Overview

File hypermail-audit.patch of Package hypermail

diff -ru hypermail-2.2.0.orig/archive/mbox2hypermail.c hypermail-2.2.0/archive/mbox2hypermail.c
--- hypermail-2.2.0.orig/archive/mbox2hypermail.c	2003-02-17 16:50:24.000000000 +0100
+++ hypermail-2.2.0/archive/mbox2hypermail.c	2005-07-26 18:09:38.000000000 +0200
@@ -16,6 +16,7 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <fcntl.h>
 #include <unistd.h>
 #include <ctype.h>
 #include <string.h>
@@ -115,6 +116,7 @@
 
     int cntr;
     int first;
+    int msgfd;
 
     FILE *msgfp;
 
@@ -209,7 +211,12 @@
 		    system(cmdstr);
 
 		++cntr;
-		msgfp = efopen(msgfile, "w");
+    if((msgfd = open(msgfile, O_RDWR | O_CREAT | O_EXCL, 0600)) == -1)
+    {
+      fprintf(stderr, "Error while creating file '%d'\n", msgfile);
+      return;
+    }
+    msgfp = fdopen(msgfd, "w");
 	    }
 	}
 	(void)fputs(s, msgfp);
diff -ru hypermail-2.2.0.orig/src/parse.c hypermail-2.2.0/src/parse.c
--- hypermail-2.2.0.orig/src/parse.c	2004-05-25 03:38:08.000000000 +0200
+++ hypermail-2.2.0/src/parse.c	2005-07-26 18:09:38.000000000 +0200
@@ -1324,7 +1324,7 @@
     for ( ; fgets(line_buf, MAXLINE, fp) != NULL; 
 	  set_txtsuffix ? PushString(&raw_text_buf, line_buf) : 0) {
 #if DEBUG_PARSE
-	printf("IN: %s", line);
+	printf("IN: %s", line); /* AUDIT: biege: line points to NULL here! take care. */
 #endif 
 	if(set_append) {
 	    if(fputs(line_buf, fpo) < 0) {
diff -ru hypermail-2.2.0.orig/src/print.c hypermail-2.2.0/src/print.c
--- hypermail-2.2.0.orig/src/print.c	2004-03-25 03:19:16.000000000 +0100
+++ hypermail-2.2.0/src/print.c	2005-07-26 18:13:02.000000000 +0200
@@ -777,7 +777,7 @@
 	  }
 	  else
 	    is_first = TRUE;
-	  sprintf(date_str, "<li>%s<dfn>%s</dfn><ul>\n", 
+	  snprintf(date_str, sizeof(date_str), "<li>%s<dfn>%s</dfn><ul>\n", 
 		  (is_first) ? first_attributes : "", tmp);
 	  fprintf (fp, "%s", date_str);
 	  strcpy (prev_date_str, tmp);
@@ -2415,7 +2415,7 @@
 	else {
 	    startline = "<li>";
 	    break_str = "";
-	    sprintf(date_str, "<em>(%s)</em>", getindexdatestr(hp->data->date));
+	    snprintf(date_str, sizeof(date_str), "<em>(%s)</em>", getindexdatestr(hp->data->date));
 	    endline = "</li>";
 	}
 	fprintf(fp,
@@ -2563,7 +2563,7 @@
       else {
 	startline = "<li>";
 	break_str = "&nbsp;";
-	sprintf(date_str, "<em>(%s)</em>", getindexdatestr(hp->data->date));
+	snprintf(date_str, sizeof(date_str), "<em>(%s)</em>", getindexdatestr(hp->data->date));
 	endline = "</li>";
       }
       fprintf(fp,"%s%s%s</a>%s<a name=\"%d\">%s</a>%s\n",
diff -ru hypermail-2.2.0.orig/src/uudecode.c hypermail-2.2.0/src/uudecode.c
--- hypermail-2.2.0.orig/src/uudecode.c	2003-02-11 22:23:30.000000000 +0100
+++ hypermail-2.2.0/src/uudecode.c	2005-07-26 18:09:38.000000000 +0200
@@ -103,7 +103,7 @@
 	}
 
 	n = DEC(*p);
-	for (++p; n > 0; p += 4, n -= 3) {
+	for (++p; (n > 0) && (outlen < 80); p += 4, n -= 3) {
 	    if (n >= 3) {
 
 		if (!(IS_DEC(*p) && IS_DEC(*(p + 1)) && IS_DEC(*(p + 2)) && IS_DEC(*(p + 3))))
openSUSE Build Service is sponsored by
Places