Commit d5a33624 authored by Thomas Roessler's avatar Thomas Roessler

Fix and/or check more fishy code.

parent 0fc518a9
......@@ -45,20 +45,22 @@
#define BAD -1
/* raw bytes to null-terminated base 64 string */
void mutt_to_base64 (unsigned char *out, const unsigned char *in, int len)
void mutt_to_base64 (unsigned char *out, const unsigned char *in, size_t len,
size_t olen)
{
while (len >= 3)
while (len >= 3 && olen > 10)
{
*out++ = B64Chars[in[0] >> 2];
*out++ = B64Chars[((in[0] << 4) & 0x30) | (in[1] >> 4)];
*out++ = B64Chars[((in[1] << 2) & 0x3c) | (in[2] >> 6)];
*out++ = B64Chars[in[2] & 0x3f];
len -= 3;
in += 3;
olen -= 4;
len -= 3;
in += 3;
}
/* clean up remainder */
if (len > 0)
if (len > 0 && olen > 4)
{
unsigned char fragment;
......
......@@ -176,7 +176,7 @@ folder_format_str (char *dest, size_t destlen, char op, const char *src,
strfcpy (fn, folder->ff->name, sizeof(fn));
if (folder->ff->st != NULL)
{
strcat (fn, S_ISLNK (folder->ff->st->st_mode) ? "@" :
strcat (fn, S_ISLNK (folder->ff->st->st_mode) ? "@" : /* __STRCAT_CHECKED__ */
(S_ISDIR (folder->ff->st->st_mode) ? "/" :
((folder->ff->st->st_mode & S_IXUSR) != 0 ? "*" : "")));
}
......@@ -566,7 +566,7 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num
else
{
getcwd (LastDir, sizeof (LastDir));
strcat (LastDir, "/");
strcat (LastDir, "/"); /* __STRCAT_CHECKED__ */
strncat (LastDir, f, i);
}
}
......@@ -682,7 +682,7 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num
if (mutt_strcmp (state.entry[menu->current].name, "..") == 0)
{
if (mutt_strcmp ("..", LastDir + mutt_strlen (LastDir) - 2) == 0)
strcat (LastDir, "/..");
strcat (LastDir, "/.."); /* __STRCAT_CHECKED__ */
else
{
char *p = strrchr (LastDir + 1, '/');
......@@ -694,13 +694,13 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num
if (LastDir[0] == '/')
LastDir[1] = 0;
else
strcat (LastDir, "/..");
strcat (LastDir, "/.."); /* __STRCAT_CHECKED__ */
}
}
}
else if (buffy)
{
sprintf (LastDir, "%s", state.entry[menu->current].name);
strfcpy (LastDir, state.entry[menu->current].name, sizeof (LastDir));
mutt_expand_path (LastDir, sizeof (LastDir));
}
#ifdef USE_IMAP
......@@ -726,8 +726,11 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num
}
#endif
else
sprintf (LastDir + mutt_strlen (LastDir), "/%s",
state.entry[menu->current].name);
{
char tmp[_POSIX_PATH_MAX];
snprintf (tmp, sizeof (tmp), "%s/%s", LastDir, state.entry[menu->current].name);
strfcpy (LastDir, tmp, sizeof (LastDir));
}
destroy_state (&state);
if (killPrefix)
......
......@@ -20,7 +20,7 @@ do_check ()
do_check '\<fopen.*'\"'.*w' __FOPEN_CHECKED__ "Alert: Unchecked fopen calls."
do_check '\<(mutt_)?strcpy' __STRCPY_CHECKED__ "Alert: Unchecked strcpy calls."
# do_check '\<strcat' __STRCAT_CHECKED__ "Alert: Unchecked strcat calls."
do_check '\<strcat' __STRCAT_CHECKED__ "Alert: Unchecked strcat calls."
do_check 'sprintf.*%s' __SPRINTF_CHECKED__ "Alert: Unchecked sprintf calls."
rm -f $TMPFILE
......
