Overview

File hypermail-audit.patch of Package hypermail

Index: hypermail-2.2.0.20070131/archive/mbox2hypermail.c
===================================================================
--- hypermail-2.2.0.20070131.orig/archive/mbox2hypermail.c
+++ hypermail-2.2.0.20070131/archive/mbox2hypermail.c
@@ -16,6 +16,7 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <fcntl.h>
 #include <unistd.h>
 #include <ctype.h>
 #include <string.h>
@@ -115,6 +116,7 @@ static void process_messages(char *flnam
 
     int cntr;
     int first;
+    int msgfd;
 
     FILE *msgfp;
 
@@ -209,7 +211,12 @@ static void process_messages(char *flnam
 		    system(cmdstr);
 
 		++cntr;
-		msgfp = efopen(msgfile, "w");
+    if((msgfd = open(msgfile, O_RDWR | O_CREAT | O_EXCL, 0600)) == -1)
+    {
+      fprintf(stderr, "Error while creating file '%d'\n", msgfile);
+      return;
+    }
+    msgfp = fdopen(msgfd, "w");
 	    }
 	}
 	(void)fputs(s, msgfp);
Index: hypermail-2.2.0.20070131/src/parse.c
===================================================================
--- hypermail-2.2.0.20070131.orig/src/parse.c
+++ hypermail-2.2.0.20070131/src/parse.c
@@ -1391,7 +1391,7 @@ int parsemail(char *mbox,	/* file name *
     for ( ; fgets(line_buf, MAXLINE, fp) != NULL; 
 	  set_txtsuffix ? PushString(&raw_text_buf, line_buf) : 0) {
 #if DEBUG_PARSE
-	printf("IN: %s", line);
+	printf("IN: %s", line); /* AUDIT: biege: line points to NULL here! take care. */
 #endif 
 	if(set_append) {
 	    if(fputs(line_buf, fpo) < 0) {
Index: hypermail-2.2.0.20070131/src/print.c
===================================================================
--- hypermail-2.2.0.20070131.orig/src/print.c
+++ hypermail-2.2.0.20070131/src/print.c
@@ -792,7 +792,7 @@ void printdates(FILE *fp, struct header
 	  }
 	  else
 	    is_first = TRUE;
-	  sprintf(date_str, "<li>%s<dfn>%s</dfn><ul>\n", 
+	  snprintf(date_str, sizeof(date_str), "<li>%s<dfn>%s</dfn><ul>\n", 
 		  (is_first) ? first_attributes : "", tmp);
 	  fprintf (fp, "%s", date_str);
 	  strcpy (prev_date_str, tmp);
@@ -2620,7 +2620,7 @@ void printsubjects(FILE *fp, struct head
 	else {
 	    startline = "<li>";
 	    break_str = "";
-	    sprintf(date_str, "<em>(%s)</em>", getindexdatestr(hp->data->date));
+	    snprintf(date_str, sizeof(date_str), "<em>(%s)</em>", getindexdatestr(hp->data->date));
 	    endline = "</li>";
 	}
 	fprintf(fp,
@@ -2775,7 +2775,7 @@ void printauthors(FILE *fp, struct heade
       else {
 	startline = "<li>";
 	break_str = "&nbsp;";
-	sprintf(date_str, "<em>(%s)</em>", getindexdatestr(hp->data->date));
+	snprintf(date_str, sizeof(date_str), "<em>(%s)</em>", getindexdatestr(hp->data->date));
 	endline = "</li>";
       }
       fprintf(fp,"%s%s%s</a>%s<a name=\"%d\" id=\"%d\">%s</a>%s\n",
Index: hypermail-2.2.0.20070131/src/uudecode.c
===================================================================
--- hypermail-2.2.0.20070131.orig/src/uudecode.c
+++ hypermail-2.2.0.20070131/src/uudecode.c
@@ -103,7 +103,7 @@ int uudecode(FILE *input,	/* get file da
 	}
 
 	n = DEC(*p);
-	for (++p; n > 0; p += 4, n -= 3) {
+	for (++p; (n > 0) && (outlen < 80); p += 4, n -= 3) {
 	    if (n >= 3) {
 
 		if (!(IS_DEC(*p) && IS_DEC(*(p + 1)) && IS_DEC(*(p + 2)) && IS_DEC(*(p + 3))))
openSUSE Build Service is sponsored by
Places