1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
commit ec06293134b85876f9201d8a52b844c41581b2b3
Author: Matthias Andree <matthias.andree@gmx.de>
Date: Sun Apr 18 18:01:38 2010 +0200
SECURITY FIX: DoS on EILSEQ in report_*() in -vv and multibyte-locales.
diff --git a/rfc822.c b/rfc822.c
index 6f2dbf3..dbcda32 100644
--- a/rfc822.c
+++ b/rfc822.c
@@ -25,6 +25,7 @@ MIT license. Compile with -DMAIN to build the demonstrator.
#include <stdlib.h>
#include "fetchmail.h"
+#include "sdump.h"
#ifndef MAIN
#include "i18n.h"
@@ -74,9 +75,10 @@ char *reply_hack(
}
#ifndef MAIN
- if (outlevel >= O_DEBUG)
- report_build(stdout, GT_("About to rewrite %.*s...\n"),
- (int)BEFORE_EOL(buf), buf);
+ if (outlevel >= O_DEBUG) {
+ report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, BEFORE_EOL(buf))));
+ xfree(cp);
+ }
/* make room to hack the address; buf must be malloced */
for (cp = buf; *cp; cp++)
@@ -211,9 +213,12 @@ char *reply_hack(
}
#ifndef MAIN
- if (outlevel >= O_DEBUG)
- report_complete(stdout, GT_("...rewritten version is %.*s.\n"),
- (int)BEFORE_EOL(buf), buf);
+ if (outlevel >= O_DEBUG) {
+ report_complete(stdout, GT_("...rewritten version is %s.\n"),
+ (cp = sdump(buf, BEFORE_EOL(buf))));
+ xfree(cp)
+ }
+
#endif /* MAIN */
*length = strlen(buf);
return(buf);
diff --git a/uid.c b/uid.c
index fdc6f5d..d813bee 100644
--- a/uid.c
+++ b/uid.c
@@ -20,6 +20,7 @@
#include "fetchmail.h"
#include "i18n.h"
+#include "sdump.h"
/*
* Machinery for handling UID lists live here. This is mainly to support
@@ -260,8 +261,11 @@ void initialize_saved_lists(struct query *hostlist, const char *idfile)
if (uidlcount)
{
report_build(stdout, GT_("Scratch list of UIDs:"));
- for (idp = scratchlist; idp; idp = idp->next)
- report_build(stdout, " %s", idp->id);
+ for (idp = scratchlist; idp; idp = idp->next) {
+ char *t = sdump(idp->id, strlen(idp->id));
+ report_build(stdout, " %s", t);
+ free(t);
+ }
if (!idp)
report_build(stdout, GT_(" <empty>"));
report_complete(stdout, "\n");
@@ -517,8 +521,11 @@ void uid_swap_lists(struct query *ctl)
report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname);
else
report_build(stdout, GT_("New UID list from %s:"), ctl->server.pollname);
- for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next)
- report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
+ for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) {
+ char *t = sdump(idp->id, strlen(idp->id));
+ report_build(stdout, " %s = %d", t, idp->val.status.mark);
+ free(t);
+ }
if (!idp)
report_build(stdout, GT_(" <empty>"));
report_complete(stdout, "\n");
@@ -567,8 +574,11 @@ void uid_discard_new_list(struct query *ctl)
/* this is now a merged list! the mails which were seen in this
* poll are marked here. */
report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname);
- for (idp = ctl->oldsaved; idp; idp = idp->next)
- report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
+ for (idp = ctl->oldsaved; idp; idp = idp->next) {
+ char *t = sdump(idp->id, strlen(idp->id));
+ report_build(stdout, " %s = %d", t, idp->val.status.mark);
+ free(t);
+ }
if (!idp)
report_build(stdout, GT_(" <empty>"));
report_complete(stdout, "\n");
|
