use of sscanf() had undefined behavior, replace with simple parsing instead

see #3636

diff --git a/pop.c b/pop.c
index 85c34d1d65cebaf09b98c3f4b13e3077e0d03777..90d95b907609b1fa1d8f38adb3863915f5e4bc40 100644 (file)
--- a/pop.c
+++ b/pop.c
@@ -33,6 +33,7 @@
 
 #include <string.h>
 #include <unistd.h>
+#include <errno.h>
 
 #ifdef USE_HCACHE
 #define HC_FNAME       "mutt"          /* filename for hcache as POP lacks paths */
@@ -141,8 +142,16 @@ static int fetch_uidl (char *line, void *data)
   int i, index;
   CONTEXT *ctx = (CONTEXT *)data;
   POP_DATA *pop_data = (POP_DATA *)ctx->data;
+  char *endp;
+
+  errno = 0;
+  index = strtol(line, &endp, 10);
+  if (errno)
+      return -1;
+  while (*endp == ' ')
+      endp++;
+  memmove(line, endp, strlen(endp) + 1);
 
-  sscanf (line, "%d %s", &index, line);
   for (i = 0; i < ctx->msgcount; i++)
     if (!mutt_strcmp (line, ctx->hdrs[i]->data))
       break;

diff --git a/pop_lib.c b/pop_lib.c
index 62fea35ac4f0a282a1d757d70eb3a2a1a158399c..b7baf700f4dea157d847add044fd7fe7b7bbd410 100644 (file)
--- a/pop_lib.c
+++ b/pop_lib.c
@@ -32,6 +32,7 @@
 #include <unistd.h>
 #include <ctype.h>
 #include <netdb.h>
+#include <errno.h>
 
 /* given an POP mailbox name, return host, port, username and password */
 int pop_parse_path (const char* path, ACCOUNT* acct)
@@ -523,8 +524,16 @@ static int check_uidl (char *line, void *data)
   int i;
   unsigned int index;
   CONTEXT *ctx = (CONTEXT *)data;
+  char *endp;
+
+  errno = 0;
+  index = strtoul(line, &endp, 10);
+  if (errno)
+      return -1;
+  while (*endp == ' ')
+      endp++;
+  memmove(line, endp, strlen(endp) + 1);
 
-  sscanf (line, "%u %s", &index, line);
   for (i = 0; i < ctx->msgcount; i++)
   {
     if (!mutt_strcmp (ctx->hdrs[i]->data, line))