len += stte->word_len;
     stte->word_len = 0;
     stte->buff_used = 0;

diff --git a/imap/auth_cram.c b/imap/auth_cram.c
index 54330c01c707fe885352352f8100a2ed4a991b88..0528ccf1304f74d29c9e18568b702c422d3f718f 100644 (file)
--- a/imap/auth_cram.c
+++ b/imap/auth_cram.c
@@ -33,7 +33,7 @@ static void hmac_md5 (const char* password, char* challenge,
 /* imap_auth_cram_md5: AUTH=CRAM-MD5 support. */
 imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA* idata)
 {
-  char ibuf[LONG_STRING*4+10], obuf[LONG_STRING];
+  char ibuf[LONG_STRING*2], obuf[LONG_STRING];
   unsigned char hmac_response[MD5_DIGEST_LEN];
   int len;
   int rc;
@@ -102,8 +102,9 @@ imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA* idata)
    * plus the additional debris
    */
   
-  mutt_to_base64 ((unsigned char*) ibuf, (unsigned char*) obuf, strlen (obuf));
-  strcat (ibuf, "\r\n");       /* __STRCAT_CHECKED__ */
+  mutt_to_base64 ((unsigned char*) ibuf, (unsigned char*) obuf, strlen (obuf),
+                 sizeof (ibuf) - 2);
+  strncat (ibuf, "\r\n", sizeof (ibuf));
   mutt_socket_write (idata->conn, ibuf);
 
   do

diff --git a/imap/auth_gss.c b/imap/auth_gss.c
index 9723cefebc6f760ff2047382d2cb2f4d75337f3b..3b14f361d11245431fa8f7047c2c9b2295426e99 100644 (file)
--- a/imap/auth_gss.c
+++ b/imap/auth_gss.c
@@ -134,9 +134,9 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA* idata)
 
     /* send token */
     mutt_to_base64 ((unsigned char*) buf1, send_token.value,
-      send_token.length);
+      send_token.length, sizeof (buf1) - 2);
     gss_release_buffer (&min_stat, &send_token);
-    strcat (buf1, "\r\n");
+    strncat (buf1, "\r\n", sizeof (buf1));
     mutt_socket_write (idata->conn, buf1);
 
     if (maj_stat == GSS_S_CONTINUE_NEEDED)
@@ -222,7 +222,8 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA* idata)
     goto bail;
   }
 
-  mutt_to_base64 ((unsigned char*) buf1, send_token.value, send_token.length);
+  mutt_to_base64 ((unsigned char*) buf1, send_token.value, send_token.length,
+                 sizeof (buf1) - 2);
   dprint (2, (debugfile, "Requesting authorisation as %s\n",
     idata->conn->account.user));
   strncat (buf1, "\r\n", sizeof (buf1));

diff --git a/imap/imap.c b/imap/imap.c
index 3302e91bcf9d0334874ed032405af3891c164af9..4945952f963927784d4aa69fbdd25ce7b55a232a 100644 (file)
--- a/imap/imap.c
+++ b/imap/imap.c
@@ -43,7 +43,7 @@ static char* imap_get_flags (LIST** hflags, char* s);
 static int imap_check_acl (IMAP_DATA *idata);
 static int imap_check_capabilities (IMAP_DATA* idata);
 static void imap_set_flag (IMAP_DATA* idata, int aclbit, int flag,
-  const char* str, char* flags);
+                          const char* str, char* flags, size_t flsize);
 
 int imap_create_mailbox (IMAP_DATA* idata, char* mailbox)
 {
@@ -722,11 +722,11 @@ int imap_close_connection (CONTEXT *ctx)
 /* imap_set_flag: append str to flags if we currently have permission
  *   according to aclbit */
 static void imap_set_flag (IMAP_DATA* idata, int aclbit, int flag,
-  const char *str, char *flags)
+  const char *str, char *flags, size_t flsize)
 {
   if (mutt_bit_isset (idata->rights, aclbit))
     if (flag)
-      strcat (flags, str);
+      strncat (flags, str, flsize);
 }
 
 /* imap_make_msg_set: make an IMAP4rev1 UID message set out of a set of
@@ -896,17 +896,17 @@ int imap_sync_mailbox (CONTEXT* ctx, int expunge, int* index_hint)
       flags[0] = '\0';
       
       imap_set_flag (idata, IMAP_ACL_SEEN, ctx->hdrs[n]->read, "\\Seen ",
-        flags);
+        flags, sizeof (flags));
       imap_set_flag (idata, IMAP_ACL_WRITE, ctx->hdrs[n]->flagged,
-        "\\Flagged ", flags);
+        "\\Flagged ", flags, sizeof (flags));
       imap_set_flag (idata, IMAP_ACL_WRITE, ctx->hdrs[n]->replied,
-        "\\Answered ", flags);
+        "\\Answered ", flags, sizeof (flags));
       imap_set_flag (idata, IMAP_ACL_DELETE, ctx->hdrs[n]->deleted,
-        "\\Deleted ", flags);
+        "\\Deleted ", flags, sizeof (flags));
 
       /* now make sure we don't lose custom tags */
       if (mutt_bit_isset (idata->rights, IMAP_ACL_WRITE))
-        imap_add_keywords (flags, ctx->hdrs[n], idata->flags);
+        imap_add_keywords (flags, ctx->hdrs[n], idata->flags, sizeof (flags));
       
       mutt_remove_trailing_ws (flags);
       
@@ -914,10 +914,10 @@ int imap_sync_mailbox (CONTEXT* ctx, int expunge, int* index_hint)
        * explicitly revoke all system flags (if we have permission) */
       if (!*flags)
       {
-        imap_set_flag (idata, IMAP_ACL_SEEN, 1, "\\Seen ", flags);
-        imap_set_flag (idata, IMAP_ACL_WRITE, 1, "\\Flagged ", flags);
-        imap_set_flag (idata, IMAP_ACL_WRITE, 1, "\\Answered ", flags);
-        imap_set_flag (idata, IMAP_ACL_DELETE, 1, "\\Deleted ", flags);
+        imap_set_flag (idata, IMAP_ACL_SEEN, 1, "\\Seen ", flags, sizeof (flags));
+        imap_set_flag (idata, IMAP_ACL_WRITE, 1, "\\Flagged ", flags, sizeof (flags));
+        imap_set_flag (idata, IMAP_ACL_WRITE, 1, "\\Answered ", flags, sizeof (flags));
+        imap_set_flag (idata, IMAP_ACL_DELETE, 1, "\\Deleted ", flags, sizeof (flags));
 
         mutt_remove_trailing_ws (flags);
 

diff --git a/imap/imap_private.h b/imap/imap_private.h
index 5e2bac23ca86ed80cdf1928a6d1fd1914ce3ed5a..84d045daedaa7111329fe024cf6d6f49e11b9287 100644 (file)
--- a/imap/imap_private.h
+++ b/imap/imap_private.h
@@ -195,7 +195,7 @@ int imap_code (const char* s);
 int imap_exec (IMAP_DATA* idata, const char* cmd, int flags);
 
 /* message.c */
-void imap_add_keywords (char* s, HEADER* keywords, LIST* mailbox_flags);
+void imap_add_keywords (char* s, HEADER* keywords, LIST* mailbox_flags, size_t slen);
 void imap_free_header_data (void** data);
 int imap_read_headers (IMAP_DATA* idata, int msgbegin, int msgend);
 

diff --git a/imap/message.c b/imap/message.c
index 071b2e8dfa30604d4fa6b0785a9eb108a8ad44b2..9946778c12c77672a29ad2b66bcfc5235343307d 100644 (file)
--- a/imap/message.c
+++ b/imap/message.c
@@ -623,7 +623,7 @@ int imap_copy_messages (CONTEXT* ctx, HEADER* h, char* dest, int delete)
 
 /* imap_add_keywords: concatenate custom IMAP tags to list, if they
  *   appear in the folder flags list. Why wouldn't they? */
-void imap_add_keywords (char* s, HEADER* h, LIST* mailbox_flags)
+void imap_add_keywords (char* s, HEADER* h, LIST* mailbox_flags, size_t slen)
 {
   LIST *keywords;
 
