rpms / procmail

Clone
Source Code
GIT

Blame SOURCES/procmail-3.22-out-of-bounds-rw-fixes.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   4ad2a2a84d2e598b518b6c489d54062424f85485
  2.   SOURCES
  3.   procmail-3.22-out-of-bounds-rw-fixes.patch
Blob History Raw
4ad2a2 
diff --git a/src/cstdio.c b/src/cstdio.c
4ad2a2 
index 7b6fe6d..0a0bd5b 100644
4ad2a2 
--- a/src/cstdio.c
4ad2a2 
+++ b/src/cstdio.c
4ad2a2 
@@ -144,7 +144,7 @@ int getbl(p,end)char*p,*end;					  /* my gets */
4ad2a2 
       { case '\n':case EOF:*q='\0';
4ad2a2 
 	   return overflow?-1:p!=q;	     /* did we read anything at all? */
4ad2a2 
       }
4ad2a2 
-     if(q==end)	    /* check here so that a trailing backslash won't be lost */
4ad2a2 
+     if(q>=end)	    /* check here so that a trailing backslash won't be lost */
4ad2a2 
 	q=p,overflow=1;
4ad2a2 
      *q++=i;
4ad2a2 
    }
4ad2a2 
@@ -199,7 +199,7 @@ int getlline(target,end)char*target,*end;
4ad2a2 
 	   if(*(target=strchr(target,'\0')-1)=='\\')
4ad2a2 
 	    { if(chp2!=target)				  /* non-empty line? */
4ad2a2 
 		 target++;		      /* then preserve the backslash */
4ad2a2 
-	      if(target>end-2)			  /* space enough for getbl? */
4ad2a2 
+	      if(target>=end-2)			  /* space enough for getbl? */
4ad2a2 
 		 target=end-linebuf,overflow=1;		/* toss what we have */
4ad2a2 
 	      continue;
4ad2a2 
 	    }
4ad2a2 
diff --git a/src/formail.c b/src/formail.c
4ad2a2 
index 1f5c9dd..49b9967 100644
4ad2a2 
--- a/src/formail.c
4ad2a2 
+++ b/src/formail.c
4ad2a2 
@@ -219,7 +219,8 @@ static char*getsender(namep,fldp,headreply)char*namep;struct field*fldp;
4ad2a2 
   if(i>=0&&(i!=maxindex(sest)||fldp==rdheader))		  /* found anything? */
4ad2a2 
    { char*saddr;char*tmp;			     /* determine the weight */
4ad2a2 
      nowm=areply&&headreply?headreply==1?sest[i].wrepl:sest[i].wrrepl:i;chp+=j;
4ad2a2 
-     tmp=malloc(j=fldp->Tot_len-j);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0';
4ad2a2 
+     tmp=malloc((j=fldp->Tot_len-j) + 1);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0';
4ad2a2 
+     chp[j]='\0';
4ad2a2 
      if(sest[i].head==From_)
4ad2a2 
       { char*pastad;
4ad2a2 
 	if(strchr(saddr=chp,'\n'))		     /* multiple From_ lines */
4ad2a2 
@@ -364,7 +365,7 @@ static PROGID;
4ad2a2
4ad2a2 
 int main(lastm,argv)int lastm;const char*const argv[];
4ad2a2 
 { int i,split=0,force=0,bogus=1,every=0,headreply=0,digest=0,nowait=0,keepb=0,
4ad2a2 
-   minfields=(char*)progid-(char*)progid,conctenate=0,babyl=0,babylstart,
4ad2a2 
+   minfields=(char*)progid-(char*)progid,conctenate=0,babyl=0,babylstart=0,
4ad2a2 
    berkeley=0,forgetclen;
4ad2a2 
   long maxlen,ctlength;FILE*idcache=0;pid_t thepid;
4ad2a2 
   size_t j,lnl,escaplen;char*chp,*namep,*escap=ESCAP;
4ad2a2 
diff --git a/src/formisc.c b/src/formisc.c
4ad2a2 
index c48df52..5c2869d 100644
4ad2a2 
--- a/src/formisc.c
4ad2a2 
+++ b/src/formisc.c
4ad2a2 
@@ -66,7 +66,7 @@ inc:	   start++;
4ad2a2 
 retz:	      *target='\0';
4ad2a2 
 ret:	      return start;
4ad2a2 
 	    }
4ad2a2 
-	   if(*start=='\\')
4ad2a2 
+	   if(*start=='\\' && *(start + 1))
4ad2a2 
 	      *target++='\\',start++;
4ad2a2 
 	   hitspc=2;
4ad2a2 
 	   goto normal;					      /* normal word */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation