1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
--- pop_msg.c.orig Sat Jun 27 03:09:47 1998
+++ pop_msg.c Sat Jun 27 14:35:49 1998
@@ -27,6 +27,7 @@
{
POP * p;
int stat; /* POP status indicator */
+ int l, len; /* remaining buffer length */
char * format; /* Format string for the message */
va_list ap;
register char * mp;
@@ -50,6 +51,7 @@
/* Point to the message buffer */
mp = message;
+ len = sizeof(message);
/* Format the POP status code at the beginning of the message */
if (stat == POP_SUCCESS)
@@ -58,17 +60,18 @@
(void)sprintf (mp,"%s ",POP_ERR);
/* Point past the POP status indicator in the message message */
- mp += strlen(mp);
+ l = strlen(mp);
+ len -= l, mp += l;
/* Append the message (formatted, if necessary) */
if (format)
#ifdef HAVE_VPRINTF
- vsprintf(mp,format,ap);
+ vsnprintf(mp,len,format,ap);
#else
# ifdef PYRAMID
- (void)sprintf(mp,format, arg1, arg2, arg3, arg4, arg5, arg6);
+ (void)snprintf(mp,len,format, arg1, arg2, arg3, arg4, arg5, arg6);
# else
- (void)sprintf(mp,format,((int *)ap)[0],((int *)ap)[1],((int *)ap)[2],
+ (void)snprintf(mp,len,format,((int *)ap)[0],((int *)ap)[1],((int *)ap)[2],
((int *)ap)[3],((int *)ap)[4]);
# endif
#endif
@@ -87,7 +90,8 @@
(p->user ? p->user : "(null)"), p->client, message);
/* Append the <CR><LF> */
- (void)strcat(message, "\r\n");
+ len -= strlen(message);
+ (void)strncat(message, "\r\n", len);
/* Send the message to the client */
(void)fputs(message,p->output);
--- pop_log.c.orig Wed Nov 19 13:20:38 1997
+++ pop_log.c Sat Jun 27 14:46:17 1998
@@ -47,12 +47,12 @@
#endif
#ifdef HAVE_VPRINTF
- vsprintf(msgbuf,format,ap);
+ vsnprintf(msgbuf,sizeof msgbuf,format,ap);
#else
# ifdef PYRAMID
- (void)sprintf(msgbuf,format, arg1, arg2, arg3, arg4, arg5, arg6);
+ (void)snprintf(msgbuf,sizeof msgbuf,format, arg1, arg2, arg3, arg4, arg5, arg6);
# else
- (void)sprintf (msgbuf,format,((int *)ap)[0],((int *)ap)[1],((int *)ap)[2],
+ (void)snprintf (msgbuf,sizeof msgbuf,format,((int *)ap)[0],((int *)ap)[1],((int *)ap)[2],
((int *)ap)[3],((int *)ap)[4],((int *)ap)[5]);
# endif
va_end(ap);
|