File security1.diff of Package qpopper
--- common/logit.c
+++ common/logit.c
@@ -161,7 +161,7 @@
char whence [ 512 ];
int len;
- iLeft -= ( iChunk >= 0 ? iChunk : strlen(msgbuf) );
+ iLeft -= strlen(msgbuf);
len = Qsprintf ( whence, " [%s:%lu]", fn, ln );
strncat ( msgbuf, whence, iLeft );
msgbuf [ sizeof(msgbuf) -1 ] = '\0'; /* just to make sure */
@@ -191,7 +191,7 @@
syslog ( loglev, "%s", msgbuf) ;
}
- if ( iChunk == -1 ) {
+ if ( iChunk >= sizeof(msgbuf) - 1 ) {
/*
* We blew out the format buffer.
*/
--- common/snprintf.c
+++ common/snprintf.c
@@ -358,7 +358,12 @@
limit = atoi ( p );
}
else
- if ( nState == IN_FORM && bWidth == FALSE ) {
+ /* This statement originally had nState == IN_FORM
+ * but we never get here when in state IN_FORM.
+ * They probably meant IN_CONV.
+ * If you insist on re-inventing wheels, they invariably
+ * turn out to be bumpier that the original. --okir */
+ if ( nState == IN_CONV && bWidth == FALSE ) {
bWidth = TRUE;
width = atoi ( p );
}
--- popper/popauth.c
+++ popper/popauth.c
@@ -780,6 +780,8 @@
fprintf ( stderr, "%s: \"-%s\" unknown option\n", program, cp );
helpful();
case TRACESW:
+ if (getuid())
+ adios ( HERE, "you are not allowed to do that" );
debug++;
open_trace ( argv[1] );
argc--;