[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: kdepim buffers patch
From: Steve G <linux_4ever () yahoo ! com>
Date: 2004-12-31 20:44:23
Message-ID: 20041231204423.80145.qmail () web50608 ! mail ! yahoo ! com
[Download RAW message or body]
Hi,
I was using Korganizer to look at an .ics file and it crashed. I investigated
the problem and found that a buffer was not big enough to hold the text being
created via sprintf. The fact that sprintf was being used and not snprintf
caused a great deal of concern since kdepim handles files from untrusted sources.
I decided to review all places that were using sprintf in kdepim and found
several places where the wrong sized buffer was used. I also found one case
where sprintf was being called directly on the arguments without a "%s" !
To briefly go over the wrong sized buffers (please refer to the attached patch):
libical/src/libical/icaltime.c This is not exploitable as it writes to the
heap in a formatted way. It *will* crash korganizer. 26 bytes are needed as a
minimum according to ctime man page.
libical/src/libical/icalvalue.c There's 2 overflows here. In both cases the
overflow involves printing a floating point number. The buffers overflowed
seem to be on the heap as well. I think this is hard to exploit as you would
be limited to ascii values for digits. I allow 40 bytes for %f. 1 for the sign,
30 for the whole number, 1 for the decimal point, and 6 for the fraction.
libical/src/libical/sspm.c This is a 1 byte overflow is on the stack. I traced
it's callers and it seems related to multi-part write and mime-write. It also
turns out the only caller of this in kdepim is a mime test function. Unless
the function is called indirectly or by another kde application that's not in
kdepim, this overflow never comes into play.
Attached is a patch that removes almost all sprintf's in favor of snprintf and
expands the size of the above mentioned buffers to make sure they are big enough.
There very well may be other overflows because of MAX_PATH being 4096 and file
name buffers seem to be 256 bytes in kdepim. snprintf at least keeps the stack
from being hammered.
Thanks,
-Steve Grubb
__________________________________
Do you Yahoo!?
Jazz up your holiday email with celebrity designs. Learn more.
http://celebrity.mail.yahoo.com
["kdepim-3.3.1-buffer.patch" (text/x-patch)]
diff -ur kdepim-3.3.1.orig/korganizer/plugins/holidays/parseholiday.c \
kdepim-3.3.1/korganizer/plugins/holidays/parseholiday.c
--- kdepim-3.3.1.orig/korganizer/plugins/holidays/parseholiday.c 2004-12-07 \
10:49:37.000000000 -0500
+++ kdepim-3.3.1/korganizer/plugins/holidays/parseholiday.c 2004-12-08 \
11:16:45.017365216 -0500 @@ -1392,7 +1392,7 @@
fprintf(stderr, "%s: %s in line %d of %s\n", progname,
msg, kcallineno+1, filename);
if (!*errormsg)
- sprintf(errormsg,
+ snprintf(errormsg, sizeof(errormsg),
"Problem with holiday file %s:\n%.80s in line %d",
filename, msg, kcallineno+1);
}
@@ -1750,7 +1750,7 @@
progname, pathbuf, path);
home = ".";
}
- sprintf(pathbuf, "%s/%s", home, path+1);