@@ -636,8 +636,8 @@ void imap_add_keywords (char* s, HEADER* h, LIST* mailbox_flags)
   {
     if (msg_has_flag (mailbox_flags, keywords->data))
     {
-      strcat (s, keywords->data);
-      strcat (s, " ");
+      strncat (s, keywords->data, slen);
+      strncat (s, " ", slen);
     }
     keywords = keywords->next;
   }

diff --git a/init.c b/init.c
index 12ce342edbbe9bab32fca1bd29f558003a13c8da..e2c7921ebe9e88a3f9a501c09d535e41f62a26ad 100644 (file)
--- a/init.c
+++ b/init.c
@@ -1758,7 +1758,7 @@ void mutt_init (int skip_sys_rc, LIST *commands)
     if (*DOMAIN != '@')
   {
     Fqdn = safe_malloc (mutt_strlen (DOMAIN) + mutt_strlen (Hostname) + 2);
-    sprintf (Fqdn, "%s.%s", NONULL(Hostname), DOMAIN);
+    sprintf (Fqdn, "%s.%s", NONULL(Hostname), DOMAIN); /* __SPRINTF_CHECKED__ */
   }
   else
     Fqdn = safe_strdup(NONULL(Hostname));

diff --git a/intl/cat-compat.c b/intl/cat-compat.c
index 7a25fcfd38257abd108f81f3087cc1d2398b23cd..c32f666998292cf1eac1ee3c3c7052be6c71b7f8 100644 (file)
--- a/intl/cat-compat.c
+++ b/intl/cat-compat.c
@@ -115,8 +115,8 @@ textdomain (domainname)
   if (new_catalog == (nl_catd) -1)
     {
       /* NLSPATH search didn't work, try absolute path */
-      sprintf (new_name, "%s/%s/LC_MESSAGES/%s.cat", LOCALEDIR, lang,
-              PACKAGE);        /* __SPRINTF_CHECKED__ - sort of... */
+      sprintf (new_name, "%s/%s/LC_MESSAGES/%s.cat", LOCALEDIR, lang,  /* __SPRINTF_CHECKED__ - sort of... */
+              PACKAGE);
       new_catalog = catopen (new_name, 0);
 
       if (new_catalog == (nl_catd) -1)

diff --git a/lib.c b/lib.c
index c9f307daf08798e1f97e171233c286517bab6db0..27f4f823c74315a4aeb6b7d74b63001151c4f8db 100644 (file)
--- a/lib.c
+++ b/lib.c
@@ -261,8 +261,8 @@ int safe_symlink(const char *oldpath, const char *newpath)
        (strlen (abs_oldpath) + 1 + strlen (oldpath) + 1 > sizeof abs_oldpath))
     return -1;
   
-    strcat (abs_oldpath, "/");
-    strcat (abs_oldpath, oldpath);
+    strcat (abs_oldpath, "/");         /* __STRCAT_CHECKED__ */
+    strcat (abs_oldpath, oldpath);     /* __STRCAT_CHECKED__ */
     if (symlink (abs_oldpath, newpath) == -1)
       return -1;
   }

diff --git a/pager.c b/pager.c
index eb4d9b56a82ce5c8a52f93940e4fb13a569f102a..ed4f2c03983665ff592b2f45402f92a61baccb16 100644 (file)
--- a/pager.c
+++ b/pager.c
@@ -1454,14 +1454,14 @@ mutt_pager (const char *banner, const char *fname, int flags, pager_t *extra)
   if (IsHeader (extra))
   {
     mutt_compile_help (buffer, sizeof (buffer), MENU_PAGER, PagerHelpExtra);
-    strcat (helpstr, "  ");
-    strcat (helpstr, buffer);
+    strcat (helpstr, "  ");    /* __STRCAT_CHECKED__ */        /* we don't seem to have any user-supplied data here */
+    strcat (helpstr, buffer);  /* __STRCAT_CHECKED__ */
   }
   if (!InHelp)
   {
     mutt_make_help (buffer, sizeof (buffer), _("Help"), MENU_PAGER, OP_HELP);
-    strcat (helpstr, "  ");
-    strcat (helpstr, buffer);
+    strcat (helpstr, "  ");    /* __STRCAT_CHECKED__ */        /* we don't seem to have any user-supplied data here */
+    strcat (helpstr, buffer);  /* __STRCAT_CHECKED__ */
   }
 
   while (ch != -1)

diff --git a/pgp.c b/pgp.c
index d891e71f075799c87535a08751f62309767162dc..1caf98e90dfefb60089649f41bb7fbf8194f6156 100644 (file)
--- a/pgp.c
+++ b/pgp.c
@@ -1261,7 +1261,7 @@ char *pgp_findKeys (ADDRESS *to, ADDRESS *cc, ADDRESS *bcc)
     
