projects / claws.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ab02342)
2011-10-17 [mones] 3.7.10cvs34
authorRicardo Mones <mones@claws-mail.org>
Mon, 17 Oct 2011 11:02:44 +0000 (11:02 +0000)
committerRicardo Mones <mones@claws-mail.org>
Mon, 17 Oct 2011 11:02:44 +0000 (11:02 +0000)
* src/addrbook.c
* src/exportldif.c
* src/jpilot.c
* src/mutt.c
* src/pine.c
* src/procmsg.c
* src/vcard.c
Fix potential out-of-buffer writes

ChangeLog patch | blob | history
PATCHSETS patch | blob | history
configure.ac patch | blob | history
src/addrbook.c patch | blob | history
src/exportldif.c patch | blob | history
src/jpilot.c patch | blob | history
src/mutt.c patch | blob | history
src/pine.c patch | blob | history
src/procmsg.c patch | blob | history
src/vcard.c patch | blob | history

diff --git a/ChangeLog b/ChangeLog
index 9929eb5155225924cf8c46d2324956465ca74752..0a4d36c1bc2799c3ca66451adab3bbd56ed7a9dc 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2011-10-17 [mones]     3.7.10cvs34
+
+       * src/addrbook.c
+       * src/exportldif.c
+       * src/jpilot.c
+       * src/mutt.c
+       * src/pine.c
+       * src/procmsg.c
+       * src/vcard.c
+               Fix potential out-of-buffer writes
+
 2011-10-17 [mones]     3.7.10cvs33
 
        * src/main.c
diff --git a/PATCHSETS b/PATCHSETS
index 2ba3b51b56077c1fa69d64b5b7c65f3ce7165185..d55aec9b0487105b7ad8bbe5ff81d66a76bd0a32 100644 (file)
--- a/PATCHSETS
+++ b/PATCHSETS
@@ -4237,3 +4237,4 @@
 ( cvs diff -u -r 1.12.2.69 -r 1.12.2.70 src/action.c;  cvs diff -u -r 1.115.2.240 -r 1.115.2.241 src/main.c;  cvs diff -u -r 1.5.2.98 -r 1.5.2.99 src/gtk/gtkutils.c;  cvs diff -u -r 1.4.2.60 -r 1.4.2.61 src/gtk/gtkutils.h;  ) > 3.7.10cvs31.patchset
 ( cvs diff -u -r 1.382.2.585 -r 1.382.2.586 src/compose.c;  cvs diff -u -r 1.50.2.63 -r 1.50.2.64 src/compose.h;  cvs diff -u -r 1.20.2.27 -r 1.20.2.28 src/gtk/Makefile.am;  cvs diff -u -r 1.1.4.17 -r 1.1.4.18 src/gtk/gtkshruler.c;  cvs diff -u -r 1.1.4.10 -r 1.1.4.11 src/gtk/gtkshruler.h;  diff -u /dev/null src/gtk/gtkunit.c;  diff -u /dev/null src/gtk/gtkunit.h;  ) > 3.7.10cvs32.patchset
 ( cvs diff -u -r 1.115.2.241 -r 1.115.2.242 src/main.c;  ) > 3.7.10cvs33.patchset
+( cvs diff -u -r 1.22.2.24 -r 1.22.2.25 src/addrbook.c;  cvs diff -u -r 1.1.4.22 -r 1.1.4.23 src/exportldif.c;  cvs diff -u -r 1.18.2.32 -r 1.18.2.33 src/jpilot.c;  cvs diff -u -r 1.6.10.18 -r 1.6.10.19 src/mutt.c;  cvs diff -u -r 1.6.2.17 -r 1.6.2.18 src/pine.c;  cvs diff -u -r 1.150.2.117 -r 1.150.2.118 src/procmsg.c;  cvs diff -u -r 1.14.2.20 -r 1.14.2.21 src/vcard.c;  ) > 3.7.10cvs34.patchset
diff --git a/configure.ac b/configure.ac
index 23a85a9493a3328997c7c0fc35a024cb2d74f4fb..9a0ec2762bd86e0dc67354708140116311b93303 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -12,7 +12,7 @@ MINOR_VERSION=7
 MICRO_VERSION=10
 INTERFACE_AGE=0
 BINARY_AGE=0
-EXTRA_VERSION=33
+EXTRA_VERSION=34
 EXTRA_RELEASE=
 EXTRA_GTK2_VERSION=
 
diff --git a/src/addrbook.c b/src/addrbook.c
index 0b87e589faebd025f7b514a7f808fca847180fea..b0f24fac1cbecabeeac1357aa0e7ec65012e59b3 100644 (file)
--- a/src/addrbook.c
+++ b/src/addrbook.c
@@ -1817,7 +1817,7 @@ GList *addrbook_get_bookfile_list(AddressBookFile *book) {
                return NULL;
        }
 
-       strcpy(buf, book->path);
+       strncpy(buf, book->path, WORK_BUFLEN);
        len = strlen(buf);
        if (len > 0) {
                if (buf[len-1] != G_DIR_SEPARATOR) {
@@ -1827,7 +1827,7 @@ GList *addrbook_get_bookfile_list(AddressBookFile *book) {
        }
 
        adbookdir = g_strdup(buf);
-       strcat(buf, ADDRBOOK_PREFIX);
+       strncat(buf, ADDRBOOK_PREFIX, WORK_BUFLEN);
 
        if( ( dir = g_dir_open( adbookdir, 0, NULL ) ) == NULL ) {
                book->retVal = MGU_OPEN_DIRECTORY;
@@ -1845,8 +1845,8 @@ GList *addrbook_get_bookfile_list(AddressBookFile *book) {
                gint i;
                gboolean flg;
 
-               strcpy(buf, adbookdir);
-               strcat( buf, dir_name );
+               strncpy(buf, adbookdir, WORK_BUFLEN);
+               strncat(buf, dir_name, WORK_BUFLEN);
                g_stat(buf, &statbuf);
                if (S_ISREG(statbuf.st_mode)) {
                        if (strncmp(
diff --git a/src/exportldif.c b/src/exportldif.c
index a87ab648a1e6f6d307a431c223617b19598de0be..c96901de7423168dec417ecb48fa3283ba3ae1eb 100644 (file)
--- a/src/exportldif.c
+++ b/src/exportldif.c
@@ -231,23 +231,23 @@ static gchar *exportldif_fmt_dn(
        if( attr ) {
                if( value ) {
                        if( strlen( value ) > 0 ) {
-                               strcat( buf, attr );
-                               strcat( buf, "=" );
+                               strncat( buf, attr, FMT_BUFSIZE );
+                               strncat( buf, "=", FMT_BUFSIZE );
                                if( dupval ) {
                                        /* Format and free duplicated value */
-                                       strcat( buf, dupval );
+                                       strncat( buf, dupval, FMT_BUFSIZE );
                                        g_free( dupval );
                                }
                                else {
                                        /* Use original value */
-                                       strcat( buf, value );
+                                       strncat( buf, value, FMT_BUFSIZE );
                                }
 
                                /* Append suffix */
                                if( ctl->suffix ) {
                                        if( strlen( ctl->suffix ) > 0 ) {
-                                               strcat( buf, "," );
-                                               strcat( buf, ctl->suffix );
+                                               strncat( buf, ",", FMT_BUFSIZE );
+                                               strncat( buf, ctl->suffix, FMT_BUFSIZE );
                                        }
                                }
 
diff --git a/src/jpilot.c b/src/jpilot.c
index 2cfc6a0ca20bfa4013bb1c67502cfe4d1920570e..4e70d292c513b8a4bde4769f8b3fa5ed24dd66d2 100644 (file)
--- a/src/jpilot.c
+++ b/src/jpilot.c
@@ -1610,9 +1610,9 @@ gchar *jpilot_find_pilotdb( void ) {
                        str[ ++len ] = '\0';
                }
        }
-       strcat( str, JPILOT_DBHOME_DIR );
-       strcat( str, G_DIR_SEPARATOR_S );
-       strcat( str, JPILOT_DBHOME_FILE );
+       strncat( str, JPILOT_DBHOME_DIR, WORK_BUFLEN );
+       strncat( str, G_DIR_SEPARATOR_S, WORK_BUFLEN );
+       strncat( str, JPILOT_DBHOME_FILE, WORK_BUFLEN );
 
        /* Attempt to open */
        if( ( fp = g_fopen( str, "rb" ) ) != NULL ) {
diff --git a/src/mutt.c b/src/mutt.c
index 320496327b3175e8d6560d7b494b43b6602ad9b0..6c49fd529cd0e7508e506f38f11cc4bb5246e6f9 100644 (file)
--- a/src/mutt.c
+++ b/src/mutt.c
@@ -540,7 +540,7 @@ gchar *mutt_find_file( void ) {
        homedir = get_home_dir();
        if( ! homedir ) return g_strdup( "" );
 
-       strcpy( str, homedir );
+       strncpy( str, homedir, WORK_BUFLEN );
        len = strlen( str );
        if( len > 0 ) {
                if( str[ len-1 ] != G_DIR_SEPARATOR ) {
@@ -548,7 +548,7 @@ gchar *mutt_find_file( void ) {
                        str[ ++len ] = '\0';
                }
        }
-       strcat( str, MUTT_HOME_FILE );
+       strncat( str, MUTT_HOME_FILE, WORK_BUFLEN );
 
        /* Attempt to open */
        if( ( fp = g_fopen( str, "rb" ) ) != NULL ) {
diff --git a/src/pine.c b/src/pine.c
index 2152e108513858c1fb6ae7ec03e45246be7ccd6f..7a87558009c800816dfaace9a626dcd6efdc535c 100644 (file)
--- a/src/pine.c
+++ b/src/pine.c
@@ -642,7 +642,7 @@ gchar *pine_find_file( void ) {
        homedir = get_home_dir();
        if( ! homedir ) return g_strdup( "" );
 
-       strcpy( str, homedir );
+       strncpy( str, homedir, WORK_BUFLEN );
        len = strlen( str );
        if( len > 0 ) {
                if( str[ len-1 ] != G_DIR_SEPARATOR ) {
@@ -650,7 +650,7 @@ gchar *pine_find_file( void ) {
                        str[ ++len ] = '\0';
                }
        }
-       strcat( str, PINE_HOME_FILE );
+       strncat( str, PINE_HOME_FILE, WORK_BUFLEN );
 
        /* Attempt to open */
        if( ( fp = g_fopen( str, "rb" ) ) != NULL ) {
diff --git a/src/procmsg.c b/src/procmsg.c
index d2f9443dc9e27af7d293d1de7c4a01b139308a68..30ca024f8b3d8809e06e476b96de2f9a2d017218 100644 (file)
--- a/src/procmsg.c
+++ b/src/procmsg.c
@@ -1135,7 +1135,7 @@ void procmsg_print_message(MsgInfo *msginfo, const gchar *cmdline)
        g_free(prtmp);
 
        g_strchomp(buf);
-       if (buf[strlen(buf) - 1] != '&') strcat(buf, "&");
+       if (buf[strlen(buf) - 1] != '&') strncat(buf, "&", sizeof(buf));
        if (system(buf) == -1)
                g_warning("system(%s) failed.", buf);
 }
diff --git a/src/vcard.c b/src/vcard.c
index 54eea5becb8383c5aa0e61bff7b20615f9616f76..c61baf93e7d30f3cd82c640c02bc542421c9d311 100644 (file)
--- a/src/vcard.c
+++ b/src/vcard.c
@@ -569,7 +569,7 @@ gchar *vcard_find_gnomecard( void ) {
        homedir = get_home_dir();
        if( ! homedir ) return NULL;
 
-       strcpy( str, homedir );
+       strncpy( str, homedir, WORK_BUFLEN );
        len = strlen( str );
        if( len > 0 ) {
                if( str[ len-1 ] != G_DIR_SEPARATOR ) {
@@ -577,9 +577,9 @@ gchar *vcard_find_gnomecard( void ) {
                        str[ ++len ] = '\0';
                }
        }
-       strcat( str, GNOMECARD_DIR );
-       strcat( str, G_DIR_SEPARATOR_S );
-       strcat( str, GNOMECARD_FILE );
+       strncat( str, GNOMECARD_DIR, WORK_BUFLEN );
+       strncat( str, G_DIR_SEPARATOR_S, WORK_BUFLEN );
+       strncat( str, GNOMECARD_FILE, WORK_BUFLEN );
 
        fileSpec = NULL;
        if( ( fp = g_fopen( str, "rb" ) ) != NULL ) {
Claws Mail