......@@ -238,12 +238,12 @@ void ci_bounce_message (HEADER *h, int *redraw)
* This is the printing width of "...? ([y=yes]/n=no): ?" plus 2
* for good measure. This is not ideal. FIXME.
*/
snprintf (prompt, sizeof (prompt),
snprintf (prompt, sizeof (prompt) - 4,
(h ? _("Bounce message to %s") : _("Bounce messages to %s")), buf);
mutt_format_string (prompt, sizeof (prompt),
mutt_format_string (prompt, sizeof (prompt) - 4,
0, COLS-extra_space, 0, 0,
prompt, sizeof (prompt), 0);
strcat (prompt, "...?");
strcat (prompt, "...?"); /* __STRCAT_CHECKED__ */
if (mutt_yesorno (prompt, 1) != 1)
{
rfc822_free_address (&adr);
......
......@@ -83,9 +83,12 @@ int mutt_complete (char *s, size_t slen)
strfcpy (exp_dirpart, NONULL (Maildir), sizeof (exp_dirpart));
if ((p = strrchr (s, '/')))
{
char buf[_POSIX_PATH_MAX];
*p++ = 0;
sprintf (exp_dirpart + mutt_strlen (exp_dirpart), "/%s", s+1);
sprintf (dirpart + mutt_strlen (dirpart), "%s/", s+1);
snprintf (buf, sizeof (buf), "%s/%s", exp_dirpart, s+1);
strfcpy (exp_dirpart, buf, sizeof (exp_dirpart));
snprintf (buf, sizeof (buf), "%s/%s", dirpart, s+1);
strfcpy (dirpart, buf, sizeof (dirpart));
strfcpy (filepart, p, sizeof (filepart));
}
else
......
......@@ -193,7 +193,7 @@ mutt_copy_hdr (FILE *in, FILE *out, long off_start, long off_end, int flags,
{
safe_realloc ((void **) &headers[x],
mutt_strlen (headers[x]) + mutt_strlen (buf) + sizeof (char));
strcat (headers[x], buf);
strcat (headers[x], buf); /* __STRCAT_CHECKED__ */
}
}
} /* while (ftell (in) < off_end) */
......
......@@ -411,7 +411,7 @@ int _mutt_enter_fname (const char *prompt, char *buf, size_t blen, int *redraw,
{
char *pc = safe_malloc (mutt_strlen (prompt) + 3);
sprintf (pc, "%s: ", prompt);
sprintf (pc, "%s: ", prompt); /* __SPRINTF_CHECKED__ */
mutt_ungetch (ch.op ? 0 : ch.ch, ch.op ? ch.op : 0);
if (_mutt_get_field (pc, buf, blen, (buffy ? M_EFILE : M_FILE) | M_CLEAR, multiple, files, numfiles)
!= 0)
......
......@@ -152,7 +152,7 @@ be_include_messages (char *msg, char **buf, int *bufmax, int *buflen,
if (Attribution)
{
mutt_make_string (tmp, sizeof (tmp) - 1, Attribution, Context, Context->hdrs[n]);
strcat (tmp, "\n");
strcat (tmp, "\n"); /* __STRCAT_CHECKED__ */
}
if (*bufmax == *buflen)
......
......@@ -588,7 +588,7 @@ static void enriched_flush (struct enriched_state *stte, int wrap)
stte->line_max = stte->line_used;
safe_realloc ((void **) &stte->line, stte->line_max + 1);
}
strcat (stte->line, stte->buffer);
strcat (stte->line, stte->buffer); /* __STRCAT_CHECKED__ */
stte->line_len += stte->word_len;
stte->word_len = 0;
stte->buff_used = 0;
......
......@@ -33,7 +33,7 @@ static void hmac_md5 (const char* password, char* challenge,
/* imap_auth_cram_md5: AUTH=CRAM-MD5 support. */
imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA* idata)
{
char ibuf[LONG_STRING*4+10], obuf[LONG_STRING];
char ibuf[LONG_STRING*2], obuf[LONG_STRING];
unsigned char hmac_response[MD5_DIGEST_LEN];
int len;
int rc;
......@@ -102,8 +102,9 @@ imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA* idata)
* plus the additional debris
*/
mutt_to_base64 ((unsigned char*) ibuf, (unsigned char*) obuf, strlen (obuf));
strcat (ibuf, "\r\n"); /* __STRCAT_CHECKED__ */
mutt_to_base64 ((unsigned char*) ibuf, (unsigned char*) obuf, strlen (obuf),
sizeof (ibuf) - 2);
strncat (ibuf, "\r\n", sizeof (ibuf));
mutt_socket_write (idata->conn, ibuf);
do
......
......@@ -134,9 +134,9 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA* idata)
/* send token */
mutt_to_base64 ((unsigned char*) buf1, send_token.value,
send_token.length);
send_token.length, sizeof (buf1) - 2);
gss_release_buffer (&min_stat, &send_token);
strcat (buf1, "\r\n");
strncat (buf1, "\r\n", sizeof (buf1));
mutt_socket_write (idata->conn, buf1);
if (maj_stat == GSS_S_CONTINUE_NEEDED)
......@@ -222,7 +222,8 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA* idata)
goto bail;
}
mutt_to_base64 ((unsigned char*) buf1, send_token.value, send_token.length);
mutt_to_base64 ((unsigned char*) buf1, send_token.value, send_token.length,
sizeof (buf1) - 2);
dprint (2, (debugfile, "Requesting authorisation as %s\n",
idata->conn->account.user));
strncat (buf1, "\r\n", sizeof (buf1));
......
......@@ -43,7 +43,7 @@ static char* imap_get_flags (LIST** hflags, char* s);
static int imap_check_acl (IMAP_DATA *idata);
static int imap_check_capabilities (IMAP_DATA* idata);
static void imap_set_flag (IMAP_DATA* idata, int aclbit, int flag,
const char* str, char* flags);
const char* str, char* flags, size_t flsize);
int imap_create_mailbox (IMAP_DATA* idata, char* mailbox)
{
......@@ -722,11 +722,11 @@ int imap_close_connection (CONTEXT *ctx)
/* imap_set_flag: append str to flags if we currently have permission
* according to aclbit */
static void imap_set_flag (IMAP_DATA* idata, int aclbit, int flag,
const char *str, char *flags)
const char *str, char *flags, size_t flsize)
{
if (mutt_bit_isset (idata->rights, aclbit))
if (flag)
strcat (flags, str);
strncat (flags, str, flsize);
}
/* imap_make_msg_set: make an IMAP4rev1 UID message set out of a set of
......@@ -896,17 +896,17 @@ int imap_sync_mailbox (CONTEXT* ctx, int expunge, int* index_hint)
flags[0] = '\0';
imap_set_flag (idata, IMAP_ACL_SEEN, ctx->hdrs[n]->read, "\\Seen ",
flags);
flags, sizeof (flags));
imap_set_flag (idata, IMAP_ACL_WRITE, ctx->hdrs[n]->flagged,
"\\Flagged ", flags);
"\\Flagged ", flags, sizeof (flags));
imap_set_flag (idata, IMAP_ACL_WRITE, ctx->hdrs[n]->replied,
"\\Answered ", flags);
"\\Answered ", flags, sizeof (flags));
imap_set_flag (idata, IMAP_ACL_DELETE, ctx->hdrs[n]->deleted,