     keylist_size += mutt_strlen (keyID) + 4;
     safe_realloc ((void **)&keylist, keylist_size);
-    sprintf (keylist + keylist_used, "%s0x%s", keylist_used ? " " : "",
+    sprintf (keylist + keylist_used, "%s0x%s", keylist_used ? " " : "",        /* __SPRINTF_CHECKED__ */
             keyID);
     keylist_used = mutt_strlen (keylist);
 

diff --git a/pgpkey.c b/pgpkey.c
index 6c365a9e1fe309ddf1b9d9811f62c1c39fc080cb..b8aab925f6d59aee32e72518ed33517c78372109 100644 (file)
--- a/pgpkey.c
+++ b/pgpkey.c
@@ -440,14 +440,14 @@ static pgp_key_t *pgp_select_key (pgp_key_t *keys,
 
   helpstr[0] = 0;
   mutt_make_help (buf, sizeof (buf), _("Exit  "), MENU_PGP, OP_EXIT);
-  strcat (helpstr, buf);
+  strcat (helpstr, buf);       /* __STRCAT_CHECKED__ */
   mutt_make_help (buf, sizeof (buf), _("Select  "), MENU_PGP,
                  OP_GENERIC_SELECT_ENTRY);
-  strcat (helpstr, buf);
+  strcat (helpstr, buf);       /* __STRCAT_CHECKED__ */
   mutt_make_help (buf, sizeof (buf), _("Check key  "), MENU_PGP, OP_VERIFY_KEY);
-  strcat (helpstr, buf);
+  strcat (helpstr, buf);       /* __STRCAT_CHECKED__ */
   mutt_make_help (buf, sizeof (buf), _("Help"), MENU_PGP, OP_HELP);
-  strcat (helpstr, buf);
+  strcat (helpstr, buf);       /* __STRCAT_CHECKED__ */
 
   menu = mutt_new_menu ();
   menu->max = keymax;

diff --git a/pop_lib.c b/pop_lib.c
index e0e32279a74a0b4c4709aea5835593682e1aca02..6cbf1eb2bed80cad41f5db0bc34a54c91526dcde 100644 (file)
--- a/pop_lib.c
+++ b/pop_lib.c
@@ -115,10 +115,10 @@ static int fetch_auth (char *line, void *data)
   else
   {
     safe_realloc ((void **) &pop_data->auth_list,
-           strlen (pop_data->auth_list) + strlen (line) + 1);
-    strcat (pop_data->auth_list, " ");
+           strlen (pop_data->auth_list) + strlen (line) + 2);
+    strcat (pop_data->auth_list, " "); /* __STRCAT_CHECKED__ */
   }
-  strcat (pop_data->auth_list, line);
+  strcat (pop_data->auth_list, line);  /* __STRCAT_CHECKED__ */
 
   return 0;
 }

diff --git a/protos.h b/protos.h
index f293dc19e78d5fbb445d4b8ff26662f911a7f4ae..acd600dec2407627f2ffd11a00f072821e3e673f 100644 (file)
--- a/protos.h
+++ b/protos.h
@@ -326,7 +326,7 @@ pid_t mutt_create_filter_fd (const char *, FILE **, FILE **, FILE **, int, int,
 ADDRESS *alias_reverse_lookup (ADDRESS *);
 
 /* base64.c */
-void mutt_to_base64 (unsigned char*, const unsigned char*, int);
+void mutt_to_base64 (unsigned char*, const unsigned char*, size_t, size_t);
 int mutt_from_base64 (char*, const char*);
 
 /* utf8.c */

diff --git a/query.c b/query.c
index cb0f734e27c692e7ee77f69e42e37060e7d38936..7a3cdbd6af4015fcae9701aaceed304ff52d82eb 100644 (file)
--- a/query.c
+++ b/query.c
@@ -434,7 +434,7 @@ static void query_menu (char *buf, size_t buflen, QUERY *results, int retbuf)
          }
          else if (curpos + 2 < buflen)
          {
-           strcat (buf, ", ");
+           strcat (buf, ", "); /* __STRCAT_CHECKED__ */
            rfc822_write_address ((char *) buf + curpos + 1, buflen - curpos - 1,
                                  result_to_addr(QueryTable[i].data));
            curpos = mutt_strlen (buf);

