Attachment #10193 for bug #33107

View | Details | Raw Unified | Return to bug 33107
Collapse All | Expand All

Lines 154-159 Link Here

(-)qpopper4.0.4/common/logit.c.security (-2 / +6 lines)
154	iLeft = sizeof ( msgbuf ) -3; /* allow for CRLF NULL */	154	iLeft = sizeof ( msgbuf ) -3; /* allow for CRLF NULL */
155	iChunk = Qvsnprintf ( msgbuf, iLeft, format, ap );	155	iChunk = Qvsnprintf ( msgbuf, iLeft, format, ap );
156		156
		157	/* Note: snprintf returns the number of characters that
		158	* would have been written if the buffer had been large
		159	* enough. --okir */
		160
157	/*	161	/*
158	* Append file name and line number.	162	* Append file name and line number.
159	*/	163	*/
Lines 161-167 Link Here
161	char whence [ 512 ];	165	char whence [ 512 ];
162	int len;	166	int len;
163		167
164	iLeft -= ( iChunk >= 0 ? iChunk : strlen(msgbuf) );	168	iLeft -= strlen(msgbuf);
165	len = Qsprintf ( whence, " [%s:%d]", fn, ln );	169	len = Qsprintf ( whence, " [%s:%d]", fn, ln );
166	strncat ( msgbuf, whence, iLeft );	170	strncat ( msgbuf, whence, iLeft );
167	msgbuf [ sizeof(msgbuf) -1 ] = '\0'; /* just to make sure */	171	msgbuf [ sizeof(msgbuf) -1 ] = '\0'; /* just to make sure */
Lines 191-197 Link Here
191	syslog ( loglev, "%s", msgbuf) ;	195	syslog ( loglev, "%s", msgbuf) ;
192	}	196	}
193		197
194	if ( iChunk == -1 ) {	198	if ( iChunk >= sizeof(msgbuf) - 1 ) {
195	/*	199	/*
196	* We blew out the format buffer.	200	* We blew out the format buffer.
197	*/	201	*/

Lines 341-347 Link Here

(-)qpopper4.0.4/common/snprintf.c.security (-1 / +6 lines)
341	limit = atoi ( p );	341	limit = atoi ( p );
342	}	342	}
343	else	343	else
344	if ( nState == IN_FORM && bWidth == FALSE ) {	344	/* This statement originally had nState == IN_FORM
		345	* but we never get here when in state IN_FORM.
		346	* They probably meant IN_CONV.
		347	* If you insist on re-inventing wheels, they invariably
		348	* turn out to be bumpier that the original. --okir */
		349	if ( nState == IN_CONV && bWidth == FALSE ) {
345	bWidth = TRUE;	350	bWidth = TRUE;
346	width = atoi ( p );	351	width = atoi ( p );
347	}	352	}

Lines 747-752 Link Here

(-)qpopper4.0.4/popper/popauth.c.security (+2 lines)
747	fprintf ( stderr, "%s: \"-%s\" unknown option\n", program, cp );	747	fprintf ( stderr, "%s: \"-%s\" unknown option\n", program, cp );
748	helpful();	748	helpful();
749	case TRACESW:	749	case TRACESW:
		750	if (getuid())
		751	adios ( HERE, "you are not allowed to do that" );
750	debug++;	752	debug++;
751	trace_file = fdopen ( open ( argv[1], O_RDWR\|O_CREAT\|O_EXCL,0640 ), "a+" );	753	trace_file = fdopen ( open ( argv[1], O_RDWR\|O_CREAT\|O_EXCL,0640 ), "a+" );
752	if ( trace_file == NULL )	754	if ( trace_file == NULL )

Return to bug 33107