"\\Deleted ", flags);
"\\Deleted ", flags, sizeof (flags));
/* now make sure we don't lose custom tags */
if (mutt_bit_isset (idata->rights, IMAP_ACL_WRITE))
imap_add_keywords (flags, ctx->hdrs[n], idata->flags);
imap_add_keywords (flags, ctx->hdrs[n], idata->flags, sizeof (flags));
mutt_remove_trailing_ws (flags);
......@@ -914,10 +914,10 @@ int imap_sync_mailbox (CONTEXT* ctx, int expunge, int* index_hint)
* explicitly revoke all system flags (if we have permission) */
if (!*flags)
{
imap_set_flag (idata, IMAP_ACL_SEEN, 1, "\\Seen ", flags);
imap_set_flag (idata, IMAP_ACL_WRITE, 1, "\\Flagged ", flags);
imap_set_flag (idata, IMAP_ACL_WRITE, 1, "\\Answered ", flags);
imap_set_flag (idata, IMAP_ACL_DELETE, 1, "\\Deleted ", flags);
imap_set_flag (idata, IMAP_ACL_SEEN, 1, "\\Seen ", flags, sizeof (flags));
imap_set_flag (idata, IMAP_ACL_WRITE, 1, "\\Flagged ", flags, sizeof (flags));
imap_set_flag (idata, IMAP_ACL_WRITE, 1, "\\Answered ", flags, sizeof (flags));
imap_set_flag (idata, IMAP_ACL_DELETE, 1, "\\Deleted ", flags, sizeof (flags));
mutt_remove_trailing_ws (flags);
......
......@@ -195,7 +195,7 @@ int imap_code (const char* s);
int imap_exec (IMAP_DATA* idata, const char* cmd, int flags);
/* message.c */
void imap_add_keywords (char* s, HEADER* keywords, LIST* mailbox_flags);
void imap_add_keywords (char* s, HEADER* keywords, LIST* mailbox_flags, size_t slen);
void imap_free_header_data (void** data);
int imap_read_headers (IMAP_DATA* idata, int msgbegin, int msgend);
......
......@@ -623,7 +623,7 @@ int imap_copy_messages (CONTEXT* ctx, HEADER* h, char* dest, int delete)
/* imap_add_keywords: concatenate custom IMAP tags to list, if they
* appear in the folder flags list. Why wouldn't they? */
void imap_add_keywords (char* s, HEADER* h, LIST* mailbox_flags)
void imap_add_keywords (char* s, HEADER* h, LIST* mailbox_flags, size_t slen)
{
LIST *keywords;
......@@ -636,8 +636,8 @@ void imap_add_keywords (char* s, HEADER* h, LIST* mailbox_flags)
{
if (msg_has_flag (mailbox_flags, keywords->data))
{
strcat (s, keywords->data);
strcat (s, " ");
strncat (s, keywords->data, slen);
strncat (s, " ", slen);
}
keywords = keywords->next;
}
......
......@@ -1758,7 +1758,7 @@ void mutt_init (int skip_sys_rc, LIST *commands)
if (*DOMAIN != '@')
{
Fqdn = safe_malloc (mutt_strlen (DOMAIN) + mutt_strlen (Hostname) + 2);
sprintf (Fqdn, "%s.%s", NONULL(Hostname), DOMAIN);
sprintf (Fqdn, "%s.%s", NONULL(Hostname), DOMAIN); /* __SPRINTF_CHECKED__ */
}
else
Fqdn = safe_strdup(NONULL(Hostname));
......
......@@ -115,8 +115,8 @@ textdomain (domainname)
if (new_catalog == (nl_catd) -1)
{
/* NLSPATH search didn't work, try absolute path */
sprintf (new_name, "%s/%s/LC_MESSAGES/%s.cat", LOCALEDIR, lang,
PACKAGE); /* __SPRINTF_CHECKED__ - sort of... */
sprintf (new_name, "%s/%s/LC_MESSAGES/%s.cat", LOCALEDIR, lang, /* __SPRINTF_CHECKED__ - sort of... */
PACKAGE);
new_catalog = catopen (new_name, 0);
if (new_catalog == (nl_catd) -1)
......
