From d5a336245304225932d3b5d18f82336bebb01efe Mon Sep 17 00:00:00 2001 From: Thomas Roessler Date: Mon, 8 Jan 2001 16:57:20 +0000 Subject: [PATCH] Fix and/or check more fishy code. --- base64.c | 12 +++++++----- browser.c | 17 ++++++++++------- check_sec.sh | 2 +- commands.c | 6 +++--- complete.c | 7 +++++-- copy.c | 2 +- curs_lib.c | 2 +- edit.c | 2 +- handler.c | 2 +- imap/auth_cram.c | 7 ++++--- imap/auth_gss.c | 7 ++++--- imap/imap.c | 24 ++++++++++++------------ imap/imap_private.h | 2 +- imap/message.c | 6 +++--- init.c | 2 +- intl/cat-compat.c | 4 ++-- lib.c | 4 ++-- pager.c | 8 ++++---- pgp.c | 2 +- pgpkey.c | 8 ++++---- pop_lib.c | 6 +++--- protos.h | 2 +- query.c | 2 +- rfc2231.c | 2 +- rfc822.c | 2 +- send.c | 4 ++-- sendlib.c | 6 +++--- snprintf.c | 4 ++-- 28 files changed, 82 insertions(+), 72 deletions(-) diff --git a/base64.c b/base64.c index 228a927e..0bcc865d 100644 --- a/base64.c +++ b/base64.c @@ -45,20 +45,22 @@ #define BAD -1 /* raw bytes to null-terminated base 64 string */ -void mutt_to_base64 (unsigned char *out, const unsigned char *in, int len) +void mutt_to_base64 (unsigned char *out, const unsigned char *in, size_t len, + size_t olen) { - while (len >= 3) + while (len >= 3 && olen > 10) { *out++ = B64Chars[in[0] >> 2]; *out++ = B64Chars[((in[0] << 4) & 0x30) | (in[1] >> 4)]; *out++ = B64Chars[((in[1] << 2) & 0x3c) | (in[2] >> 6)]; *out++ = B64Chars[in[2] & 0x3f]; - len -= 3; - in += 3; + olen -= 4; + len -= 3; + in += 3; } /* clean up remainder */ - if (len > 0) + if (len > 0 && olen > 4) { unsigned char fragment; diff --git a/browser.c b/browser.c index 486b0d36..cb2ee24e 100644 --- a/browser.c +++ b/browser.c @@ -176,7 +176,7 @@ folder_format_str (char *dest, size_t destlen, char op, const char *src, strfcpy (fn, folder->ff->name, sizeof(fn)); if (folder->ff->st != NULL) { - strcat (fn, S_ISLNK (folder->ff->st->st_mode) ? "@" : + strcat (fn, S_ISLNK (folder->ff->st->st_mode) ? "@" : /* __STRCAT_CHECKED__ */ (S_ISDIR (folder->ff->st->st_mode) ? "/" : ((folder->ff->st->st_mode & S_IXUSR) != 0 ? "*" : ""))); } @@ -566,7 +566,7 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num else { getcwd (LastDir, sizeof (LastDir)); - strcat (LastDir, "/"); + strcat (LastDir, "/"); /* __STRCAT_CHECKED__ */ strncat (LastDir, f, i); } } @@ -682,7 +682,7 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num if (mutt_strcmp (state.entry[menu->current].name, "..") == 0) { if (mutt_strcmp ("..", LastDir + mutt_strlen (LastDir) - 2) == 0) - strcat (LastDir, "/.."); + strcat (LastDir, "/.."); /* __STRCAT_CHECKED__ */ else { char *p = strrchr (LastDir + 1, '/'); @@ -694,13 +694,13 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num if (LastDir[0] == '/') LastDir[1] = 0; else - strcat (LastDir, "/.."); + strcat (LastDir, "/.."); /* __STRCAT_CHECKED__ */ } } } else if (buffy) { - sprintf (LastDir, "%s", state.entry[menu->current].name); + strfcpy (LastDir, state.entry[menu->current].name, sizeof (LastDir)); mutt_expand_path (LastDir, sizeof (LastDir)); } #ifdef USE_IMAP @@ -726,8 +726,11 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num } #endif else - sprintf (LastDir + mutt_strlen (LastDir), "/%s", - state.entry[menu->current].name); + { + char tmp[_POSIX_PATH_MAX]; + snprintf (tmp, sizeof (tmp), "%s/%s", LastDir, state.entry[menu->current].name); + strfcpy (LastDir, tmp, sizeof (LastDir)); + } destroy_state (&state); if (killPrefix) diff --git a/check_sec.sh b/check_sec.sh index d0c1b2f7..185752ac 100755 --- a/check_sec.sh +++ b/check_sec.sh @@ -20,7 +20,7 @@ do_check () do_check '\hdrs[n]); - strcat (tmp, "\n"); + strcat (tmp, "\n"); /* __STRCAT_CHECKED__ */ } if (*bufmax == *buflen) diff --git a/handler.c b/handler.c index 6e8e2e8d..9bf8cae1 100644 --- a/handler.c +++ b/handler.c @@ -588,7 +588,7 @@ static void enriched_flush (struct enriched_state *stte, int wrap) stte->line_max = stte->line_used; safe_realloc ((void **) &stte->line, stte->line_max + 1); } - strcat (stte->line, stte->buffer); + strcat (stte->line, stte->buffer); /* __STRCAT_CHECKED__ */ stte->line_len += stte->word_len; stte->word_len = 0; stte->buff_used = 0; diff --git a/imap/auth_cram.c b/imap/auth_cram.c index 54330c01..0528ccf1 100644 --- a/imap/auth_cram.c +++ b/imap/auth_cram.c @@ -33,7 +33,7 @@ static void hmac_md5 (const char* password, char* challenge, /* imap_auth_cram_md5: AUTH=CRAM-MD5 support. */ imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA* idata) { - char ibuf[LONG_STRING*4+10], obuf[LONG_STRING]; + char ibuf[LONG_STRING*2], obuf[LONG_STRING]; unsigned char hmac_response[MD5_DIGEST_LEN]; int len; int rc; @@ -102,8 +102,9 @@ imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA* idata) * plus the additional debris */ - mutt_to_base64 ((unsigned char*) ibuf, (unsigned char*) obuf, strlen (obuf)); - strcat (ibuf, "\r\n"); /* __STRCAT_CHECKED__ */ + mutt_to_base64 ((unsigned char*) ibuf, (unsigned char*) obuf, strlen (obuf), + sizeof (ibuf) - 2); + strncat (ibuf, "\r\n", sizeof (ibuf)); mutt_socket_write (idata->conn, ibuf); do diff --git a/imap/auth_gss.c b/imap/auth_gss.c index 9723cefe..3b14f361 100644 --- a/imap/auth_gss.c +++ b/imap/auth_gss.c @@ -134,9 +134,9 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA* idata) /* send token */ mutt_to_base64 ((unsigned char*) buf1, send_token.value, - send_token.length); + send_token.length, sizeof (buf1) - 2); gss_release_buffer (&min_stat, &send_token); - strcat (buf1, "\r\n"); + strncat (buf1, "\r\n", sizeof (buf1)); mutt_socket_write (idata->conn, buf1); if (maj_stat == GSS_S_CONTINUE_NEEDED) @@ -222,7 +222,8 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA* idata) goto bail; } - mutt_to_base64 ((unsigned char*) buf1, send_token.value, send_token.length); + mutt_to_base64 ((unsigned char*) buf1, send_token.value, send_token.length, + sizeof (buf1) - 2); dprint (2, (debugfile, "Requesting authorisation as %s\n", idata->conn->account.user)); strncat (buf1, "\r\n", sizeof (buf1)); diff --git a/imap/imap.c b/imap/imap.c index 3302e91b..4945952f 100644 --- a/imap/imap.c +++ b/imap/imap.c @@ -43,7 +43,7 @@ static char* imap_get_flags (LIST** hflags, char* s); static int imap_check_acl (IMAP_DATA *idata); static int imap_check_capabilities (IMAP_DATA* idata); static void imap_set_flag (IMAP_DATA* idata, int aclbit, int flag, - const char* str, char* flags); + const char* str, char* flags, size_t flsize); int imap_create_mailbox (IMAP_DATA* idata, char* mailbox) { @@ -722,11 +722,11 @@ int imap_close_connection (CONTEXT *ctx) /* imap_set_flag: append str to flags if we currently have permission * according to aclbit */ static void imap_set_flag (IMAP_DATA* idata, int aclbit, int flag, - const char *str, char *flags) + const char *str, char *flags, size_t flsize) { if (mutt_bit_isset (idata->rights, aclbit)) if (flag) - strcat (flags, str); + strncat (flags, str, flsize); } /* imap_make_msg_set: make an IMAP4rev1 UID message set out of a set of @@ -896,17 +896,17 @@ int imap_sync_mailbox (CONTEXT* ctx, int expunge, int* index_hint) flags[0] = '\0'; imap_set_flag (idata, IMAP_ACL_SEEN, ctx->hdrs[n]->read, "\\Seen ", - flags); + flags, sizeof (flags)); imap_set_flag (idata, IMAP_ACL_WRITE, ctx->hdrs[n]->flagged, - "\\Flagged ", flags); + "\\Flagged ", flags, sizeof (flags)); imap_set_flag (idata, IMAP_ACL_WRITE, ctx->hdrs[n]->replied, - "\\Answered ", flags); + "\\Answered ", flags, sizeof (flags)); imap_set_flag (idata, IMAP_ACL_DELETE, ctx->hdrs[n]->deleted, - "\\Deleted ", flags); + "\\Deleted ", flags, sizeof (flags)); /* now make sure we don't lose custom tags */ if (mutt_bit_isset (idata->rights, IMAP_ACL_WRITE)) - imap_add_keywords (flags, ctx->hdrs[n], idata->flags); + imap_add_keywords (flags, ctx->hdrs[n], idata->flags, sizeof (flags)); mutt_remove_trailing_ws (flags); @@ -914,10 +914,10 @@ int imap_sync_mailbox (CONTEXT* ctx, int expunge, int* index_hint) * explicitly revoke all system flags (if we have permission) */ if (!*flags) { - imap_set_flag (idata, IMAP_ACL_SEEN, 1, "\\Seen ", flags); - imap_set_flag (idata, IMAP_ACL_WRITE, 1, "\\Flagged ", flags); - imap_set_flag (idata, IMAP_ACL_WRITE, 1, "\\Answered ", flags); - imap_set_flag (idata, IMAP_ACL_DELETE, 1, "\\Deleted ", flags); + imap_set_flag (idata, IMAP_ACL_SEEN, 1, "\\Seen ", flags, sizeof (flags)); + imap_set_flag (idata, IMAP_ACL_WRITE, 1, "\\Flagged ", flags, sizeof (flags)); + imap_set_flag (idata, IMAP_ACL_WRITE, 1, "\\Answered ", flags, sizeof (flags)); + imap_set_flag (idata, IMAP_ACL_DELETE, 1, "\\Deleted ", flags, sizeof (flags)); mutt_remove_trailing_ws (flags); diff --git a/imap/imap_private.h b/imap/imap_private.h index 5e2bac23..84d045da 100644 --- a/imap/imap_private.h +++ b/imap/imap_private.h @@ -195,7 +195,7 @@ int imap_code (const char* s); int imap_exec (IMAP_DATA* idata, const char* cmd, int flags); /* message.c */ -void imap_add_keywords (char* s, HEADER* keywords, LIST* mailbox_flags); +void imap_add_keywords (char* s, HEADER* keywords, LIST* mailbox_flags, size_t slen); void imap_free_header_data (void** data); int imap_read_headers (IMAP_DATA* idata, int msgbegin, int msgend); diff --git a/imap/message.c b/imap/message.c index 071b2e8d..9946778c 100644 --- a/imap/message.c +++ b/imap/message.c @@ -623,7 +623,7 @@ int imap_copy_messages (CONTEXT* ctx, HEADER* h, char* dest, int delete) /* imap_add_keywords: concatenate custom IMAP tags to list, if they * appear in the folder flags list. Why wouldn't they? */ -void imap_add_keywords (char* s, HEADER* h, LIST* mailbox_flags) +void imap_add_keywords (char* s, HEADER* h, LIST* mailbox_flags, size_t slen) { LIST *keywords; @@ -636,8 +636,8 @@ void imap_add_keywords (char* s, HEADER* h, LIST* mailbox_flags) { if (msg_has_flag (mailbox_flags, keywords->data)) { - strcat (s, keywords->data); - strcat (s, " "); + strncat (s, keywords->data, slen); + strncat (s, " ", slen); } keywords = keywords->next; } diff --git a/init.c b/init.c index 12ce342e..e2c7921e 100644 --- a/init.c +++ b/init.c @@ -1758,7 +1758,7 @@ void mutt_init (int skip_sys_rc, LIST *commands) if (*DOMAIN != '@') { Fqdn = safe_malloc (mutt_strlen (DOMAIN) + mutt_strlen (Hostname) + 2); - sprintf (Fqdn, "%s.%s", NONULL(Hostname), DOMAIN); + sprintf (Fqdn, "%s.%s", NONULL(Hostname), DOMAIN); /* __SPRINTF_CHECKED__ */ } else Fqdn = safe_strdup(NONULL(Hostname)); diff --git a/intl/cat-compat.c b/intl/cat-compat.c index 7a25fcfd..c32f6669 100644 --- a/intl/cat-compat.c +++ b/intl/cat-compat.c @@ -115,8 +115,8 @@ textdomain (domainname) if (new_catalog == (nl_catd) -1) { /* NLSPATH search didn't work, try absolute path */ - sprintf (new_name, "%s/%s/LC_MESSAGES/%s.cat", LOCALEDIR, lang, - PACKAGE); /* __SPRINTF_CHECKED__ - sort of... */ + sprintf (new_name, "%s/%s/LC_MESSAGES/%s.cat", LOCALEDIR, lang, /* __SPRINTF_CHECKED__ - sort of... */ + PACKAGE); new_catalog = catopen (new_name, 0); if (new_catalog == (nl_catd) -1) diff --git a/lib.c b/lib.c index c9f307da..27f4f823 100644 --- a/lib.c +++ b/lib.c @@ -261,8 +261,8 @@ int safe_symlink(const char *oldpath, const char *newpath) (strlen (abs_oldpath) + 1 + strlen (oldpath) + 1 > sizeof abs_oldpath)) return -1; - strcat (abs_oldpath, "/"); - strcat (abs_oldpath, oldpath); + strcat (abs_oldpath, "/"); /* __STRCAT_CHECKED__ */ + strcat (abs_oldpath, oldpath); /* __STRCAT_CHECKED__ */ if (symlink (abs_oldpath, newpath) == -1) return -1; } diff --git a/pager.c b/pager.c index eb4d9b56..ed4f2c03 100644 --- a/pager.c +++ b/pager.c @@ -1454,14 +1454,14 @@ mutt_pager (const char *banner, const char *fname, int flags, pager_t *extra) if (IsHeader (extra)) { mutt_compile_help (buffer, sizeof (buffer), MENU_PAGER, PagerHelpExtra); - strcat (helpstr, " "); - strcat (helpstr, buffer); + strcat (helpstr, " "); /* __STRCAT_CHECKED__ */ /* we don't seem to have any user-supplied data here */ + strcat (helpstr, buffer); /* __STRCAT_CHECKED__ */ } if (!InHelp) { mutt_make_help (buffer, sizeof (buffer), _("Help"), MENU_PAGER, OP_HELP); - strcat (helpstr, " "); - strcat (helpstr, buffer); + strcat (helpstr, " "); /* __STRCAT_CHECKED__ */ /* we don't seem to have any user-supplied data here */ + strcat (helpstr, buffer); /* __STRCAT_CHECKED__ */ } while (ch != -1) diff --git a/pgp.c b/pgp.c index d891e71f..1caf98e9 100644 --- a/pgp.c +++ b/pgp.c @@ -1261,7 +1261,7 @@ char *pgp_findKeys (ADDRESS *to, ADDRESS *cc, ADDRESS *bcc) keylist_size += mutt_strlen (keyID) + 4; safe_realloc ((void **)&keylist, keylist_size); - sprintf (keylist + keylist_used, "%s0x%s", keylist_used ? " " : "", + sprintf (keylist + keylist_used, "%s0x%s", keylist_used ? " " : "", /* __SPRINTF_CHECKED__ */ keyID); keylist_used = mutt_strlen (keylist); diff --git a/pgpkey.c b/pgpkey.c index 6c365a9e..b8aab925 100644 --- a/pgpkey.c +++ b/pgpkey.c @@ -440,14 +440,14 @@ static pgp_key_t *pgp_select_key (pgp_key_t *keys, helpstr[0] = 0; mutt_make_help (buf, sizeof (buf), _("Exit "), MENU_PGP, OP_EXIT); - strcat (helpstr, buf); + strcat (helpstr, buf); /* __STRCAT_CHECKED__ */ mutt_make_help (buf, sizeof (buf), _("Select "), MENU_PGP, OP_GENERIC_SELECT_ENTRY); - strcat (helpstr, buf); + strcat (helpstr, buf); /* __STRCAT_CHECKED__ */ mutt_make_help (buf, sizeof (buf), _("Check key "), MENU_PGP, OP_VERIFY_KEY); - strcat (helpstr, buf); + strcat (helpstr, buf); /* __STRCAT_CHECKED__ */ mutt_make_help (buf, sizeof (buf), _("Help"), MENU_PGP, OP_HELP); - strcat (helpstr, buf); + strcat (helpstr, buf); /* __STRCAT_CHECKED__ */ menu = mutt_new_menu (); menu->max = keymax; diff --git a/pop_lib.c b/pop_lib.c index e0e32279..6cbf1eb2 100644 --- a/pop_lib.c +++ b/pop_lib.c @@ -115,10 +115,10 @@ static int fetch_auth (char *line, void *data) else { safe_realloc ((void **) &pop_data->auth_list, - strlen (pop_data->auth_list) + strlen (line) + 1); - strcat (pop_data->auth_list, " "); + strlen (pop_data->auth_list) + strlen (line) + 2); + strcat (pop_data->auth_list, " "); /* __STRCAT_CHECKED__ */ } - strcat (pop_data->auth_list, line); + strcat (pop_data->auth_list, line); /* __STRCAT_CHECKED__ */ return 0; } diff --git a/protos.h b/protos.h index f293dc19..acd600de 100644 --- a/protos.h +++ b/protos.h @@ -326,7 +326,7 @@ pid_t mutt_create_filter_fd (const char *, FILE **, FILE **, FILE **, int, int, ADDRESS *alias_reverse_lookup (ADDRESS *); /* base64.c */ -void mutt_to_base64 (unsigned char*, const unsigned char*, int); +void mutt_to_base64 (unsigned char*, const unsigned char*, size_t, size_t); int mutt_from_base64 (char*, const char*); /* utf8.c */ diff --git a/query.c b/query.c index cb0f734e..7a3cdbd6 100644 --- a/query.c +++ b/query.c @@ -434,7 +434,7 @@ static void query_menu (char *buf, size_t buflen, QUERY *results, int retbuf) } else if (curpos + 2 < buflen) { - strcat (buf, ", "); + strcat (buf, ", "); /* __STRCAT_CHECKED__ */ rfc822_write_address ((char *) buf + curpos + 1, buflen - curpos - 1, result_to_addr(QueryTable[i].data)); curpos = mutt_strlen (buf); diff --git a/rfc2231.c b/rfc2231.c index 35d39564..f98318ad 100644 --- a/rfc2231.c +++ b/rfc2231.c @@ -342,7 +342,7 @@ int rfc2231_encode_string (char **pd) if (encode) { e = safe_malloc (dlen + 2*ext + strlen (charset) + 3); - sprintf (e, "%s''", charset); + sprintf (e, "%s''", charset); /* __SPRINTF_CHECKED__ */ t = e + strlen (e); for (s = d, slen = dlen; slen; s++, slen--) if (*s < 0x20 || *s >= 0x7f || diff --git a/rfc822.c b/rfc822.c index a9ee98bc..d22411bb 100644 --- a/rfc822.c +++ b/rfc822.c @@ -498,7 +498,7 @@ void rfc822_qualify (ADDRESS *addr, const char *host) if (!addr->group && addr->mailbox && strchr (addr->mailbox, '@') == NULL) { p = safe_malloc (mutt_strlen (addr->mailbox) + mutt_strlen (host) + 2); - sprintf (p, "%s@%s", addr->mailbox, host); + sprintf (p, "%s@%s", addr->mailbox, host); /* __SPRINTF_CHECKED__ */ safe_free ((void **) &addr->mailbox); addr->mailbox = p; } diff --git a/send.c b/send.c index 0668a3c3..ed0d3eff 100644 --- a/send.c +++ b/send.c @@ -590,7 +590,7 @@ void mutt_make_misc_reply_headers (ENVELOPE *env, CONTEXT *ctx, if (curenv->real_subj) { env->subject = safe_malloc (mutt_strlen (curenv->real_subj) + 5); - sprintf (env->subject, "Re: %s", curenv->real_subj); + sprintf (env->subject, "Re: %s", curenv->real_subj); /* __SPRINTF_CHECKED__ */ } else env->subject = safe_strdup ("Re: your mail"); @@ -909,7 +909,7 @@ ADDRESS *mutt_default_from (void) { adr = rfc822_new_address (); adr->mailbox = safe_malloc (mutt_strlen (Username) + mutt_strlen (fqdn) + 2); - sprintf (adr->mailbox, "%s@%s", NONULL(Username), NONULL(fqdn)); + sprintf (adr->mailbox, "%s@%s", NONULL(Username), NONULL(fqdn)); /* __SPRINTF_CHECKED__ */ } else { diff --git a/sendlib.c b/sendlib.c index 0efaf938..42ee234f 100644 --- a/sendlib.c +++ b/sendlib.c @@ -1652,9 +1652,9 @@ static void encode_headers (LIST *h) rfc2047_encode_string (&tmp); safe_realloc ((void **) &h->data, strlen (h->data) + 2 + strlen (tmp) + 1); - strcat (h->data, ": "); - strcat (h->data, tmp); - free (tmp); + strcat (h->data, ": "); /* __STRCAT_CHECKED__ */ + strcat (h->data, tmp); /* __STRCAT_CHECKED__ */ + safe_free ((void **) &tmp); } } } diff --git a/snprintf.c b/snprintf.c index e602e0e8..5251bd65 100644 --- a/snprintf.c +++ b/snprintf.c @@ -762,7 +762,7 @@ int main (void) sprintf (buf2, fp_fmt[x], fp_nums[y]); if (strcmp (buf1, buf2)) { - printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf = %s\n", + printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf = %s\n", /* __SPRINTF_CHECKED__ */ fp_fmt[x], buf1, buf2); fail++; } @@ -776,7 +776,7 @@ int main (void) sprintf (buf2, int_fmt[x], int_nums[y]); if (strcmp (buf1, buf2)) { - printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf = %s\n", + printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf = %s\n", /* __SPRINTF_CHECKED__ */ int_fmt[x], buf1, buf2); fail++; } -- 2.40.0