+ snprintf(pathbuf, sizeof(pathbuf), "%s/%s", home, path+1);
return(pathbuf);
}
diff -ur kdepim-3.3.1.orig/libical/src/libical/icalderivedvalue.c.in \
kdepim-3.3.1/libical/src/libical/icalderivedvalue.c.in
--- kdepim-3.3.1.orig/libical/src/libical/icalderivedvalue.c.in 2004-12-07 \
10:49:41.000000000 -0500
+++ kdepim-3.3.1/libical/src/libical/icalderivedvalue.c.in 2004-12-08 \
11:47:21.229218584 -0500 @@ -39,7 +39,7 @@
#include "icalvalueimpl.h"
#include <stdlib.h> /* for malloc */
-#include <stdio.h> /* for sprintf */
+#include <stdio.h> /* for snprintf */
#include <string.h> /* For memset, others */
#include <stddef.h> /* For offsetof() macro */
#include <errno.h>
diff -ur kdepim-3.3.1.orig/libical/src/libical/icalduration.c \
kdepim-3.3.1/libical/src/libical/icalduration.c
--- kdepim-3.3.1.orig/libical/src/libical/icalduration.c 2004-12-07 \
10:49:41.000000000 -0500
+++ kdepim-3.3.1/libical/src/libical/icalduration.c 2004-12-08 11:49:17.718509520 \
-0500 @@ -198,7 +198,7 @@
char temp[TMP_BUF_SIZE];
- sprintf(temp,"%d",value);
+ snprintf(temp,sizeof(temp),"%d",value);
icalmemory_append_string(buf, buf_ptr, buf_size, temp);
icalmemory_append_string(buf, buf_ptr, buf_size, sep);
diff -ur kdepim-3.3.1.orig/libical/src/libical/icalmime.c \
kdepim-3.3.1/libical/src/libical/icalmime.c
--- kdepim-3.3.1.orig/libical/src/libical/icalmime.c 2004-12-07 10:49:41.000000000 \
-0500
+++ kdepim-3.3.1/libical/src/libical/icalmime.c 2004-12-08 11:17:58.413207352 -0500
@@ -195,7 +195,7 @@
minor = parts[i].header.minor_text;
}
- sprintf(mimetype,"%s/%s",major,minor);
+ snprintf(mimetype,sizeof(mimetype),"%s/%s",major,minor);
comp = icalcomponent_new(ICAL_XLICMIMEPART_COMPONENT);
diff -ur kdepim-3.3.1.orig/libical/src/libical/icalparser.c \
kdepim-3.3.1/libical/src/libical/icalparser.c
--- kdepim-3.3.1.orig/libical/src/libical/icalparser.c 2004-12-07 10:49:41.000000000 \
-0500
+++ kdepim-3.3.1/libical/src/libical/icalparser.c 2004-12-08 11:19:19.729845344 -0500
@@ -49,7 +49,7 @@
#include "icalcomponent.h"
#include <string.h> /* For strncpy & size_t */
-#include <stdio.h> /* For FILE and fgets and sprintf */
+#include <stdio.h> /* For FILE and fgets and snprintf */
#include <stdlib.h> /* for free */
@@ -933,7 +933,7 @@
icalproperty_kind prop_kind = icalproperty_isa(prop);
icalcomponent* tail = pvl_data(pvl_tail(impl->components));
- sprintf(temp,"Cant parse as %s value in %s property. Removing entire property",
+ snprintf(temp,sizeof(temp),"Cant parse as %s value in %s property. Removing entire \
property", icalvalue_kind_to_string(value_kind),
icalproperty_kind_to_string(prop_kind));
@@ -961,7 +961,7 @@
icalproperty_kind prop_kind = icalproperty_isa(prop);
icalcomponent *tail = pvl_data(pvl_tail(impl->components));
- sprintf(temp,"No value for %s property. Removing entire property",
+ snprintf(temp,sizeof(temp),"No value for %s property. Removing entire property",
icalproperty_kind_to_string(prop_kind));
insert_error(tail, str, temp,
diff -ur kdepim-3.3.1.orig/libical/src/libical/icalrecur.c \
kdepim-3.3.1/libical/src/libical/icalrecur.c