diff --git a/rfc2231.c b/rfc2231.c
index 35d39564153703e8eaa21f5a5fdd6657568a6c96..f98318adde4c81a48bc921e2ce1dc63bf60f198f 100644 (file)
--- a/rfc2231.c
+++ b/rfc2231.c
@@ -342,7 +342,7 @@ int rfc2231_encode_string (char **pd)
   if (encode)
   {
     e = safe_malloc (dlen + 2*ext + strlen (charset) + 3);
-    sprintf (e, "%s''", charset);
+    sprintf (e, "%s''", charset);      /* __SPRINTF_CHECKED__ */
     t = e + strlen (e);
     for (s = d, slen = dlen; slen; s++, slen--)
       if (*s < 0x20 || *s >= 0x7f ||

diff --git a/rfc822.c b/rfc822.c
index a9ee98bc13b69a0a99f3ad9e72c6f3f370a3f4b4..d22411bb1f58feaa075117c5093cd01645e8c2bf 100644 (file)
--- a/rfc822.c
+++ b/rfc822.c
@@ -498,7 +498,7 @@ void rfc822_qualify (ADDRESS *addr, const char *host)
     if (!addr->group && addr->mailbox && strchr (addr->mailbox, '@') == NULL)
     {
       p = safe_malloc (mutt_strlen (addr->mailbox) + mutt_strlen (host) + 2);
-      sprintf (p, "%s@%s", addr->mailbox, host);
+      sprintf (p, "%s@%s", addr->mailbox, host);       /* __SPRINTF_CHECKED__ */
       safe_free ((void **) &addr->mailbox);
       addr->mailbox = p;
     }

diff --git a/send.c b/send.c
index 0668a3c3f70334d55f793f6842ce3248c00cc149..ed0d3eff9766fdbec5fc25fd4137b482931d0dcd 100644 (file)
--- a/send.c
+++ b/send.c
@@ -590,7 +590,7 @@ void mutt_make_misc_reply_headers (ENVELOPE *env, CONTEXT *ctx,
   if (curenv->real_subj)
   {
     env->subject = safe_malloc (mutt_strlen (curenv->real_subj) + 5);
-    sprintf (env->subject, "Re: %s", curenv->real_subj);
+    sprintf (env->subject, "Re: %s", curenv->real_subj);       /* __SPRINTF_CHECKED__ */
   }
   else
     env->subject = safe_strdup ("Re: your mail");
@@ -909,7 +909,7 @@ ADDRESS *mutt_default_from (void)
   {
     adr = rfc822_new_address ();
     adr->mailbox = safe_malloc (mutt_strlen (Username) + mutt_strlen (fqdn) + 2);
-    sprintf (adr->mailbox, "%s@%s", NONULL(Username), NONULL(fqdn));
+    sprintf (adr->mailbox, "%s@%s", NONULL(Username), NONULL(fqdn));   /* __SPRINTF_CHECKED__ */
   }
   else
   {

diff --git a/sendlib.c b/sendlib.c
index 0efaf938169faf2ad3e543114df998a0b003bfb8..42ee234f33444a807e5a91409351045f2ff2870a 100644 (file)
--- a/sendlib.c
+++ b/sendlib.c
@@ -1652,9 +1652,9 @@ static void encode_headers (LIST *h)
       rfc2047_encode_string (&tmp);
       safe_realloc ((void **) &h->data, 
                    strlen (h->data) + 2 + strlen (tmp) + 1);
-      strcat (h->data, ": ");
-      strcat (h->data, tmp);
-      free (tmp);
+      strcat (h->data, ": ");  /* __STRCAT_CHECKED__ */
+      strcat (h->data, tmp);   /* __STRCAT_CHECKED__ */
+      safe_free ((void **) &tmp);
     }
   }
 }

diff --git a/snprintf.c b/snprintf.c
index e602e0e8097479472879532454d9b368f06c5a9c..5251bd65aecd4d79bb1d5ba16e7334501bfef40a 100644 (file)
--- a/snprintf.c
+++ b/snprintf.c
@@ -762,7 +762,7 @@ int main (void)
       sprintf (buf2, fp_fmt[x], fp_nums[y]);
       if (strcmp (buf1, buf2))
       {
-       printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf  = %s\n", 
+       printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf  = %s\n", /* __SPRINTF_CHECKED__ */
            fp_fmt[x], buf1, buf2);
        fail++;
       }
@@ -776,7 +776,7 @@ int main (void)
       sprintf (buf2, int_fmt[x], int_nums[y]);
       if (strcmp (buf1, buf2))
       {
-       printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf  = %s\n", 
+       printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf  = %s\n", /* __SPRINTF_CHECKED__ */
            int_fmt[x], buf1, buf2);
        fail++;
       }