File security1.diff of Package qpopper
diff --git a/common/logit.c b/common/logit.c
index 883e465..10ebb53 100644
--- a/common/logit.c
+++ b/common/logit.c
@@ -160,8 +160,8 @@ vlogit ( FILE *str, /* STREAM to write to, or NULL for syslog */
if ( DEBUGGING && fn != NULL ) {
char whence [ 512 ];
int len;
-
- iLeft -= ( iChunk >= 0 ? iChunk : (int) strlen(msgbuf) );
+
+ iLeft -= strlen(msgbuf);
len = Qsprintf ( whence, " [%s:%zu]", fn, ln );
strncat ( msgbuf, whence, iLeft );
msgbuf [ sizeof(msgbuf) -1 ] = '\0'; /* just to make sure */
@@ -191,7 +191,7 @@ vlogit ( FILE *str, /* STREAM to write to, or NULL for syslog */
syslog ( loglev, "%s", msgbuf) ;
}
- if ( iChunk == -1 ) {
+ if ( iChunk >= sizeof(msgbuf) - 1 ) {
/*
* We blew out the format buffer.
*/
diff --git a/common/snprintf.c b/common/snprintf.c
index 047417e..07ac1c6 100644
--- a/common/snprintf.c
+++ b/common/snprintf.c
@@ -358,7 +358,12 @@ Qvsnprintf ( char *s, size_t n, const char *format, va_list ap )
limit = atoi ( p );
}
else
- if ( nState == IN_FORM && bWidth == FALSE ) {
+ /* This statement originally had nState == IN_FORM
+ * but we never get here when in state IN_FORM.
+ * They probably meant IN_CONV.
+ * If you insist on re-inventing wheels, they invariably
+ * turn out to be bumpier that the original. --okir */
+ if ( nState == IN_CONV && bWidth == FALSE ) {
bWidth = TRUE;
width = atoi ( p );
}
diff --git a/popper/popauth.c b/popper/popauth.c
index 012e997..b2fd447 100644
--- a/popper/popauth.c
+++ b/popper/popauth.c
@@ -788,6 +788,8 @@ char *argv[];
fprintf ( stderr, "%s: \"-%s\" unknown option\n", program, cp );
helpful();
case TRACESW:
+ if (getuid())
+ adios ( HERE, "you are not allowed to do that" );
debug++;
open_trace ( argv[1] );
argc--;