2005-11-07 [paul] 1.9.99cvs15
authorPaul Mangan <paul@claws-mail.org>
Mon, 7 Nov 2005 11:00:54 +0000 (11:00 +0000)
committerPaul Mangan <paul@claws-mail.org>
Mon, 7 Nov 2005 11:00:54 +0000 (11:00 +0000)
* src/mutt.c
* src/pine.c
fix buffer overflows
Thanks to Colin

ChangeLog
PATCHSETS
configure.ac
src/mutt.c
src/pine.c

index 8e4967b..9777d07 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2005-11-07 [paul]      1.9.99cvs15
+
+       * src/mutt.c
+       * src/pine.c
+               fix buffer overflows
+               Thanks to Colin
+
 2005-11-07 [paul]      1.9.99cvs14
 
        * doc/man/Makefile.am
index 418d1a4..66ff09d 100644 (file)
--- a/PATCHSETS
+++ b/PATCHSETS
 ( cvs diff -u -r 1.96.2.82 -r 1.96.2.83 src/textview.c;  cvs diff -u -r 1.4.2.24 -r 1.4.2.25 src/gtk/about.c;  cvs diff -u -r 1.5.2.16 -r 1.5.2.17 src/gtk/gtkutils.c;  cvs diff -u -r 1.4.2.14 -r 1.4.2.15 src/gtk/gtkutils.h;  ) > 1.9.99cvs12.patchset
 ( cvs diff -u -r 1.12.2.4 -r 1.12.2.5 src/ldif.c;  ) > 1.9.99cvs13.patchset
 ( cvs diff -u -r 1.2 -r 1.3 doc/man/Makefile.am;  diff -u /dev/null doc/man/sylpheed-claws.1;  cvs diff -u -r -1.5.2.2 -r -1.5.2.3 doc/man/sylpheed.1;  ) > 1.9.99cvs14.patchset
+( cvs diff -u -r 1.6.10.5 -r 1.6.10.6 src/mutt.c;  cvs diff -u -r 1.6.2.4 -r 1.6.2.5 src/pine.c;  ) > 1.9.99cvs15.patchset
index 48a3b16..3e1e9ec 100644 (file)
@@ -11,7 +11,7 @@ MINOR_VERSION=9
 MICRO_VERSION=99
 INTERFACE_AGE=0
 BINARY_AGE=0
-EXTRA_VERSION=14
+EXTRA_VERSION=15
 EXTRA_RELEASE=
 EXTRA_GTK2_VERSION=
 
index acec8c0..4991c42 100644 (file)
@@ -159,34 +159,37 @@ static void mutt_close_file( MuttFile *muttFile ) {
 static gchar *mutt_get_line( MuttFile *muttFile, gboolean *flagCont ) {
        gchar buf[ MUTTBUFSIZE ];
        int ch, lch;
-       gchar *ptr, *lptr;
+       int i = 0, li = 0;
 
        *flagCont = FALSE;
-       if( feof( muttFile->file ) ) return NULL;
+       if( feof( muttFile->file ) ) 
+               return NULL;
+
+       memset(buf, 0, MUTTBUFSIZE);
 
-       ptr = buf;
        lch = '\0';
-       lptr = NULL;
-       while( TRUE ) {
-               *ptr = '\0';
+       while( i < MUTTBUFSIZE-1 ) {
                ch = fgetc( muttFile->file );
                if( ch == '\0' || ch == EOF ) {
-                       if( *buf == '\0' ) return NULL;
+                       if( i == 0 ) 
+                               return NULL;
                        break;
                }
                if( ch == '\n' ) {
                        if( lch == '\\' ) {
                                /* Replace backslash with NULL */
-                               if( lptr ) *lptr = '\0';
+                               if( li != 0 ) 
+                                       buf[li] = '\0';
                                *flagCont = TRUE;
                        }
                        break;
                }
-               *ptr = ch;
-               lptr = ptr;
+               buf[i] = ch;
+               li = i;
                lch = ch;
-               ptr++;
+               i++;
        }
+       buf[i]='\0';
 
        /* Copy into private buffer */
        return g_strdup( buf );
index e92b1b2..85ff797 100644 (file)
@@ -163,31 +163,32 @@ static void pine_close_file( PineFile *pineFile ) {
  */
 static gchar *pine_read_line( PineFile *pineFile ) {
        gchar buf[ PINEBUFSIZE ];
-       int c;
+       int c, i = 0;
        gchar ch;
-       gchar *ptr;
 
-       if( feof( pineFile->file ) ) return NULL;
+       if( feof( pineFile->file ) ) 
+               return NULL;
 
-       ptr = buf;
-       while( TRUE ) {
-               *ptr = '\0';
+       while( i < PINEBUFSIZE-1 ) {
                c = fgetc( pineFile->file );
                if( c == EOF ) {
-                       if( *buf == '\0' ) return NULL;
+                       if( i == 0 ) 
+                               return NULL;
                        break;
                }
                ch = (gchar) c;
                if( ch == '\0' ) {
-                       if( *buf == '\0' ) return NULL;
+                       if( i == 0 ) 
+                               return NULL;
                        break;
                }
                if( ch == '\n' ) {
                        break;
                }
-               *ptr = ch;
-               ptr++;
+               buf[i] = ch;
+               i++;
        }
+       buf[i] = '\0';
 
        /* Copy into private buffer */
        return g_strdup( buf );