2011-10-17 [mones] 3.7.10cvs34

author Ricardo Mones <mones@claws-mail.org>

Mon, 17 Oct 2011 11:02:44 +0000 (11:02 +0000)

committer Ricardo Mones <mones@claws-mail.org>

Mon, 17 Oct 2011 11:02:44 +0000 (11:02 +0000)
author Ricardo Mones <mones@claws-mail.org>
Mon, 17 Oct 2011 11:02:44 +0000 (11:02 +0000)
committer Ricardo Mones <mones@claws-mail.org>
Mon, 17 Oct 2011 11:02:44 +0000 (11:02 +0000)
diff --git a/ChangeLog b/ChangeLog

index 9929eb5..0a4d36c 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2011-10-17 [mones]     3.7.10cvs34
+
+       * src/addrbook.c
+       * src/exportldif.c
+       * src/jpilot.c
+       * src/mutt.c
+       * src/pine.c
+       * src/procmsg.c
+       * src/vcard.c
+               Fix potential out-of-buffer writes
+
  2011-10-17 [mones]     3.7.10cvs33
  
         * src/main.c
diff --git a/PATCHSETS b/PATCHSETS

index 2ba3b51..d55aec9 100644 (file)
--- a/PATCHSETS
+++ b/PATCHSETS
@@ -4237,3 +4237,4 @@
  ( cvs diff -u -r 1.12.2.69 -r 1.12.2.70 src/action.c;  cvs diff -u -r 1.115.2.240 -r 1.115.2.241 src/main.c;  cvs diff -u -r 1.5.2.98 -r 1.5.2.99 src/gtk/gtkutils.c;  cvs diff -u -r 1.4.2.60 -r 1.4.2.61 src/gtk/gtkutils.h;  ) > 3.7.10cvs31.patchset
  ( cvs diff -u -r 1.382.2.585 -r 1.382.2.586 src/compose.c;  cvs diff -u -r 1.50.2.63 -r 1.50.2.64 src/compose.h;  cvs diff -u -r 1.20.2.27 -r 1.20.2.28 src/gtk/Makefile.am;  cvs diff -u -r 1.1.4.17 -r 1.1.4.18 src/gtk/gtkshruler.c;  cvs diff -u -r 1.1.4.10 -r 1.1.4.11 src/gtk/gtkshruler.h;  diff -u /dev/null src/gtk/gtkunit.c;  diff -u /dev/null src/gtk/gtkunit.h;  ) > 3.7.10cvs32.patchset
  ( cvs diff -u -r 1.115.2.241 -r 1.115.2.242 src/main.c;  ) > 3.7.10cvs33.patchset
+( cvs diff -u -r 1.22.2.24 -r 1.22.2.25 src/addrbook.c;  cvs diff -u -r 1.1.4.22 -r 1.1.4.23 src/exportldif.c;  cvs diff -u -r 1.18.2.32 -r 1.18.2.33 src/jpilot.c;  cvs diff -u -r 1.6.10.18 -r 1.6.10.19 src/mutt.c;  cvs diff -u -r 1.6.2.17 -r 1.6.2.18 src/pine.c;  cvs diff -u -r 1.150.2.117 -r 1.150.2.118 src/procmsg.c;  cvs diff -u -r 1.14.2.20 -r 1.14.2.21 src/vcard.c;  ) > 3.7.10cvs34.patchset
diff --git a/configure.ac b/configure.ac

index 23a85a9..9a0ec27 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -12,7 +12,7 @@ MINOR_VERSION=7
  MICRO_VERSION=10
  INTERFACE_AGE=0
  BINARY_AGE=0
-EXTRA_VERSION=33
+EXTRA_VERSION=34
  EXTRA_RELEASE=
  EXTRA_GTK2_VERSION=
  
diff --git a/src/addrbook.c b/src/addrbook.c

index 0b87e58..b0f24fa 100644 (file)
--- a/src/addrbook.c
+++ b/src/addrbook.c
@@ -1817,7 +1817,7 @@ GList *addrbook_get_bookfile_list(AddressBookFile *book) {
                 return NULL;
         }
  
-       strcpy(buf, book->path);
+       strncpy(buf, book->path, WORK_BUFLEN);
         len = strlen(buf);
         if (len > 0) {
                 if (buf[len-1] != G_DIR_SEPARATOR) {
@@ -1827,7 +1827,7 @@ GList *addrbook_get_bookfile_list(AddressBookFile *book) {
         }
  
         adbookdir = g_strdup(buf);
-       strcat(buf, ADDRBOOK_PREFIX);
+       strncat(buf, ADDRBOOK_PREFIX, WORK_BUFLEN);
  
         if( ( dir = g_dir_open( adbookdir, 0, NULL ) ) == NULL ) {
                 book->retVal = MGU_OPEN_DIRECTORY;
@@ -1845,8 +1845,8 @@ GList *addrbook_get_bookfile_list(AddressBookFile *book) {
                 gint i;
                 gboolean flg;
  
-               strcpy(buf, adbookdir);
-               strcat( buf, dir_name );
+               strncpy(buf, adbookdir, WORK_BUFLEN);
+               strncat(buf, dir_name, WORK_BUFLEN);
                 g_stat(buf, &statbuf);
                 if (S_ISREG(statbuf.st_mode)) {
                         if (strncmp(
diff --git a/src/exportldif.c b/src/exportldif.c

index a87ab64..c96901d 100644 (file)
--- a/src/exportldif.c
+++ b/src/exportldif.c
@@ -231,23 +231,23 @@ static gchar *exportldif_fmt_dn(
         if( attr ) {
                 if( value ) {
                         if( strlen( value ) > 0 ) {
-                               strcat( buf, attr );
-                               strcat( buf, "=" );
+                               strncat( buf, attr, FMT_BUFSIZE );
+                               strncat( buf, "=", FMT_BUFSIZE );
                                 if( dupval ) {
                                         /* Format and free duplicated value */
-                                       strcat( buf, dupval );
+                                       strncat( buf, dupval, FMT_BUFSIZE );
                                         g_free( dupval );
                                 }
                                 else {
                                         /* Use original value */
-                                       strcat( buf, value );
+                                       strncat( buf, value, FMT_BUFSIZE );
                                 }
  
                                 /* Append suffix */
                                 if( ctl->suffix ) {
                                         if( strlen( ctl->suffix ) > 0 ) {
-                                               strcat( buf, "," );
-                                               strcat( buf, ctl->suffix );
+                                               strncat( buf, ",", FMT_BUFSIZE );
+                                               strncat( buf, ctl->suffix, FMT_BUFSIZE );
                                         }
                                 }
  
diff --git a/src/jpilot.c b/src/jpilot.c

index 2cfc6a0..4e70d29 100644 (file)
--- a/src/jpilot.c
+++ b/src/jpilot.c
@@ -1610,9 +1610,9 @@ gchar *jpilot_find_pilotdb( void ) {
                         str[ ++len ] = '\0';
                 }
         }
-       strcat( str, JPILOT_DBHOME_DIR );
-       strcat( str, G_DIR_SEPARATOR_S );
-       strcat( str, JPILOT_DBHOME_FILE );
+       strncat( str, JPILOT_DBHOME_DIR, WORK_BUFLEN );
+       strncat( str, G_DIR_SEPARATOR_S, WORK_BUFLEN );
+       strncat( str, JPILOT_DBHOME_FILE, WORK_BUFLEN );
  
         /* Attempt to open */
         if( ( fp = g_fopen( str, "rb" ) ) != NULL ) {
diff --git a/src/mutt.c b/src/mutt.c

index 3204963..6c49fd5 100644 (file)
--- a/src/mutt.c
+++ b/src/mutt.c
@@ -540,7 +540,7 @@ gchar *mutt_find_file( void ) {
         homedir = get_home_dir();
         if( ! homedir ) return g_strdup( "" );
  
-       strcpy( str, homedir );
+       strncpy( str, homedir, WORK_BUFLEN );
         len = strlen( str );
         if( len > 0 ) {
                 if( str[ len-1 ] != G_DIR_SEPARATOR ) {
@@ -548,7 +548,7 @@ gchar *mutt_find_file( void ) {
                         str[ ++len ] = '\0';
                 }
         }
-       strcat( str, MUTT_HOME_FILE );
+       strncat( str, MUTT_HOME_FILE, WORK_BUFLEN );
  
         /* Attempt to open */
         if( ( fp = g_fopen( str, "rb" ) ) != NULL ) {
diff --git a/src/pine.c b/src/pine.c

index 2152e10..7a87558 100644 (file)
--- a/src/pine.c
+++ b/src/pine.c
@@ -642,7 +642,7 @@ gchar *pine_find_file( void ) {
         homedir = get_home_dir();
         if( ! homedir ) return g_strdup( "" );
  
-       strcpy( str, homedir );
+       strncpy( str, homedir, WORK_BUFLEN );
         len = strlen( str );
         if( len > 0 ) {
                 if( str[ len-1 ] != G_DIR_SEPARATOR ) {
@@ -650,7 +650,7 @@ gchar *pine_find_file( void ) {
                         str[ ++len ] = '\0';
                 }
         }
-       strcat( str, PINE_HOME_FILE );
+       strncat( str, PINE_HOME_FILE, WORK_BUFLEN );
  
         /* Attempt to open */
         if( ( fp = g_fopen( str, "rb" ) ) != NULL ) {
diff --git a/src/procmsg.c b/src/procmsg.c

index d2f9443..30ca024 100644 (file)
--- a/src/procmsg.c
+++ b/src/procmsg.c
@@ -1135,7 +1135,7 @@ void procmsg_print_message(MsgInfo *msginfo, const gchar *cmdline)
         g_free(prtmp);
  
         g_strchomp(buf);
-       if (buf[strlen(buf) - 1] != '&') strcat(buf, "&");
+       if (buf[strlen(buf) - 1] != '&') strncat(buf, "&", sizeof(buf));
         if (system(buf) == -1)
                 g_warning("system(%s) failed.", buf);
  }
diff --git a/src/vcard.c b/src/vcard.c

index 54eea5b..c61baf9 100644 (file)
--- a/src/vcard.c
+++ b/src/vcard.c
@@ -569,7 +569,7 @@ gchar *vcard_find_gnomecard( void ) {
         homedir = get_home_dir();
         if( ! homedir ) return NULL;
  
-       strcpy( str, homedir );
+       strncpy( str, homedir, WORK_BUFLEN );
         len = strlen( str );
         if( len > 0 ) {
                 if( str[ len-1 ] != G_DIR_SEPARATOR ) {
@@ -577,9 +577,9 @@ gchar *vcard_find_gnomecard( void ) {
                         str[ ++len ] = '\0';
                 }
         }
-       strcat( str, GNOMECARD_DIR );
-       strcat( str, G_DIR_SEPARATOR_S );
-       strcat( str, GNOMECARD_FILE );
+       strncat( str, GNOMECARD_DIR, WORK_BUFLEN );
+       strncat( str, G_DIR_SEPARATOR_S, WORK_BUFLEN );
+       strncat( str, GNOMECARD_FILE, WORK_BUFLEN );
  
         fileSpec = NULL;
         if( ( fp = g_fopen( str, "rb" ) ) != NULL ) {
author	Ricardo Mones <mones@claws-mail.org>
	Mon, 17 Oct 2011 11:02:44 +0000 (11:02 +0000)
committer	Ricardo Mones <mones@claws-mail.org>
	Mon, 17 Oct 2011 11:02:44 +0000 (11:02 +0000)
ChangeLog		patch \| blob \| history
PATCHSETS		patch \| blob \| history
configure.ac		patch \| blob \| history
src/addrbook.c		patch \| blob \| history
src/exportldif.c		patch \| blob \| history
src/jpilot.c		patch \| blob \| history
src/mutt.c		patch \| blob \| history
src/pine.c		patch \| blob \| history
src/procmsg.c		patch \| blob \| history
src/vcard.c		patch \| blob \| history