a915c6adbd
Fix buffer overflow and format string vulnerabilities. From an advisory by Ulf.Harnhammar.9485@student.uu.se.
86 lines
2.6 KiB
Plaintext
86 lines
2.6 KiB
Plaintext
$OpenBSD: patch-metamail_metamail_c,v 1.2 2004/02/28 20:19:48 naddy Exp $
|
|
--- metamail/metamail.c.orig 1994-02-17 02:57:19.000000000 +0100
|
|
+++ metamail/metamail.c 2004-02-28 18:37:27.000000000 +0100
|
|
@@ -29,7 +29,7 @@ WITHOUT ANY EXPRESS OR IMPLIED WARRANTIE
|
|
#ifdef BORLAND
|
|
#define F_OK 0
|
|
extern unsigned _stklen = 16384;
|
|
-extern char *mktemp(char *);
|
|
+extern char *mkstemp(char *);
|
|
#define WRITE_BINARY "w"
|
|
#else /* BORLAND */
|
|
#ifdef MICROSOFT
|
|
@@ -302,24 +302,6 @@ char **argv;
|
|
int retcode;
|
|
|
|
modpath(AUXPATH);
|
|
-#ifndef MSDOS
|
|
- signal(SIGINT, cleanup);
|
|
-#ifndef AMIGA
|
|
- signal(SIGILL, cleanup);
|
|
- signal(SIGTRAP, cleanup);
|
|
- signal(SIGIOT, cleanup);
|
|
- signal(SIGFPE, cleanup);
|
|
-#ifndef LINUX
|
|
- signal(SIGEMT, cleanup);
|
|
- signal(SIGBUS, cleanup);
|
|
-#endif
|
|
- signal(SIGSEGV, cleanup);
|
|
- signal(SIGTERM, cleanup);
|
|
-#endif
|
|
-#endif
|
|
-#ifdef SIGXCPU
|
|
- signal(SIGXCPU, cleanup);
|
|
-#endif
|
|
tmproot = getenv("METAMAIL_TMPDIR");
|
|
if (!tmproot) tmproot="/tmp";
|
|
mailheaders = getenv("MM_HEADERS");
|
|
@@ -1202,9 +1184,9 @@ char *SquirrelFile;
|
|
fprintf(outfp, "Content-type: %s", ContentType);
|
|
for (j=0; j<CParamsUsed; ++j) {
|
|
fprintf(outfp, " ; ");
|
|
- fprintf(outfp, CParams[j]);
|
|
+ fprintf(outfp, "%s", CParams[j]);
|
|
fprintf(outfp, " = ");
|
|
- fprintf(outfp, CParamValues[j]);
|
|
+ fprintf(outfp, "%s", CParamValues[j]);
|
|
}
|
|
fprintf(outfp, "\n\n");
|
|
TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType);
|
|
@@ -2022,7 +2004,7 @@ int ShowLeadingWhitespace;
|
|
if (lc2strcmp(charset, PrevCharset)) {
|
|
char *s2, *charsetinuse;
|
|
|
|
- strcpy(PrevCharset, charset);
|
|
+ strlcpy(PrevCharset, charset, sizeof(PrevCharset));
|
|
for (s2=PrevCharset; *s2; ++s2) {
|
|
if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2);
|
|
}
|
|
@@ -2032,7 +2014,7 @@ int ShowLeadingWhitespace;
|
|
}
|
|
}
|
|
if (ecode == ENCODING_NONE) {
|
|
- printf(txt+1);
|
|
+ printf("%s", txt+1);
|
|
} else {
|
|
/* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */
|
|
MkTmpFileName(TmpFile);
|
|
@@ -2489,14 +2471,14 @@ char *name;
|
|
{
|
|
#ifdef AMIGA
|
|
strcpy(name, "T:mmXXXXXX");
|
|
- mktemp(name);
|
|
+ close(mkstemp(name));
|
|
#else
|
|
#ifndef MSDOS
|
|
sprintf(name, "%s/mm.XXXXXX", tmproot);
|
|
- mktemp(name);
|
|
+ close(mkstemp(name));
|
|
#else
|
|
strcpy(name, "TXXXXXX");
|
|
- if (!mktemp(name))
|
|
+ if (!close(mkstemp(name)))
|
|
name[0] = 0;
|
|
else
|
|
if (DoDebug) printf("temp name = \"%s\"\n", name);
|