--- kdepim-3.3.1.orig/libical/src/libical/icalrecur.c 2004-12-07 10:49:41.000000000 \
-0500
+++ kdepim-3.3.1/libical/src/libical/icalrecur.c 2004-12-08 11:48:46.796210424 -0500
@@ -488,13 +488,13 @@
}
if(recur->count != 0){
- sprintf(temp,"%d",recur->count);
+ snprintf(temp,sizeof(temp),"%d",recur->count);
icalmemory_append_string(&str,&str_p,&buf_sz,";COUNT=");
icalmemory_append_string(&str,&str_p,&buf_sz, temp);
}
if(recur->interval != 0){
- sprintf(temp,"%d",recur->interval);
+ snprintf(temp,sizeof(temp),"%d",recur->interval);
icalmemory_append_string(&str,&str_p,&buf_sz,";INTERVAL=");
icalmemory_append_string(&str,&str_p,&buf_sz, temp);
}
@@ -521,12 +521,12 @@
if (pos == 0)
icalmemory_append_string(&str,&str_p,&buf_sz,daystr);
else {
- sprintf(temp,"%d%s",pos,daystr);
+ snprintf(temp,sizeof(temp),"%d%s",pos,daystr);
icalmemory_append_string(&str,&str_p,&buf_sz,temp);
}
} else {
- sprintf(temp,"%d",array[i]);
+ snprintf(temp,sizeof(temp),"%d",array[i]);
icalmemory_append_string(&str,&str_p,&buf_sz, temp);
}
diff -ur kdepim-3.3.1.orig/libical/src/libical/icaltime.c \
kdepim-3.3.1/libical/src/libical/icaltime.c
--- kdepim-3.3.1.orig/libical/src/libical/icaltime.c 2004-12-07 10:49:41.000000000 \
-0500
+++ kdepim-3.3.1/libical/src/libical/icaltime.c 2004-12-08 11:23:56.583757152 -0500
@@ -341,13 +341,13 @@
}
#endif
-char ctime_str[20];
+static char ctime_str[28];
char* icaltime_as_ctime(struct icaltimetype t)
{
time_t tt;
tt = icaltime_as_timet(t);
- sprintf(ctime_str,"%s",ctime(&tt));
+ snprintf(ctime_str,sizeof(ctime_str),"%s",ctime(&tt));
ctime_str[strlen(ctime_str)-1] = 0;
@@ -355,7 +355,7 @@
}
-short days_in_month[] = {0,31,28,31,30,31,30,31,31,30,31,30,31};
+static const short days_in_month[] = {0,31,28,31,30,31,30,31,31,30,31,30,31};
short icaltime_days_in_month(short month,short year)
{
diff -ur kdepim-3.3.1.orig/libical/src/libical/icalvalue.c \
kdepim-3.3.1/libical/src/libical/icalvalue.c
--- kdepim-3.3.1.orig/libical/src/libical/icalvalue.c 2004-12-07 10:49:41.000000000 \
-0500
+++ kdepim-3.3.1/libical/src/libical/icalvalue.c 2004-12-08 11:51:58.425078408 -0500
@@ -38,7 +38,7 @@
#include "icalvalueimpl.h"
#include <stdlib.h> /* for malloc */
-#include <stdio.h> /* for sprintf */
+#include <stdio.h> /* for snprintf */
#include <string.h> /* For memset, others */
#include <stddef.h> /* For offsetof() macro */
#include <errno.h>
@@ -269,7 +269,7 @@
if (error != 0){
char temp[TMP_BUF_SIZE];
- sprintf(temp,"%s Values are not implemented",
+ snprintf(temp,sizeof(temp),"%s Values are not implemented",
icalparameter_kind_to_string(kind));
*error = icalproperty_vanew_xlicerror(
temp,
@@ -351,7 +351,7 @@
if (error != 0){
char temp[TMP_BUF_SIZE];
- sprintf(temp,"GEO Values are not implemented");
+ strcpy(temp,"GEO Values are not implemented");
*error = icalproperty_vanew_xlicerror(
temp,
\
icalparameter_new_xlicerrortype( @@ -573,7 +573,7 @@
data = icalvalue_get_binary(value);
str = (char*)icalmemory_tmp_buffer(60);
- sprintf(str,"icalvalue_binary_as_ical_string is not implemented yet");