......@@ -261,8 +261,8 @@ int safe_symlink(const char *oldpath, const char *newpath)
(strlen (abs_oldpath) + 1 + strlen (oldpath) + 1 > sizeof abs_oldpath))
return -1;
strcat (abs_oldpath, "/");
strcat (abs_oldpath, oldpath);
strcat (abs_oldpath, "/"); /* __STRCAT_CHECKED__ */
strcat (abs_oldpath, oldpath); /* __STRCAT_CHECKED__ */
if (symlink (abs_oldpath, newpath) == -1)
return -1;
}
......
......@@ -1454,14 +1454,14 @@ mutt_pager (const char *banner, const char *fname, int flags, pager_t *extra)
if (IsHeader (extra))
{
mutt_compile_help (buffer, sizeof (buffer), MENU_PAGER, PagerHelpExtra);
strcat (helpstr, " ");
strcat (helpstr, buffer);
strcat (helpstr, " "); /* __STRCAT_CHECKED__ */ /* we don't seem to have any user-supplied data here */
strcat (helpstr, buffer); /* __STRCAT_CHECKED__ */
}
if (!InHelp)
{
mutt_make_help (buffer, sizeof (buffer), _("Help"), MENU_PAGER, OP_HELP);
strcat (helpstr, " ");
strcat (helpstr, buffer);
strcat (helpstr, " "); /* __STRCAT_CHECKED__ */ /* we don't seem to have any user-supplied data here */
strcat (helpstr, buffer); /* __STRCAT_CHECKED__ */
}
while (ch != -1)
......
......@@ -1261,7 +1261,7 @@ char *pgp_findKeys (ADDRESS *to, ADDRESS *cc, ADDRESS *bcc)
keylist_size += mutt_strlen (keyID) + 4;
safe_realloc ((void **)&keylist, keylist_size);
sprintf (keylist + keylist_used, "%s0x%s", keylist_used ? " " : "",
sprintf (keylist + keylist_used, "%s0x%s", keylist_used ? " " : "", /* __SPRINTF_CHECKED__ */
keyID);
keylist_used = mutt_strlen (keylist);
......
......@@ -440,14 +440,14 @@ static pgp_key_t *pgp_select_key (pgp_key_t *keys,
helpstr[0] = 0;
mutt_make_help (buf, sizeof (buf), _("Exit "), MENU_PGP, OP_EXIT);
strcat (helpstr, buf);
strcat (helpstr, buf); /* __STRCAT_CHECKED__ */
mutt_make_help (buf, sizeof (buf), _("Select "), MENU_PGP,
OP_GENERIC_SELECT_ENTRY);
strcat (helpstr, buf);
strcat (helpstr, buf); /* __STRCAT_CHECKED__ */
mutt_make_help (buf, sizeof (buf), _("Check key "), MENU_PGP, OP_VERIFY_KEY);
strcat (helpstr, buf);
strcat (helpstr, buf); /* __STRCAT_CHECKED__ */
mutt_make_help (buf, sizeof (buf), _("Help"), MENU_PGP, OP_HELP);
strcat (helpstr, buf);
strcat (helpstr, buf); /* __STRCAT_CHECKED__ */
menu = mutt_new_menu ();
menu->max = keymax;
......
......@@ -115,10 +115,10 @@ static int fetch_auth (char *line, void *data)
else
{
safe_realloc ((void **) &pop_data->auth_list,
strlen (pop_data->auth_list) + strlen (line) + 1);
strcat (pop_data->auth_list, " ");
strlen (pop_data->auth_list) + strlen (line) + 2);
strcat (pop_data->auth_list, " "); /* __STRCAT_CHECKED__ */
}
strcat (pop_data->auth_list, line);
strcat (pop_data->auth_list, line); /* __STRCAT_CHECKED__ */
return 0;
}
......
......@@ -326,7 +326,7 @@ pid_t mutt_create_filter_fd (const char *, FILE **, FILE **, FILE **, int, int,
ADDRESS *alias_reverse_lookup (ADDRESS *);
/* base64.c */
void mutt_to_base64 (unsigned char*, const unsigned char*, int);
void mutt_to_base64 (unsigned char*, const unsigned char*, size_t, size_t);
int mutt_from_base64 (char*, const char*);
/* utf8.c */
......
......@@ -434,7 +434,7 @@ static void query_menu (char *buf, size_t buflen, QUERY *results, int retbuf)
}
else if (curpos + 2 < buflen)
{
strcat (buf, ", ");
strcat (buf, ", "); /* __STRCAT_CHECKED__ */
rfc822_write_address ((char *) buf + curpos + 1, buflen - curpos - 1,
result_to_addr(QueryTable[i].data));
curpos = mutt_strlen (buf);
......
......@@ -342,7 +342,7 @@ int rfc2231_encode_string (char **pd)
if (encode)
{
e = safe_malloc (dlen + 2*ext + strlen (charset) + 3);
sprintf (e, "%s''", charset);
sprintf (e, "%s''", charset); /* __SPRINTF_CHECKED__ */
t = e + strlen (e);
for (s = d, slen = dlen; slen; s++, slen--)
if (*s < 0x20 || *s >= 0x7f ||
......
......@@ -498,7 +498,7 @@ void rfc822_qualify (ADDRESS *addr, const char *host)
if (!addr->group && addr->mailbox && strchr (addr->mailbox, '@') == NULL)
{
p = safe_malloc (mutt_strlen (addr->mailbox) + mutt_strlen (host) + 2);
sprintf (p, "%s@%s", addr->mailbox, host);
sprintf (p, "%s@%s", addr->mailbox, host); /* __SPRINTF_CHECKED__ */
safe_free ((void **) &addr->mailbox);
addr->mailbox = p;
}
......
......@@ -590,7 +590,7 @@ void mutt_make_misc_reply_headers (ENVELOPE *env, CONTEXT *ctx,
if (curenv->real_subj)
{
env->subject = safe_malloc (mutt_strlen (curenv->real_subj) + 5);
sprintf (env->subject, "Re: %s", curenv->real_subj);
sprintf (env->subject, "Re: %s", curenv->real_subj); /* __SPRINTF_CHECKED__ */
}
else
env->subject = safe_strdup ("Re: your mail");
......@@ -909,7 +909,7 @@ ADDRESS *mutt_default_from (void)
{
adr = rfc822_new_address ();
adr->mailbox = safe_malloc (mutt_strlen (Username) + mutt_strlen (fqdn) + 2);
sprintf (adr->mailbox, "%s@%s", NONULL(Username), NONULL(fqdn));
sprintf (adr->mailbox, "%s@%s", NONULL(Username), NONULL(fqdn)); /* __SPRINTF_CHECKED__ */
}
else
{
......
......@@ -1652,9 +1652,9 @@ static void encode_headers (LIST *h)
rfc2047_encode_string (&tmp);
safe_realloc ((void **) &h->data,
strlen (h->data) + 2 + strlen (tmp) + 1);
strcat (h->data, ": ");
strcat (h->data, tmp);
free (tmp);
strcat (h->data, ": "); /* __STRCAT_CHECKED__ */
strcat (h->data, tmp); /* __STRCAT_CHECKED__ */
safe_free ((void **) &tmp);
}
}
}
......
......@@ -762,7 +762,7 @@ int main (void)
sprintf (buf2, fp_fmt[x], fp_nums[y]);
if (strcmp (buf1, buf2))
{
printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf = %s\n",
printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf = %s\n", /* __SPRINTF_CHECKED__ */
fp_fmt[x], buf1, buf2);
fail++;
}
......@@ -776,7 +776,7 @@ int main (void)
sprintf (buf2, int_fmt[x], int_nums[y]);
if (strcmp (buf1, buf2))
{
printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf = %s\n",
printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf = %s\n", /* __SPRINTF_CHECKED__ */
int_fmt[x], buf1, buf2);
fail++;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment