Overview

File sieve_relat-overflow.dif of Package cyrus-imapd

Index: cyrus-imapd-2.3.11/sieve/script.c
===================================================================
--- cyrus-imapd-2.3.11.orig/sieve/script.c
+++ cyrus-imapd-2.3.11/sieve/script.c
@@ -650,9 +650,9 @@ static int do_sieve_error(int ret,
     if ((ret != SIEVE_OK) && interp->err) {
 	char buf[1024];
 	if (lastaction == -1) /* we never executed an action */
-	    sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret));
+	    snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg : sieve_errstr(ret));
 	else
-	    sprintf(buf, "%s: %s", action_to_string(lastaction),
+	    snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction),
 		    errmsg ? errmsg : sieve_errstr(ret));
  
 	ret |= interp->execute_err(buf, interp->interp_context,
Index: cyrus-imapd-2.3.11/sieve/sieve.y
===================================================================
--- cyrus-imapd-2.3.11.orig/sieve/sieve.y
+++ cyrus-imapd-2.3.11/sieve/sieve.y
@@ -1133,7 +1133,7 @@ static int verify_relat(char *r)
 	else if (!strcmp(r, "ne")) {return NE;}
 	else if (!strcmp(r, "eq")) {return EQ;}
 	else{
-	  sprintf(errbuf, "flag '%s': not a valid relational operation", r);
+	  snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational operation", r);
 	  yyerror(errbuf);
 	  return -1;
 	}
Index: cyrus-imapd-2.3.11/sieve/bc_eval.c
===================================================================
--- cyrus-imapd-2.3.11.orig/sieve/bc_eval.c
+++ cyrus-imapd-2.3.11/sieve/bc_eval.c
@@ -481,7 +481,7 @@ static int eval_bc_test(sieve_interp_t *
 	int comparator=ntohl(bc[i+3].value);
 	int apart=ntohl(bc[i+4].value);
 	int count=0;
-	char scount[3];
+	char scount[21];
 	int isReg = (match==B_REGEX);
 	int ctag = 0;
 	regex_t *reg;
@@ -650,7 +650,7 @@ static int eval_bc_test(sieve_interp_t *
 	int relation=ntohl(bc[i+2].value);
 	int comparator=ntohl(bc[i+3].value);
 	int count=0;	
-	char scount[3];
+	char scount[21];
 	int isReg = (match==B_REGEX);
 	int ctag = 0;
 	regex_t *reg;
@@ -771,7 +771,7 @@ static int eval_bc_test(sieve_interp_t *
 	int transform=ntohl(bc[i+4].value);
 	/* ntohl(bc[i+5].value) is the now unused 'offset' */
 	int count=0;
-	char scount[3];
+	char scount[21];
 	int isReg = (match==B_REGEX);
 	int ctag = 0;
 	regex_t *reg;
openSUSE Build Service is sponsored by
Places