+ strcpy(str,"icalvalue_binary_as_ical_string is not implemented yet");
return str;
}
@@ -614,7 +614,7 @@
m = (data - (h*3600))/ 60;
s = (data - (h*3600) - (m*60));
- sprintf(str,"%c%02d%02d%02d",sign,abs(h),abs(m),abs(s));
+ snprintf(str,9,"%c%02d%02d%02d",sign,abs(h),abs(m),abs(s));
return str;
}
@@ -771,9 +771,9 @@
char temp[20];
if (data->is_utc == 1){
- sprintf(temp,"%02d%02d%02dZ",data->hour,data->minute,data->second);
+ snprintf(temp,sizeof(temp),"%02d%02d%02dZ",data->hour,data->minute,data->second);
} else {
- sprintf(temp,"%02d%02d%02d",data->hour,data->minute,data->second);
+ snprintf(temp,sizeof(temp),"%02d%02d%02d",data->hour,data->minute,data->second);
}
strcat(str,temp);
@@ -784,7 +784,7 @@
{
char temp[20];
- sprintf(temp,"%04d%02d%02d",data->year,data->month,data->day);
+ snprintf(temp,sizeof(temp),"%04d%02d%02d",data->year,data->month,data->day);
strcat(str,temp);
}
@@ -847,9 +847,9 @@
icalerror_check_arg_rz( (value!=0),"value");
data = icalvalue_get_float(value);
- str = (char*)icalmemory_tmp_buffer(15);
+ str = (char*)icalmemory_tmp_buffer(40);
- sprintf(str,"%f",data);
+ snprintf(str,40,"%f",data);
return str;
}
@@ -862,9 +862,9 @@
data = icalvalue_get_geo(value);
- str = (char*)icalmemory_tmp_buffer(25);
+ str = (char*)icalmemory_tmp_buffer(80);
- sprintf(str,"%f;%f",data.lat,data.lon);
+ snprintf(str,80,"%f;%f",data.lat,data.lon);
return str;
}
diff -ur kdepim-3.3.1.orig/libical/src/libical/sspm.c \
kdepim-3.3.1/libical/src/libical/sspm.c
--- kdepim-3.3.1.orig/libical/src/libical/sspm.c 2004-12-07 10:49:41.000000000 -0500
+++ kdepim-3.3.1/libical/src/libical/sspm.c 2004-12-08 11:27:27.036763432 -0500
@@ -1243,9 +1243,9 @@
void sspm_append_hex(struct sspm_buffer* buf, char ch)
{
- char tmp[3];
+ char tmp[4];
- sprintf(tmp,"=%02X",ch);
+ snprintf(tmp,sizeof(tmp),"=%02X",ch);
sspm_append_string(buf,tmp);
}
@@ -1474,19 +1474,19 @@
minor = header->minor_text;
}
- sprintf(temp,"Content-Type: %s/%s",major,minor);
+ snprintf(temp,sizeof(temp),"Content-Type: %s/%s",major,minor);
sspm_append_string(buf,temp);
if(header->boundary != 0){
- sprintf(temp,";boundary=\"%s\"",header->boundary);
+ snprintf(temp,sizeof(temp),";boundary=\"%s\"",header->boundary);
sspm_append_string(buf,temp);
}
/* Append any content type parameters */
if(header->content_type_params != 0){
for(i=0; *(header->content_type_params[i])!= 0;i++){
- sprintf(temp,header->content_type_params[i]);
+ snprintf(temp,sizeof(temp),"%s",header->content_type_params[i]);
sspm_append_char(buf,';');
sspm_append_string(buf,temp);
}
@@ -1498,7 +1498,7 @@
if(header->encoding != SSPM_UNKNOWN_ENCODING &&
header->encoding != SSPM_NO_ENCODING){
- sprintf(temp,"Content-Transfer-Encoding: %s\n",
+ snprintf(temp,sizeof(temp),"Content-Transfer-Encoding: %s\n",
sspm_encoding_string(header->encoding));
}
diff -ur kdepim-3.3.1.orig/libical/src/libicalss/icaldirset.c \
kdepim-3.3.1/libical/src/libicalss/icaldirset.c
--- kdepim-3.3.1.orig/libical/src/libicalss/icaldirset.c 2004-12-07 \
10:49:41.000000000 -0500
+++ kdepim-3.3.1/libical/src/libicalss/icaldirset.c 2004-12-08 11:29:24.260942648 \
-0500 @@ -259,7 +259,7 @@
icalerror_check_arg_rz( (store!=0), "store");
- sprintf(filename,"%s/%s",impl->dir,"SEQUENCE");
+ snprintf(filename,sizeof(filename),"%s/%s",impl->dir,"SEQUENCE");
/* Create the file if it does not exist.*/
if (stat(filename,&sbuf) == -1 || !S_ISREG(sbuf.st_mode)){
@@ -321,7 +321,7 @@
return ICAL_NO_ERROR;
}
- sprintf(path,"%s/%s",impl->dir,(char*)pvl_data(impl->directory_iterator));
+ snprintf(path,sizeof(path),"%s/%s",impl->dir,(char*)pvl_data(impl->directory_iterator));
icalfileset_free(impl->cluster);
@@ -345,7 +345,7 @@
uname(&unamebuf);
- sprintf(uidstring,"%d-%s",(int)getpid(),unamebuf.nodename);
+ snprintf(uidstring,sizeof(uidstring),"%d-%s",(int)getpid(),unamebuf.nodename);
uid = icalproperty_new_uid(uidstring);
icalcomponent_add_property(comp,uid);
diff -ur kdepim-3.3.1.orig/libical/src/libicalss/icalmessage.c \
kdepim-3.3.1/libical/src/libicalss/icalmessage.c
--- kdepim-3.3.1.orig/libical/src/libicalss/icalmessage.c 2004-12-07 \
10:49:41.000000000 -0500
+++ kdepim-3.3.1/libical/src/libicalss/icalmessage.c 2004-12-08 11:30:30.015946368 \
-0500 @@ -158,7 +158,7 @@
icalcomponent_add_property(reply,icalproperty_new_version("2.0"));
- sprintf(tmp,
+ snprintf(tmp,sizeof(tmp),
"-//SoftwareStudio//NONSGML %s %s //EN",PACKAGE,VERSION);
icalcomponent_add_property(reply,icalproperty_new_prodid(tmp));
diff -ur kdepim-3.3.1.orig/libkcal/versit/vcc.c kdepim-3.3.1/libkcal/versit/vcc.c
--- kdepim-3.3.1.orig/libkcal/versit/vcc.c 2004-12-07 10:49:41.000000000 -0500
+++ kdepim-3.3.1/libkcal/versit/vcc.c 2004-12-08 11:12:48.541315040 -0500
@@ -2115,7 +2115,7 @@
}
else {
char msg[255];
- sprintf(msg, "can't open file '%s' for reading\n", fname);
+ snprintf(msg, sizeof(msg), "can't open file '%s' for reading\n", fname);
mime_error_(msg);
return 0;
}
@@ -2139,7 +2139,7 @@
{
char msg[256];
if (mimeErrorHandler) {
- sprintf(msg,"%s at line %d", s, mime_lineNum);
+ snprintf(msg, sizeof(msg), "%s at line %d", s, mime_lineNum);
mimeErrorHandler(msg);
}
}
diff -ur kdepim-3.3.1.orig/libkcal/versit/vobject.c \
kdepim-3.3.1/libkcal/versit/vobject.c
--- kdepim-3.3.1.orig/libkcal/versit/vobject.c 2004-12-07 10:49:41.000000000 -0500
+++ kdepim-3.3.1/libkcal/versit/vobject.c 2004-12-08 11:45:13.289668352 -0500
@@ -1181,13 +1181,13 @@
}
case VCVT_UINT: {
char buf[16];
- sprintf(buf,"%u", INTEGER_VALUE_OF(o));
+ snprintf(buf,sizeof(buf),"%u", INTEGER_VALUE_OF(o));
appendsOFile(fp,buf);
break;
}
case VCVT_ULONG: {
char buf[16];
- sprintf(buf,"%lu", LONG_VALUE_OF(o));
+ snprintf(buf,sizeof(buf),"%lu", LONG_VALUE_OF(o));
appendsOFile(fp,buf);
break;
}
diff -ur kdepim-3.3.1.orig/libkdenetwork/libgpgme-copy/assuan/assuan-handler.c \
kdepim-3.3.1/libkdenetwork/libgpgme-copy/assuan/assuan-handler.c
--- kdepim-3.3.1.orig/libkdenetwork/libgpgme-copy/assuan/assuan-handler.c 2004-12-07 \
10:49:41.000000000 -0500
+++ kdepim-3.3.1/libkdenetwork/libgpgme-copy/assuan/assuan-handler.c 2004-12-08 \
11:42:40.807849112 -0500 @@ -487,13 +487,13 @@
char errline[256];
if (rc < 100)
