changeset: 6299:4c16c0d1ba9e
user: Michael Elkins <[email protected]>
date: Sat Feb 23 03:12:43 2013 +0000
link: http://dev.mutt.org/hg/mutt/rev/4c16c0d1ba9e
use of sscanf() had undefined behavior, replace with simple parsing instead
see #3636
diffs (58 lines):
diff -r c7eff98bb299 -r 4c16c0d1ba9e pop.c
--- a/pop.c Fri Feb 22 18:31:31 2013 +0000
+++ b/pop.c Sat Feb 23 03:12:43 2013 +0000
@@ -33,6 +33,7 @@
#include <string.h>
#include <unistd.h>
+#include <errno.h>
#ifdef USE_HCACHE
#define HC_FNAME "mutt" /* filename for hcache as POP lacks
paths */
@@ -141,8 +142,16 @@
int i, index;
CONTEXT *ctx = (CONTEXT *)data;
POP_DATA *pop_data = (POP_DATA *)ctx->data;
+ char *endp;
- sscanf (line, "%d %s", &index, line);
+ errno = 0;
+ index = strtol(line, &endp, 10);
+ if (errno)
+ return -1;
+ while (*endp == ' ')
+ endp++;
+ memmove(line, endp, strlen(endp) + 1);
+
for (i = 0; i < ctx->msgcount; i++)
if (!mutt_strcmp (line, ctx->hdrs[i]->data))
break;
diff -r c7eff98bb299 -r 4c16c0d1ba9e pop_lib.c
--- a/pop_lib.c Fri Feb 22 18:31:31 2013 +0000
+++ b/pop_lib.c Sat Feb 23 03:12:43 2013 +0000
@@ -32,6 +32,7 @@
#include <unistd.h>
#include <ctype.h>
#include <netdb.h>
+#include <errno.h>
/* given an POP mailbox name, return host, port, username and password */
int pop_parse_path (const char* path, ACCOUNT* acct)
@@ -523,8 +524,16 @@
int i;
unsigned int index;
CONTEXT *ctx = (CONTEXT *)data;
+ char *endp;
- sscanf (line, "%u %s", &index, line);
+ errno = 0;
+ index = strtoul(line, &endp, 10);
+ if (errno)
+ return -1;
+ while (*endp == ' ')
+ endp++;
+ memmove(line, endp, strlen(endp) + 1);
+
for (i = 0; i < ctx->msgcount; i++)
{
if (!mutt_strcmp (ctx->hdrs[i]->data, line))