- sprintf (errline, "ERR %d server fault (%.50s)",
+ snprintf (errline, sizeof(errline), "ERR %d server fault (%.50s)",
ASSUAN_Server_Fault, assuan_strerror (rc));
else
{
const char *text = ctx->err_no == rc? ctx->err_str:NULL;
- sprintf (errline, "ERR %d %.50s%s%.100s",
+ snprintf (errline, sizeof(errline),"ERR %d %.50s%s%.100s",
rc, assuan_strerror (rc), text? " - ":"", text?text:"");
}
rc = assuan_write_line (ctx, errline);
diff -ur kdepim-3.3.1.orig/libkdenetwork/libgpgme-copy/gpgme/rungpg.c \
kdepim-3.3.1/libkdenetwork/libgpgme-copy/gpgme/rungpg.c
--- kdepim-3.3.1.orig/libkdenetwork/libgpgme-copy/gpgme/rungpg.c 2004-12-07 \
10:49:41.000000000 -0500
+++ kdepim-3.3.1/libkdenetwork/libgpgme-copy/gpgme/rungpg.c 2004-12-08 \
11:41:15.487819728 -0500 @@ -386,7 +386,7 @@
{
char buf[25];
- sprintf (buf, "%d", gpg->status.fd[1]);
+ snprintf (buf, sizeof(buf), "%d", gpg->status.fd[1]);
rc = add_arg (gpg, buf);
if (rc)
goto leave;
@@ -701,7 +701,7 @@
free_argv (argv);
return gpg_error_from_errno (saved_errno);
}
- sprintf (argv[argc],
+ snprintf (argv[argc], 25,
a->print_fd ? "%d" : "-&%d",
fd_data_map[datac].peer_fd);
argc++;
diff -ur kdepim-3.3.1.orig/mimelib/datetime.cpp kdepim-3.3.1/mimelib/datetime.cpp
--- kdepim-3.3.1.orig/mimelib/datetime.cpp 2004-12-07 10:49:42.000000000 -0500
+++ kdepim-3.3.1/mimelib/datetime.cpp 2004-12-08 11:37:47.768397880 -0500
@@ -315,7 +315,7 @@
char sgn = (mZone < 0) ? '-' : '+';
int z = (mZone < 0) ? -mZone : mZone;
char buffer[80];
- sprintf(buffer, "%s, %d %s %4d %02d:%02d:%02d %c%02d%02d",
+ snprintf(buffer, sizeof(buffer), "%s, %d %s %4d %02d:%02d:%02d %c%02d%02d",
lWeekDay[dow], mDay, lMonth[(mMonth-1)%12], mYear,
mHour, mMinute, mSecond, sgn, z/60%24, z%60);
mString = buffer;
diff -ur kdepim-3.3.1.orig/mimelib/dw_date.cpp kdepim-3.3.1/mimelib/dw_date.cpp
--- kdepim-3.3.1.orig/mimelib/dw_date.cpp 2004-12-07 10:49:42.000000000 -0500
+++ kdepim-3.3.1/mimelib/dw_date.cpp 2004-12-08 11:37:10.233104112 -0500
@@ -688,7 +688,7 @@
gmtime(&tt, &ptms);
tms1 = *ptms;
sgn = (zone1 >= 0) ? '+' : '-';
- sprintf(buf, "%s, %2d %s %d %d%d:%d%d:%d%d %c%d%d%d%d",
+ snprintf(buf, sizeof(buf), "%s, %2d %s %d %d%d:%d%d:%d%d %c%d%d%d%d",
wdays[tms1.tm_wday], tms1.tm_mday, months[tms1.tm_mon],
tms1.tm_year+1900,
tms1.tm_hour/10, tms1.tm_hour%10,
diff -ur kdepim-3.3.1.orig/mimelib/nntp.cpp kdepim-3.3.1/mimelib/nntp.cpp
--- kdepim-3.3.1.orig/mimelib/nntp.cpp 2004-12-07 10:49:42.000000000 -0500
+++ kdepim-3.3.1/mimelib/nntp.cpp 2004-12-08 11:36:37.629060680 -0500
@@ -111,7 +111,7 @@
mStatusResponse = mTextResponse = "";
mLastCommand = kCmdArticle;
if (aArticleNum >= 0) {
- sprintf(mSendBuffer, "ARTICLE %d\r\n", aArticleNum);
+ snprintf(mSendBuffer, SEND_BUFFER_SIZE, "ARTICLE %d\r\n", aArticleNum);
}
else {
strcpy(mSendBuffer, "ARTICLE\r\n");
@@ -160,7 +160,7 @@
mStatusResponse = mTextResponse = "";
mLastCommand = kCmdHead;
if (aArticleNum >= 0) {
- sprintf(mSendBuffer, "HEAD %d\r\n", aArticleNum);
+ snprintf(mSendBuffer, SEND_BUFFER_SIZE, "HEAD %d\r\n", aArticleNum);
}
else {
strcpy(mSendBuffer, "HEAD\r\n");
@@ -208,7 +208,7 @@
mStatusResponse = mTextResponse = "";
mLastCommand = kCmdBody;
if (articleNum >= 0) {
- sprintf(mSendBuffer, "BODY %d\r\n", articleNum);
+ snprintf(mSendBuffer, SEND_BUFFER_SIZE, "BODY %d\r\n", articleNum);
}
else {
strcpy(mSendBuffer, "BODY\r\n");
@@ -256,7 +256,7 @@
mStatusResponse = mTextResponse = "";
mLastCommand = kCmdStat;
if (articleNum >= 0) {
- sprintf(mSendBuffer, "STAT %d\r\n", articleNum);
+ snprintf(mSendBuffer, SEND_BUFFER_SIZE, "STAT %d\r\n", articleNum);
}
else {
strcpy(mSendBuffer, "STAT\r\n");
diff -ur kdepim-3.3.1.orig/mimelib/pop.cpp kdepim-3.3.1/mimelib/pop.cpp
--- kdepim-3.3.1.orig/mimelib/pop.cpp 2004-12-07 10:49:42.000000000 -0500
+++ kdepim-3.3.1/mimelib/pop.cpp 2004-12-08 11:35:14.139752984 -0500
@@ -195,7 +195,7 @@
mStatusCode = 0;
mSingleLineResponse = mMultiLineResponse = "";
mLastCommand = kCmdList;
- sprintf(mSendBuffer, "LIST %d\r\n", aMsg);
+ snprintf(mSendBuffer, SEND_BUFFER_SIZE, "LIST %d\r\n", aMsg);
DBG_POP_STMT(cout << "C: " << mSendBuffer << flush;)
int bufferLen = strlen(mSendBuffer);
int numSent = PSend(mSendBuffer, bufferLen);
@@ -211,7 +211,7 @@
mStatusCode = 0;
mSingleLineResponse = mMultiLineResponse = "";
mLastCommand = kCmdRetr;
- sprintf(mSendBuffer, "RETR %d\r\n", aMsg);
+ snprintf(mSendBuffer, SEND_BUFFER_SIZE, "RETR %d\r\n", aMsg);
DBG_POP_STMT(cout << "C: " << mSendBuffer << flush;)
int bufferLen = strlen(mSendBuffer);
int numSent = PSend(mSendBuffer, bufferLen);
@@ -230,7 +230,7 @@
mStatusCode = 0;
mSingleLineResponse = mMultiLineResponse = "";
mLastCommand = kCmdDele;
- sprintf(mSendBuffer, "DELE %d\r\n", aMsg);
+ snprintf(mSendBuffer, SEND_BUFFER_SIZE, "DELE %d\r\n", aMsg);
DBG_POP_STMT(cout << "C: " << mSendBuffer << flush;)
int bufferLen = strlen(mSendBuffer);
int numSent = PSend(mSendBuffer, bufferLen);
@@ -314,7 +314,7 @@
mStatusCode = 0;
mSingleLineResponse = mMultiLineResponse = "";
mLastCommand = kCmdTop;
- sprintf(mSendBuffer, "TOP %d %d\r\n", aMsg, aNumLines);
+ snprintf(mSendBuffer, SEND_BUFFER_SIZE, "TOP %d %d\r\n", aMsg, aNumLines);
DBG_POP_STMT(cout << "C: " << mSendBuffer << flush;)
int bufferLen = strlen(mSendBuffer);
int numSent = PSend(mSendBuffer, bufferLen);
@@ -352,7 +352,7 @@
mStatusCode = 0;
mSingleLineResponse = mMultiLineResponse = "";
mLastCommand = kCmdUidl;
- sprintf(mSendBuffer, "UIDL %d\r\n", aMsg);
+ snprintf(mSendBuffer, SEND_BUFFER_SIZE, "UIDL %d\r\n", aMsg);
DBG_POP_STMT(cout << "C: " << mSendBuffer << flush);
int bufferLen = strlen(mSendBuffer);
int numSent = PSend(mSendBuffer, bufferLen);
diff -ur kdepim-3.3.1.orig/mimelib/uuencode.cpp kdepim-3.3.1/mimelib/uuencode.cpp
--- kdepim-3.3.1.orig/mimelib/uuencode.cpp 2004-12-07 10:49:42.000000000 -0500
+++ kdepim-3.3.1/mimelib/uuencode.cpp 2004-12-08 11:33:12.191291968 -0500
@@ -125,7 +125,7 @@
// Write the "begin" line
- sprintf(ascBuf, "begin %o %s" DW_EOL, mMode, mFileName);
+ snprintf(ascBuf, ascSize, "begin %o %s" DW_EOL, mMode, mFileName);
ascPos = strlen(ascBuf);
// Encode the binary chars
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic