Index: lib.c =================================================================== RCS file: /home/roessler/cvs/mutt/lib.c,v retrieving revision 3.20 diff -p -u -r3.20 lib.c --- lib.c 18 May 2006 17:35:29 -0000 3.20 +++ lib.c 24 May 2006 10:09:51 -0000 @@ -206,6 +206,24 @@ int safe_fclose (FILE **f) return r; } +/* snprintf for critical operation */ +int safe_snprintf (char *str, size_t size, const char *fmt, ...) +{ + va_list ap; + int rv; + + va_start (ap, fmt); + rv = vsnprintf (str, size, fmt, ap); + va_end (ap); + if (rv >= size) + { + mutt_error _("String truncated! Mutt exits to avoid wrong behavior!"); + sleep (1); + abort (); + } + return rv; +} + char *safe_strdup (const char *s) { char *p; @@ -219,6 +237,7 @@ char *safe_strdup (const char *s) return (p); } +/* strlcat with overflow detection */ char *safe_strcat (char *d, size_t l, const char *s) { char *p = d; @@ -234,6 +253,32 @@ char *safe_strcat (char *d, size_t l, co *d++ = *s++; *d = '\0'; + if (*s && !l) + { + mutt_error _("String truncated! Mutt exits to avoid wrong behavior!"); + sleep (1); + abort (); + } + + return p; +} + +/* silently truncates strings */ +char *strfcat (char *d, size_t l, const char *s) +{ + char *p = d; + + if (!l) + return d; + + l--; /* Space for the trailing '\0'. */ + + for (; *d && l; l--) + d++; + for (; *s && l; l--) + *d++ = *s++; + + *d = '\0'; return p; } @@ -257,6 +302,19 @@ char *safe_strncat (char *d, size_t l, c return p; } +char *safe_strfcpy (char *d, const char *s, size_t l) +{ + if (strlen (s) >= l) + { + mutt_error _("String truncated! Mutt exits to avoid wrong behavior!"); + sleep (1); + abort (); + } + strncpy(d, s, l); + *(d + l - 1) = '\0'; + return d; +} + void mutt_str_replace (char **p, const char *s) { @@ -768,7 +826,7 @@ char *mutt_concat_path (char *d, const c if (!*fname || (*dir && dir[strlen(dir)-1] == '/')) fmt = "%s%s"; - snprintf (d, l, fmt, dir, fname); + safe_snprintf (d, l, fmt, dir, fname); return d; } Index: lib.h =================================================================== RCS file: /home/roessler/cvs/mutt/lib.h,v retrieving revision 3.13 diff -p -u -r3.13 lib.h --- lib.h 17 Sep 2005 20:46:10 -0000 3.13 +++ lib.h 24 May 2006 10:09:51 -0000 @@ -117,8 +117,11 @@ char *mutt_skip_whitespace (char *); char *mutt_strlower (char *); char *mutt_substrcpy (char *, const char *, const char *, size_t); char *mutt_substrdup (const char *, const char *); +int safe_snprintf (char *, size_t, const char *, ...); char *safe_strcat (char *, size_t, const char *); +char *strfcat (char *, size_t, const char *); char *safe_strncat (char *, size_t, const char *, size_t); +char *safe_strfcpy (char *, const char *, size_t); char *safe_strdup (const char *); const char *mutt_stristr (const char *, const char *); Index: account.c =================================================================== RCS file: /home/roessler/cvs/mutt/account.c,v retrieving revision 3.11 diff -p -u -r3.11 account.c --- account.c 17 Sep 2005 20:46:09 -0000 3.11 +++ account.c 24 May 2006 10:09:40 -0000 @@ -69,18 +69,18 @@ int mutt_account_fromurl (ACCOUNT* accou { /* must be present */ if (url->host) - strfcpy (account->host, url->host, sizeof (account->host)); + safe_strfcpy (account->host, url->host, sizeof (account->host)); else return -1; if (url->user) { - strfcpy (account->user, url->user, sizeof (account->user)); + safe_strfcpy (account->user, url->user, sizeof (account->user)); account->flags |= M_ACCT_USER; } if (url->pass) { - strfcpy (account->pass, url->pass, sizeof (account->pass)); + safe_strfcpy (account->pass, url->pass, sizeof (account->pass)); account->flags |= M_ACCT_PASS; } if (url->port) @@ -142,17 +142,17 @@ int mutt_account_getuser (ACCOUNT* accou return 0; #ifdef USE_IMAP else if ((account->type == M_ACCT_TYPE_IMAP) && ImapUser) - strfcpy (account->user, ImapUser, sizeof (account->user)); + safe_strfcpy (account->user, ImapUser, sizeof (account->user)); #endif #ifdef USE_POP else if ((account->type == M_ACCT_TYPE_POP) && PopUser) - strfcpy (account->user, PopUser, sizeof (account->user)); + safe_strfcpy (account->user, PopUser, sizeof (account->user)); #endif /* prompt (defaults to unix username), copy into account->user */ else { snprintf (prompt, sizeof (prompt), _("Username at %s: "), account->host); - strfcpy (account->user, NONULL (Username), sizeof (account->user)); + safe_strfcpy (account->user, NONULL (Username), sizeof (account->user)); if (mutt_get_field_unbuffered (prompt, account->user, sizeof (account->user), 0)) return -1; } @@ -172,7 +172,7 @@ int mutt_account_getlogin (ACCOUNT* acco { if (ImapLogin) { - strfcpy (account->login, ImapLogin, sizeof (account->login)); + safe_strfcpy (account->login, ImapLogin, sizeof (account->login)); account->flags |= M_ACCT_LOGIN; } } @@ -181,7 +181,7 @@ int mutt_account_getlogin (ACCOUNT* acco if (!(account->flags & M_ACCT_LOGIN)) { mutt_account_getuser (account); - strfcpy (account->login, account->user, sizeof (account->login)); + safe_strfcpy (account->login, account->user, sizeof (account->login)); } account->flags |= M_ACCT_LOGIN; @@ -198,11 +198,11 @@ int mutt_account_getpass (ACCOUNT* accou return 0; #ifdef USE_IMAP else if ((account->type == M_ACCT_TYPE_IMAP) && ImapPass) - strfcpy (account->pass, ImapPass, sizeof (account->pass)); + safe_strfcpy (account->pass, ImapPass, sizeof (account->pass)); #endif #ifdef USE_POP else if ((account->type == M_ACCT_TYPE_POP) && PopPass) - strfcpy (account->pass, PopPass, sizeof (account->pass)); + safe_strfcpy (account->pass, PopPass, sizeof (account->pass)); #endif else { Index: attach.c =================================================================== RCS file: /home/roessler/cvs/mutt/attach.c,v retrieving revision 3.21 diff -p -u -r3.21 attach.c --- attach.c 21 Feb 2006 08:10:15 -0000 3.21 +++ attach.c 24 May 2006 10:09:41 -0000 @@ -100,9 +100,9 @@ int mutt_compose_attachment (BODY *a) { if (entry->composetypecommand) - strfcpy (command, entry->composetypecommand, sizeof (command)); + safe_strfcpy (command, entry->composetypecommand, sizeof (command)); else - strfcpy (command, entry->composecommand, sizeof (command)); + safe_strfcpy (command, entry->composecommand, sizeof (command)); if (rfc1524_expand_filename (entry->nametemplate, a->filename, newfile, sizeof (newfile))) { @@ -117,7 +117,7 @@ int mutt_compose_attachment (BODY *a) unlink_newfile = 1; } else - strfcpy(newfile, a->filename, sizeof(newfile)); + safe_strfcpy(newfile, a->filename, sizeof(newfile)); if (rfc1524_expand_command (a, newfile, type, command, sizeof (command))) @@ -234,7 +234,7 @@ int mutt_edit_attachment (BODY *a) if (entry->editcommand) { - strfcpy (command, entry->editcommand, sizeof (command)); + safe_strfcpy (command, entry->editcommand, sizeof (command)); if (rfc1524_expand_filename (entry->nametemplate, a->filename, newfile, sizeof (newfile))) { @@ -249,7 +249,7 @@ int mutt_edit_attachment (BODY *a) unlink_newfile = 1; } else - strfcpy(newfile, a->filename, sizeof(newfile)); + safe_strfcpy(newfile, a->filename, sizeof(newfile)); if (rfc1524_expand_command (a, newfile, type, command, sizeof (command))) @@ -304,7 +304,7 @@ static int is_mmnoask (const char *buf) if (mutt_strcmp (p, "1") == 0) return (1); - strfcpy (tmp, p, sizeof (tmp)); + safe_strfcpy (tmp, p, sizeof (tmp)); p = tmp; while ((p = strtok (p, ",")) != NULL) @@ -456,7 +456,7 @@ int mutt_view_attachment (FILE *fp, BODY mutt_error _("MIME type not defined. Cannot view attachment."); goto return_error; } - strfcpy (command, entry->command, sizeof (command)); + safe_strfcpy (command, entry->command, sizeof (command)); if (fp) { @@ -475,7 +475,7 @@ int mutt_view_attachment (FILE *fp, BODY if (safe_symlink (a->filename, tempfile) == -1) { if (mutt_yesorno (_("Can't match nametemplate, continue?"), M_YES) == M_YES) - strfcpy (tempfile, a->filename, sizeof (tempfile)); + safe_strfcpy (tempfile, a->filename, sizeof (tempfile)); else goto return_error; } @@ -484,7 +484,7 @@ int mutt_view_attachment (FILE *fp, BODY } } else if (fp == NULL) /* send case */ - strfcpy (tempfile, a->filename, sizeof (tempfile)); + safe_strfcpy (tempfile, a->filename, sizeof (tempfile)); if (fp) { @@ -504,7 +504,7 @@ int mutt_view_attachment (FILE *fp, BODY if (fp && !use_mailcap && a->filename) { /* recv case */ - strfcpy (pagerfile, a->filename, sizeof (pagerfile)); + safe_strfcpy (pagerfile, a->filename, sizeof (pagerfile)); mutt_adv_mktemp (pagerfile, sizeof(pagerfile)); } else @@ -970,7 +970,7 @@ int mutt_print_attachment (FILE *fp, BOD rfc1524_free_entry (&entry); return 0; } - strfcpy (newfile, a->filename, sizeof (newfile)); + safe_strfcpy (newfile, a->filename, sizeof (newfile)); } else unlink_newfile = 1; @@ -981,7 +981,7 @@ int mutt_print_attachment (FILE *fp, BOD if (fp) mutt_save_attachment (fp, a, newfile, 0, NULL); - strfcpy (command, entry->printcommand, sizeof (command)); + safe_strfcpy (command, entry->printcommand, sizeof (command)); piped = rfc1524_expand_command (a, newfile, type, command, sizeof (command)); mutt_endwin (NULL); Index: browser.c =================================================================== RCS file: /home/roessler/cvs/mutt/browser.c,v retrieving revision 3.19 diff -p -u -r3.19 browser.c --- browser.c 6 Oct 2005 06:15:00 -0000 3.19 +++ browser.c 24 May 2006 10:09:42 -0000 @@ -456,7 +456,7 @@ static int examine_mailboxes (MUTTMENU * (! S_ISLNK (s.st_mode))) continue; - strfcpy (buffer, NONULL(tmp->path), sizeof (buffer)); + safe_strfcpy (buffer, NONULL(tmp->path), sizeof (buffer)); mutt_pretty_mailbox (buffer); add_folder (menu, state, buffer, &s, tmp->new); @@ -551,7 +551,7 @@ void _mutt_select_file (char *f, size_t memset (&state, 0, sizeof (struct browser_state)); if (!folder) - strfcpy (LastDirBackup, LastDir, sizeof (LastDirBackup)); + safe_strfcpy (LastDirBackup, LastDir, sizeof (LastDirBackup)); if (*f) { @@ -562,7 +562,7 @@ void _mutt_select_file (char *f, size_t init_state (&state, NULL); state.imap_browse = 1; if (!imap_browse (f, &state)) - strfcpy (LastDir, state.folder, sizeof (LastDir)); + safe_strfcpy (LastDir, state.folder, sizeof (LastDir)); } else { @@ -592,9 +592,9 @@ void _mutt_select_file (char *f, size_t } if (i <= 0 && f[0] != '/') - strfcpy (prefix, f, sizeof (prefix)); + safe_strfcpy (prefix, f, sizeof (prefix)); else - strfcpy (prefix, f + i + 1, sizeof (prefix)); + safe_strfcpy (prefix, f + i + 1, sizeof (prefix)); killPrefix = 1; #ifdef USE_IMAP } @@ -605,7 +605,7 @@ void _mutt_select_file (char *f, size_t if (!folder) getcwd (LastDir, sizeof (LastDir)); else if (!LastDir[0]) - strfcpy (LastDir, NONULL(Maildir), sizeof (LastDir)); + safe_strfcpy (LastDir, NONULL(Maildir), sizeof (LastDir)); #ifdef USE_IMAP if (!buffy && mx_is_imap (LastDir)) @@ -669,13 +669,13 @@ void _mutt_select_file (char *f, size_t /* make sure this isn't a MH or maildir mailbox */ if (buffy) { - strfcpy (buf, state.entry[menu->current].name, sizeof (buf)); + safe_strfcpy (buf, state.entry[menu->current].name, sizeof (buf)); mutt_expand_path (buf, sizeof (buf)); } #ifdef USE_IMAP else if (state.imap_browse) { - strfcpy (buf, state.entry[menu->current].name, sizeof (buf)); + safe_strfcpy (buf, state.entry[menu->current].name, sizeof (buf)); } #endif else @@ -690,12 +690,12 @@ void _mutt_select_file (char *f, size_t char OldLastDir[_POSIX_PATH_MAX]; /* save the old directory */ - strfcpy (OldLastDir, LastDir, sizeof (OldLastDir)); + safe_strfcpy (OldLastDir, LastDir, sizeof (OldLastDir)); if (mutt_strcmp (state.entry[menu->current].name, "..") == 0) { if (mutt_strcmp ("..", LastDir + mutt_strlen (LastDir) - 2) == 0) - strcat (LastDir, "/.."); /* __STRCAT_CHECKED__ */ + strfcat (LastDir, sizeof (LastDir), "/.."); else { char *p = strrchr (LastDir + 1, '/'); @@ -707,13 +707,13 @@ void _mutt_select_file (char *f, size_t if (LastDir[0] == '/') LastDir[1] = 0; else - strcat (LastDir, "/.."); /* __STRCAT_CHECKED__ */ + strfcat (LastDir, sizeof (LastDir), "/.."); } } } else if (buffy) { - strfcpy (LastDir, state.entry[menu->current].name, sizeof (LastDir)); + safe_strfcpy (LastDir, state.entry[menu->current].name, sizeof (LastDir)); mutt_expand_path (LastDir, sizeof (LastDir)); } #ifdef USE_IMAP @@ -722,7 +722,7 @@ void _mutt_select_file (char *f, size_t int n; ciss_url_t url; - strfcpy (LastDir, state.entry[menu->current].name, + safe_strfcpy (LastDir, state.entry[menu->current].name, sizeof (LastDir)); /* tack on delimiter here */ n = strlen (LastDir)+1; @@ -742,7 +742,7 @@ void _mutt_select_file (char *f, size_t { char tmp[_POSIX_PATH_MAX]; mutt_concat_path (tmp, LastDir, state.entry[menu->current].name, sizeof (tmp)); - strfcpy (LastDir, tmp, sizeof (LastDir)); + safe_strfcpy (LastDir, tmp, sizeof (LastDir)); } destroy_state (&state); @@ -766,10 +766,10 @@ void _mutt_select_file (char *f, size_t if (examine_directory (menu, &state, LastDir, prefix) == -1) { /* try to restore the old values */ - strfcpy (LastDir, OldLastDir, sizeof (LastDir)); + safe_strfcpy (LastDir, OldLastDir, sizeof (LastDir)); if (examine_directory (menu, &state, LastDir, prefix) == -1) { - strfcpy (LastDir, NONULL(Homedir), sizeof (LastDir)); + safe_strfcpy (LastDir, NONULL(Homedir), sizeof (LastDir)); goto bail; } } @@ -782,12 +782,12 @@ void _mutt_select_file (char *f, size_t if (buffy) { - strfcpy (f, state.entry[menu->current].name, flen); + safe_strfcpy (f, state.entry[menu->current].name, flen); mutt_expand_path (f, flen); } #ifdef USE_IMAP else if (state.imap_browse) - strfcpy (f, state.entry[menu->current].name, flen); + safe_strfcpy (f, state.entry[menu->current].name, flen); #endif else mutt_concat_path (f, LastDir, state.entry[menu->current].name, flen); @@ -939,7 +939,7 @@ void _mutt_select_file (char *f, size_t case OP_CHANGE_DIRECTORY: - strfcpy (buf, LastDir, sizeof (buf)); + safe_strfcpy (buf, LastDir, sizeof (buf)); #ifdef USE_IMAP if (!state.imap_browse) #endif @@ -958,7 +958,7 @@ void _mutt_select_file (char *f, size_t #ifdef USE_IMAP if (mx_is_imap (buf)) { - strfcpy (LastDir, buf, sizeof (LastDir)); + safe_strfcpy (LastDir, buf, sizeof (LastDir)); destroy_state (&state); init_state (&state, NULL); state.imap_browse = 1; @@ -977,7 +977,7 @@ void _mutt_select_file (char *f, size_t { destroy_state (&state); if (examine_directory (menu, &state, buf, prefix) == 0) - strfcpy (LastDir, buf, sizeof (LastDir)); + safe_strfcpy (LastDir, buf, sizeof (LastDir)); else { mutt_error _("Error scanning directory."); @@ -1144,7 +1144,7 @@ void _mutt_select_file (char *f, size_t case OP_BROWSER_NEW_FILE: - snprintf (buf, sizeof (buf), "%s/", LastDir); + safe_snprintf (buf, sizeof (buf), "%s/", LastDir); if (mutt_get_field (_("New file name: "), buf, sizeof (buf), M_FILE) == 0) { strfcpy (f, buf, flen); @@ -1201,6 +1201,6 @@ void _mutt_select_file (char *f, size_t bail: if (!folder) - strfcpy (LastDir, LastDirBackup, sizeof (LastDir)); + safe_strfcpy (LastDir, LastDirBackup, sizeof (LastDir)); } Index: buffy.c =================================================================== RCS file: /home/roessler/cvs/mutt/buffy.c,v retrieving revision 3.19 diff -p -u -r3.19 buffy.c --- buffy.c 18 May 2006 17:35:29 -0000 3.19 +++ buffy.c 24 May 2006 10:09:42 -0000 @@ -180,7 +180,7 @@ int mutt_parse_mailboxes (BUFFER *path, while (MoreArgs (s)) { mutt_extract_token (path, s, 0); - strfcpy (buf, path->data, sizeof (buf)); + safe_strfcpy (buf, path->data, sizeof (buf)); if(data == M_UNMAILBOXES && mutt_strcmp(buf,"*") == 0) { @@ -442,7 +442,7 @@ int mutt_buffy_list (void) if (!tmp->new || (have_unnotified && tmp->notified)) continue; - strfcpy (path, tmp->path, sizeof (path)); + safe_strfcpy (path, tmp->path, sizeof (path)); mutt_pretty_mailbox (path); if (!first && pos + strlen (path) >= COLS - 7) @@ -515,7 +515,7 @@ void mutt_buffy (char *s, size_t slen) mutt_buffy_check (1); /* buffy was wrong - resync things */ break; } - strfcpy (s, tmp->path, slen); + safe_strfcpy (s, tmp->path, slen); mutt_pretty_mailbox (s); break; @@ -541,7 +541,7 @@ void mutt_buffy (char *s, size_t slen) mutt_buffy_check (1); /* buffy was wrong - resync things */ break; } - strfcpy (s, tmp->path, slen); + safe_strfcpy (s, tmp->path, slen); mutt_pretty_mailbox (s); break; } Index: commands.c =================================================================== RCS file: /home/roessler/cvs/mutt/commands.c,v retrieving revision 3.35 diff -p -u -r3.35 commands.c --- commands.c 17 Sep 2005 20:46:10 -0000 3.35 +++ commands.c 24 May 2006 10:09:43 -0000 @@ -216,7 +216,7 @@ int mutt_display_message (HEADER *cur) int r; mutt_endwin (NULL); - snprintf (buf, sizeof (buf), "%s %s", NONULL(Pager), tempfile); + safe_snprintf (buf, sizeof (buf), "%s %s", NONULL(Pager), tempfile); if ((r = mutt_system (buf)) == -1) mutt_error (_("Error running \"%s\"!"), buf); unlink (tempfile); @@ -568,7 +568,7 @@ void mutt_shell_escape (void) if (mutt_get_field (_("Shell command: "), buf, sizeof (buf), M_CMD) == 0) { if (!buf[0] && Shell) - strfcpy (buf, Shell, sizeof (buf)); + safe_strfcpy (buf, Shell, sizeof (buf)); if(buf[0]) { CLEARLINE (LINES-1); @@ -777,9 +777,9 @@ int mutt_save_message (HEADER *h, int de * Leitner */ if (mutt_strcmp (buf, ".") == 0) - strfcpy (buf, LastSaveFolder, sizeof (buf)); + safe_strfcpy (buf, LastSaveFolder, sizeof (buf)); else - strfcpy (LastSaveFolder, buf, sizeof (LastSaveFolder)); + safe_strfcpy (LastSaveFolder, buf, sizeof (LastSaveFolder)); mutt_expand_path (buf, sizeof (buf)); Index: complete.c =================================================================== RCS file: /home/roessler/cvs/mutt/complete.c,v retrieving revision 3.5 diff -p -u -r3.5 complete.c --- complete.c 17 Sep 2005 20:46:10 -0000 3.5 +++ complete.c 24 May 2006 10:09:43 -0000 @@ -62,7 +62,7 @@ int mutt_complete (char *s, size_t slen) mutt_concat_path (imap_path, p, s+1, sizeof (imap_path)); } else - strfcpy (imap_path, s, sizeof(imap_path)); + safe_strfcpy (imap_path, s, sizeof(imap_path)); if (mx_is_imap (imap_path)) return imap_complete (s, slen, imap_path); @@ -73,21 +73,21 @@ int mutt_complete (char *s, size_t slen) dirpart[0] = *s; dirpart[1] = 0; if (*s == '!') - strfcpy (exp_dirpart, NONULL (Spoolfile), sizeof (exp_dirpart)); + safe_strfcpy (exp_dirpart, NONULL (Spoolfile), sizeof (exp_dirpart)); else - strfcpy (exp_dirpart, NONULL (Maildir), sizeof (exp_dirpart)); + safe_strfcpy (exp_dirpart, NONULL (Maildir), sizeof (exp_dirpart)); if ((p = strrchr (s, '/'))) { char buf[_POSIX_PATH_MAX]; *p++ = 0; mutt_concat_path (buf, exp_dirpart, s + 1, sizeof (buf)); - strfcpy (exp_dirpart, buf, sizeof (exp_dirpart)); - snprintf (buf, sizeof (buf), "%s%s/", dirpart, s+1); - strfcpy (dirpart, buf, sizeof (dirpart)); - strfcpy (filepart, p, sizeof (filepart)); + safe_strfcpy (exp_dirpart, buf, sizeof (exp_dirpart)); + safe_snprintf (buf, sizeof (buf), "%s%s/", dirpart, s+1); + safe_strfcpy (dirpart, buf, sizeof (dirpart)); + safe_strfcpy (filepart, p, sizeof (filepart)); } else - strfcpy (filepart, s + 1, sizeof (filepart)); + safe_strfcpy (filepart, s + 1, sizeof (filepart)); dirp = opendir (exp_dirpart); } else @@ -97,9 +97,9 @@ int mutt_complete (char *s, size_t slen) if (p == s) /* absolute path */ { p = s + 1; - strfcpy (dirpart, "/", sizeof (dirpart)); + safe_strfcpy (dirpart, "/", sizeof (dirpart)); exp_dirpart[0] = 0; - strfcpy (filepart, p, sizeof (filepart)); + safe_strfcpy (filepart, p, sizeof (filepart)); dirp = opendir (dirpart); } else @@ -109,8 +109,8 @@ int mutt_complete (char *s, size_t slen) strncpy (dirpart, s, len); dirpart[len]=0; p++; - strfcpy (filepart, p, sizeof (filepart)); - strfcpy (exp_dirpart, dirpart, sizeof (exp_dirpart)); + safe_strfcpy (filepart, p, sizeof (filepart)); + safe_strfcpy (exp_dirpart, dirpart, sizeof (exp_dirpart)); mutt_expand_path (exp_dirpart, sizeof (exp_dirpart)); dirp = opendir (exp_dirpart); } @@ -119,7 +119,7 @@ int mutt_complete (char *s, size_t slen) { /* no directory name, so assume current directory. */ dirpart[0] = 0; - strfcpy (filepart, s, sizeof (filepart)); + safe_strfcpy (filepart, s, sizeof (filepart)); dirp = opendir ("."); } } @@ -140,7 +140,7 @@ int mutt_complete (char *s, size_t slen) { if (mutt_strcmp (".", de->d_name) != 0 && mutt_strcmp ("..", de->d_name) != 0) { - strfcpy (filepart, de->d_name, sizeof (filepart)); + safe_strfcpy (filepart, de->d_name, sizeof (filepart)); init++; break; } @@ -168,19 +168,19 @@ int mutt_complete (char *s, size_t slen) char buf[_POSIX_PATH_MAX]; struct stat st; - strfcpy (filepart, de->d_name, sizeof(filepart)); + safe_strfcpy (filepart, de->d_name, sizeof(filepart)); /* check to see if it is a directory */ if (dirpart[0]) { - strfcpy (buf, exp_dirpart, sizeof (buf)); - strfcpy (buf + strlen (buf), "/", sizeof (buf) - strlen (buf)); + safe_strfcpy (buf, exp_dirpart, sizeof (buf)); + safe_strfcpy (buf + strlen (buf), "/", sizeof (buf) - strlen (buf)); } else buf[0] = 0; - strfcpy (buf + strlen (buf), filepart, sizeof (buf) - strlen (buf)); + safe_strfcpy (buf + strlen (buf), filepart, sizeof (buf) - strlen (buf)); if (stat (buf, &st) != -1 && (st.st_mode & S_IFDIR)) - strfcpy (filepart + strlen (filepart), "/", + safe_strfcpy (filepart + strlen (filepart), "/", sizeof (filepart) - strlen (filepart)); init = 1; } @@ -190,13 +190,13 @@ int mutt_complete (char *s, size_t slen) if (dirpart[0]) { - strfcpy (s, dirpart, slen); + safe_strfcpy (s, dirpart, slen); if (mutt_strcmp ("/", dirpart) != 0 && dirpart[0] != '=' && dirpart[0] != '+') - strfcpy (s + strlen (s), "/", slen - strlen (s)); - strfcpy (s + strlen (s), filepart, slen - strlen (s)); + safe_strfcpy (s + strlen (s), "/", slen - strlen (s)); + safe_strfcpy (s + strlen (s), filepart, slen - strlen (s)); } else - strfcpy (s, filepart, slen); + safe_strfcpy (s, filepart, slen); return (init ? 0 : -1); } Index: compose.c =================================================================== RCS file: /home/roessler/cvs/mutt/compose.c,v retrieving revision 3.27 diff -p -u -r3.27 compose.c --- compose.c 17 Sep 2005 20:46:10 -0000 3.27 +++ compose.c 24 May 2006 10:09:44 -0000 @@ -214,7 +214,7 @@ check_attachments(ATTACHPTR **idx, short for (i = 0; i < idxlen; i++) { - strfcpy(pretty, idx[i]->content->filename, sizeof(pretty)); + safe_strfcpy(pretty, idx[i]->content->filename, sizeof(pretty)); if(stat(idx[i]->content->filename, &st) != 0) { mutt_pretty_mailbox(pretty); @@ -716,7 +716,7 @@ int mutt_compose_menu (HEADER *msg, /* if (Context) { - strfcpy (fname, NONULL (Context->path), sizeof (fname)); + safe_strfcpy (fname, NONULL (Context->path), sizeof (fname)); mutt_pretty_mailbox (fname); } @@ -1004,7 +1004,7 @@ int mutt_compose_menu (HEADER *msg, /* case OP_COMPOSE_RENAME_FILE: CHECK_COUNT; - strfcpy (fname, idx[menu->current]->content->filename, sizeof (fname)); + safe_strfcpy (fname, idx[menu->current]->content->filename, sizeof (fname)); mutt_pretty_mailbox (fname); if (mutt_get_field (_("Rename to: "), fname, sizeof (fname), M_FILE) == 0 && fname[0]) @@ -1178,7 +1178,7 @@ int mutt_compose_menu (HEADER *msg, /* case OP_COMPOSE_ISPELL: endwin (); - snprintf (buf, sizeof (buf), "%s -x %s", NONULL(Ispell), msg->content->filename); + safe_snprintf (buf, sizeof (buf), "%s -x %s", NONULL(Ispell), msg->content->filename); if (mutt_system (buf) == -1) mutt_error (_("Error running \"%s\"!"), buf); else @@ -1193,7 +1193,7 @@ int mutt_compose_menu (HEADER *msg, /* fname[0] = '\0'; if (Context) { - strfcpy (fname, NONULL (Context->path), sizeof (fname)); + safe_strfcpy (fname, NONULL (Context->path), sizeof (fname)); mutt_pretty_mailbox (fname); } if (idxlen) Index: crypt-gpgme.c =================================================================== RCS file: /home/roessler/cvs/mutt/crypt-gpgme.c,v retrieving revision 3.10 diff -p -u -r3.10 crypt-gpgme.c --- crypt-gpgme.c 21 Oct 2005 04:35:37 -0000 3.10 +++ crypt-gpgme.c 24 May 2006 10:09:46 -0000 @@ -3560,15 +3560,15 @@ static crypt_key_t *crypt_select_key (cr helpstr[0] = 0; mutt_make_help (buf, sizeof (buf), _("Exit "), menu_to_use, OP_EXIT); - strcat (helpstr, buf); /* __STRCAT_CHECKED__ */ + strfcat (helpstr, sizeof (helpstr), buf); mutt_make_help (buf, sizeof (buf), _("Select "), menu_to_use, OP_GENERIC_SELECT_ENTRY); - strcat (helpstr, buf); /* __STRCAT_CHECKED__ */ + strfcat (helpstr, sizeof (helpstr), buf); mutt_make_help (buf, sizeof (buf), _("Check key "), menu_to_use, OP_VERIFY_KEY); - strcat (helpstr, buf); /* __STRCAT_CHECKED__ */ + strfcat (helpstr, sizeof (helpstr), buf); mutt_make_help (buf, sizeof (buf), _("Help"), menu_to_use, OP_HELP); - strcat (helpstr, buf); /* __STRCAT_CHECKED__ */ + strfcat (helpstr, sizeof (helpstr), buf); menu = mutt_new_menu (); menu->max = i; @@ -4154,7 +4154,7 @@ static int gpgme_send_menu (HEADER *msg, is_smime? APPLICATION_SMIME:APPLICATION_PGP, NULL))) { - snprintf (input_signas, sizeof (input_signas), "0x%s", crypt_keyid (p)); + safe_snprintf (input_signas, sizeof (input_signas), "0x%s", crypt_keyid (p)); mutt_str_replace (is_smime? &SmimeDefaultKey : &PgpSignAs, input_signas); crypt_free_key (&p); Index: edit.c =================================================================== RCS file: /home/roessler/cvs/mutt/edit.c,v retrieving revision 3.9 diff -p -u -r3.9 edit.c --- edit.c 21 Oct 2005 04:35:37 -0000 3.9 +++ edit.c 24 May 2006 10:09:47 -0000 @@ -334,7 +334,7 @@ int mutt_builtin_editor (const char *pat tmp[0] = 0; while (!done) { - if (mutt_enter_string (tmp, sizeof (tmp), LINES-1, 0, 0) == -1) + if (mutt_enter_string (tmp, sizeof (tmp) - 1, LINES-1, 0, 0) == -1) { tmp[0] = 0; continue; @@ -470,7 +470,7 @@ int mutt_builtin_editor (const char *pat done = 1; else { - safe_strcat (tmp, sizeof (tmp), "\n"); + strfcat (tmp, sizeof (tmp), "\n"); if (buflen == bufmax) safe_realloc (&buf, sizeof (char *) * (bufmax += 25)); buf[buflen++] = safe_strdup (tmp[1] == '~' ? tmp + 1 : tmp); Index: getdomain.c =================================================================== RCS file: /home/roessler/cvs/mutt/getdomain.c,v retrieving revision 3.1 diff -p -u -r3.1 getdomain.c --- getdomain.c 3 Feb 2005 17:01:43 -0000 3.1 +++ getdomain.c 24 May 2006 10:09:47 -0000 @@ -55,7 +55,7 @@ int getdnsdomainname (char *s, size_t l) if (q) { strip_trailing_dot (q); - strfcpy (s, q, l); + safe_strfcpy (s, q, l); safe_fclose (&f); return 0; } Index: handler.c =================================================================== RCS file: /home/roessler/cvs/mutt/handler.c,v retrieving revision 3.26 diff -p -u -r3.26 handler.c --- handler.c 16 Dec 2005 18:49:40 -0000 3.26 +++ handler.c 24 May 2006 10:09:48 -0000 @@ -1536,7 +1536,7 @@ int autoview_handler (BODY *a, STATE *s) if (entry->command) { - strfcpy (command, entry->command, sizeof (command)); + safe_strfcpy (command, entry->command, sizeof (command)); /* rfc1524_expand_command returns 0 if the file is required */ piped = rfc1524_expand_command (a, tempfile, type, command, sizeof (command)); Index: hcache.c =================================================================== RCS file: /home/roessler/cvs/mutt/hcache.c,v retrieving revision 3.17 diff -p -u -r3.17 hcache.c --- hcache.c 18 May 2006 18:35:10 -0000 3.17 +++ hcache.c 24 May 2006 10:09:48 -0000 @@ -549,7 +549,7 @@ mutt_hcache_per_folder(const char *path, MD5Update(&md5, (unsigned char *) folder, strlen(folder)); MD5Final(md5sum, &md5); - ret = snprintf(mutt_hcache_per_folder_path, _POSIX_PATH_MAX, + ret = safe_snprintf(mutt_hcache_per_folder_path, _POSIX_PATH_MAX, "%s/%02x%02x%02x%02x%02x%02x%02x%02x" "%02x%02x%02x%02x%02x%02x%02x%02x", path, md5sum[0], md5sum[1], md5sum[2], md5sum[3], @@ -936,7 +936,7 @@ mutt_hcache_open(const char *path, const path = mutt_hcache_per_folder(path, folder); - snprintf(h->lockfile, _POSIX_PATH_MAX, "%s-lock-hack", path); + safe_snprintf(h->lockfile, _POSIX_PATH_MAX, "%s-lock-hack", path); h->fd = open(h->lockfile, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); if (h->fd < 0) Index: headers.c =================================================================== RCS file: /home/roessler/cvs/mutt/headers.c,v retrieving revision 3.9 diff -p -u -r3.9 headers.c --- headers.c 20 Apr 2006 16:46:49 -0000 3.9 +++ headers.c 24 May 2006 10:09:48 -0000 @@ -142,7 +142,7 @@ void mutt_edit_headers (const char *edit SKIPWS (p); if (*p) { - strfcpy (fcc, p, fcclen); + safe_strfcpy (fcc, p, fcclen); mutt_pretty_mailbox (fcc); } keep = 0; @@ -163,7 +163,7 @@ void mutt_edit_headers (const char *edit SKIPWS (q); } else - strfcpy (path, p, sizeof (path)); + safe_strfcpy (path, p, sizeof (path)); mutt_expand_path (path, sizeof (path)); if ((body = mutt_make_file_attach (path))) { Index: hook.c =================================================================== RCS file: /home/roessler/cvs/mutt/hook.c,v retrieving revision 3.13 diff -p -u -r3.13 hook.c --- hook.c 3 Mar 2006 10:12:27 -0000 3.13 +++ hook.c 24 May 2006 10:09:49 -0000 @@ -416,10 +416,10 @@ void mutt_select_fcc (char *path, size_t mutt_safe_path (buf, sizeof (buf), adr); mutt_concat_path (path, NONULL(Maildir), buf, pathlen); if (!option (OPTFORCENAME) && mx_access (path, W_OK) != 0) - strfcpy (path, NONULL (Outbox), pathlen); + safe_strfcpy (path, NONULL (Outbox), pathlen); } else - strfcpy (path, NONULL (Outbox), pathlen); + safe_strfcpy (path, NONULL (Outbox), pathlen); } mutt_pretty_mailbox (path); } Index: init.c =================================================================== RCS file: /home/roessler/cvs/mutt/init.c,v retrieving revision 3.54 diff -p -u -r3.54 init.c --- init.c 18 May 2006 17:35:29 -0000 3.54 +++ init.c 24 May 2006 10:09:50 -0000 @@ -1542,7 +1542,7 @@ static void mutt_restore_default (struct { char path[_POSIX_PATH_MAX]; - strfcpy (path, (char *) p->init, sizeof (path)); + safe_strfcpy (path, (char *) p->init, sizeof (path)); mutt_expand_path (path, sizeof (path)); mutt_str_replace ((char **) p->data, path); } @@ -1821,7 +1821,7 @@ static int parse_set (BUFFER *tmp, BUFFE } else if (DTYPE (MuttVars[idx].type) == DT_PATH) { - strfcpy (scratch, tmp->data, sizeof (scratch)); + safe_strfcpy (scratch, tmp->data, sizeof (scratch)); mutt_expand_path (scratch, sizeof (scratch)); *((char **) MuttVars[idx].data) = safe_strdup (scratch); } @@ -2207,7 +2207,7 @@ static int parse_source (BUFFER *tmp, BU strfcpy (err->data, _("source: too many arguments"), err->dsize); return (-1); } - strfcpy (path, tmp->data, sizeof (path)); + safe_strfcpy (path, tmp->data, sizeof (path)); mutt_expand_path (path, sizeof (path)); return (source_rc (path, err)); } @@ -2632,7 +2632,7 @@ int mutt_query_variables (LIST *queries) for (p = queries; p; p = p->next) { - snprintf (command, sizeof (command), "set ?%s\n", p->data); + safe_snprintf (command, sizeof (command), "set ?%s\n", p->data); if (mutt_parse_rc_line (command, &token, &err) == -1) { fprintf (stderr, "%s\n", err.data); @@ -2664,7 +2664,7 @@ int mutt_dump_variables (void) for (i = 0; MuttVars[i].option; i++) { - snprintf (command, sizeof (command), "set ?%s\n", MuttVars[i].option); + safe_snprintf (command, sizeof (command), "set ?%s\n", MuttVars[i].option); if (mutt_parse_rc_line (command, &token, &err) == -1) { fprintf (stderr, "%s\n", err.data); @@ -2709,8 +2709,8 @@ static void start_debug (void) /* rotate the old debug logs */ for (i=3; i>=0; i--) { - snprintf (buf, sizeof(buf), "%s/.muttdebug%d", NONULL(Homedir), i); - snprintf (buf2, sizeof(buf2), "%s/.muttdebug%d", NONULL(Homedir), i+1); + safe_snprintf (buf, sizeof(buf), "%s/.muttdebug%d", NONULL(Homedir), i); + safe_snprintf (buf2, sizeof(buf2), "%s/.muttdebug%d", NONULL(Homedir), i+1); rename (buf, buf2); } if ((debugfile = safe_fopen(buf, "w")) != NULL) @@ -2762,7 +2762,7 @@ void mutt_init (int skip_sys_rc, LIST *c /* * XXX - use something even more difficult to predict? */ - snprintf (AttachmentMarker, sizeof (AttachmentMarker), + safe_snprintf (AttachmentMarker, sizeof (AttachmentMarker), "\033]9;%ld\a", (long) time (NULL)); /* on one of the systems I use, getcwd() does not return the same prefix @@ -2815,7 +2815,7 @@ void mutt_init (int skip_sys_rc, LIST *c { Hostname = mutt_substrdup (utsname.nodename, p); p++; - strfcpy (buffer, p, sizeof (buffer)); /* save the domain for below */ + safe_strfcpy (buffer, p, sizeof (buffer)); /* save the domain for below */ } else Hostname = safe_strdup (utsname.nodename); @@ -2872,7 +2872,7 @@ void mutt_init (int skip_sys_rc, LIST *c { BUFFER buf, token; - snprintf (buffer, sizeof (buffer), "Reply-To: %s", p); + safe_snprintf (buffer, sizeof (buffer), "Reply-To: %s", p); memset (&buf, 0, sizeof (buf)); buf.data = buf.dptr = buffer; @@ -2935,20 +2935,20 @@ void mutt_init (int skip_sys_rc, LIST *c if (!Muttrc) { - snprintf (buffer, sizeof(buffer), "%s/.muttrc-%s", NONULL(Homedir), MUTT_VERSION); + safe_snprintf (buffer, sizeof(buffer), "%s/.muttrc-%s", NONULL(Homedir), MUTT_VERSION); if (access(buffer, F_OK) == -1) - snprintf (buffer, sizeof(buffer), "%s/.muttrc", NONULL(Homedir)); + safe_snprintf (buffer, sizeof(buffer), "%s/.muttrc", NONULL(Homedir)); if (access(buffer, F_OK) == -1) - snprintf (buffer, sizeof (buffer), "%s/.mutt/muttrc-%s", NONULL(Homedir), MUTT_VERSION); + safe_snprintf (buffer, sizeof (buffer), "%s/.mutt/muttrc-%s", NONULL(Homedir), MUTT_VERSION); if (access(buffer, F_OK) == -1) - snprintf (buffer, sizeof (buffer), "%s/.mutt/muttrc", NONULL(Homedir)); + safe_snprintf (buffer, sizeof (buffer), "%s/.mutt/muttrc", NONULL(Homedir)); default_rc = 1; Muttrc = safe_strdup (buffer); } else { - strfcpy (buffer, Muttrc, sizeof (buffer)); + safe_strfcpy (buffer, Muttrc, sizeof (buffer)); FREE (&Muttrc); mutt_expand_path (buffer, sizeof (buffer)); Muttrc = safe_strdup (buffer); @@ -2960,13 +2960,13 @@ void mutt_init (int skip_sys_rc, LIST *c requested not to via "-n". */ if (!skip_sys_rc) { - snprintf (buffer, sizeof(buffer), "%s/Muttrc-%s", SYSCONFDIR, MUTT_VERSION); + safe_snprintf (buffer, sizeof(buffer), "%s/Muttrc-%s", SYSCONFDIR, MUTT_VERSION); if (access (buffer, F_OK) == -1) - snprintf (buffer, sizeof(buffer), "%s/Muttrc", SYSCONFDIR); + safe_snprintf (buffer, sizeof(buffer), "%s/Muttrc", SYSCONFDIR); if (access (buffer, F_OK) == -1) - snprintf (buffer, sizeof (buffer), "%s/Muttrc-%s", PKGDATADIR, MUTT_VERSION); + safe_snprintf (buffer, sizeof (buffer), "%s/Muttrc-%s", PKGDATADIR, MUTT_VERSION); if (access (buffer, F_OK) == -1) - snprintf (buffer, sizeof (buffer), "%s/Muttrc", PKGDATADIR); + safe_snprintf (buffer, sizeof (buffer), "%s/Muttrc", PKGDATADIR); if (access (buffer, F_OK) != -1) { if (source_rc (buffer, &err) != 0) Index: keymap.c =================================================================== RCS file: /home/roessler/cvs/mutt/keymap.c,v retrieving revision 3.17 diff -p -u -r3.17 keymap.c --- keymap.c 17 Sep 2005 20:46:10 -0000 3.17 +++ keymap.c 24 May 2006 10:09:50 -0000 @@ -508,7 +508,7 @@ char *km_keyname (int c) snprintf (buf, sizeof (buf), "\\%d%d%d", c >> 6, (c >> 3) & 7, c & 7); } else if (c >= KEY_F0 && c < KEY_F(256)) /* this maximum is just a guess */ - sprintf (buf, "", c - KEY_F0); + snprintf (buf, sizeof (buf), "", c - KEY_F0); else if (IsPrint (c)) snprintf (buf, sizeof (buf), "%c", (unsigned char) c); else Index: main.c =================================================================== RCS file: /home/roessler/cvs/mutt/main.c,v retrieving revision 3.35 diff -p -u -r3.35 main.c --- main.c 28 Apr 2006 08:35:03 -0000 3.35 +++ main.c 24 May 2006 10:09:51 -0000 @@ -578,7 +578,7 @@ int main (int argc, char **argv) break; case 'f': - strfcpy (folder, optarg, sizeof (folder)); + safe_strfcpy (folder, optarg, sizeof (folder)); explicit_folder = 1; break; @@ -747,7 +747,7 @@ int main (int argc, char **argv) char fpath[_POSIX_PATH_MAX]; char msg[STRING]; - strfcpy (fpath, Maildir, sizeof (fpath)); + safe_strfcpy (fpath, Maildir, sizeof (fpath)); mutt_expand_path (fpath, sizeof (fpath)); #ifdef USE_IMAP /* we're not connected yet - skip mail folder creation */ @@ -825,7 +825,7 @@ int main (int argc, char **argv) { char path[_POSIX_PATH_MAX]; - strfcpy (path, infile, sizeof (path)); + safe_strfcpy (path, infile, sizeof (path)); mutt_expand_path (path, sizeof (path)); if ((fin = fopen (path, "r")) == NULL) { @@ -932,7 +932,7 @@ int main (int argc, char **argv) } if (!folder[0]) - strfcpy (folder, NONULL(Spoolfile), sizeof (folder)); + safe_strfcpy (folder, NONULL(Spoolfile), sizeof (folder)); mutt_expand_path (folder, sizeof (folder)); mutt_str_replace (&CurrentFolder, folder); Index: mbox.c =================================================================== RCS file: /home/roessler/cvs/mutt/mbox.c,v retrieving revision 3.11 diff -p -u -r3.11 mbox.c --- mbox.c 21 Oct 2005 04:35:37 -0000 3.11 +++ mbox.c 24 May 2006 10:09:52 -0000 @@ -927,7 +927,7 @@ int mbox_sync_mailbox (CONTEXT *ctx, int char savefile[_POSIX_PATH_MAX]; - snprintf (savefile, sizeof (savefile), "%s/mutt.%s-%s-%u", + safe_snprintf (savefile, sizeof (savefile), "%s/mutt.%s-%s-%u", NONULL (Tempdir), NONULL(Username), NONULL(Hostname), (unsigned int)getpid ()); rename (tempfile, savefile); mutt_unblock_signals (); Index: mh.c =================================================================== RCS file: /home/roessler/cvs/mutt/mh.c,v retrieving revision 3.34 diff -p -u -r3.34 mh.c --- mh.c 18 May 2006 18:35:10 -0000 3.34 +++ mh.c 24 May 2006 10:09:53 -0000 @@ -151,7 +151,7 @@ static void mh_read_sequences (struct mh int first, last; char pathname[_POSIX_PATH_MAX]; - snprintf (pathname, sizeof (pathname), "%s/.mh_sequences", path); + safe_snprintf (pathname, sizeof (pathname), "%s/.mh_sequences", path); if (!(fp = fopen (pathname, "r"))) return; @@ -203,7 +203,7 @@ static int mh_mkstemp (CONTEXT * dest, F FOREVER { - snprintf (path, _POSIX_PATH_MAX, "%s/.mutt-%s-%d-%d", + safe_snprintf (path, _POSIX_PATH_MAX, "%s/.mutt-%s-%d-%d", dest->path, NONULL (Hostname), (int) getpid (), Counter++); if ((fd = open (path, O_WRONLY | O_EXCL | O_CREAT, 0600)) == -1) { @@ -299,9 +299,9 @@ void mh_update_sequences (CONTEXT * ctx) struct mh_sequences mhs; memset (&mhs, 0, sizeof (mhs)); - snprintf (seq_unseen, sizeof (seq_unseen), "%s:", NONULL (MhUnseen)); - snprintf (seq_replied, sizeof (seq_replied), "%s:", NONULL (MhReplied)); - snprintf (seq_flagged, sizeof (seq_flagged), "%s:", NONULL (MhFlagged)); + safe_snprintf (seq_unseen, sizeof (seq_unseen), "%s:", NONULL (MhUnseen)); + safe_snprintf (seq_replied, sizeof (seq_replied), "%s:", NONULL (MhReplied)); + safe_snprintf (seq_flagged, sizeof (seq_flagged), "%s:", NONULL (MhFlagged)); if (mh_mkstemp (ctx, &nfp, &tmpfname) != 0) { @@ -309,7 +309,7 @@ void mh_update_sequences (CONTEXT * ctx) return; } - snprintf (sequences, sizeof (sequences), "%s/.mh_sequences", ctx->path); + safe_snprintf (sequences, sizeof (sequences), "%s/.mh_sequences", ctx->path); /* first, copy unknown sequences */ @@ -406,11 +406,11 @@ static void mh_sequences_add_one (CONTEX if (mh_mkstemp (ctx, &nfp, &tmpfname) == -1) return; - snprintf (seq_unseen, sizeof (seq_unseen), "%s:", NONULL (MhUnseen)); - snprintf (seq_replied, sizeof (seq_replied), "%s:", NONULL (MhReplied)); - snprintf (seq_flagged, sizeof (seq_flagged), "%s:", NONULL (MhFlagged)); + safe_snprintf (seq_unseen, sizeof (seq_unseen), "%s:", NONULL (MhUnseen)); + safe_snprintf (seq_replied, sizeof (seq_replied), "%s:", NONULL (MhReplied)); + safe_snprintf (seq_flagged, sizeof (seq_flagged), "%s:", NONULL (MhFlagged)); - snprintf (sequences, sizeof (sequences), "%s/.mh_sequences", ctx->path); + safe_snprintf (sequences, sizeof (sequences), "%s/.mh_sequences", ctx->path); if ((ofp = fopen (sequences, "r"))) { while ((buff = mutt_read_line (buff, &sz, ofp, &line))) @@ -565,18 +565,18 @@ static void maildir_update_mtime (CONTEX if (ctx->magic == M_MAILDIR) { - snprintf (buf, sizeof (buf), "%s/%s", ctx->path, "cur"); + safe_snprintf (buf, sizeof (buf), "%s/%s", ctx->path, "cur"); if (stat (buf, &st) == 0) ctx->mtime_cur = st.st_mtime; - snprintf (buf, sizeof (buf), "%s/%s", ctx->path, "new"); + safe_snprintf (buf, sizeof (buf), "%s/%s", ctx->path, "new"); } else { - snprintf (buf, sizeof (buf), "%s/.mh_sequences", ctx->path); + safe_snprintf (buf, sizeof (buf), "%s/.mh_sequences", ctx->path); if (stat (buf, &st) == 0) ctx->mtime_cur = st.st_mtime; - strfcpy (buf, ctx->path, sizeof (buf)); + safe_strfcpy (buf, ctx->path, sizeof (buf)); } if (stat (buf, &st) == 0) @@ -655,9 +655,9 @@ static int maildir_parse_entry (CONTEXT #endif if (subdir) - snprintf (buf, sizeof (buf), "%s/%s/%s", ctx->path, subdir, fname); + safe_snprintf (buf, sizeof (buf), "%s/%s/%s", ctx->path, subdir, fname); else - snprintf (buf, sizeof (buf), "%s/%s", ctx->path, fname); + safe_snprintf (buf, sizeof (buf), "%s/%s", ctx->path, fname); if (ctx->magic == M_MH) { @@ -686,7 +686,7 @@ static int maildir_parse_entry (CONTEXT if (subdir) { - snprintf (buf, sizeof (buf), "%s/%s", subdir, fname); + safe_snprintf (buf, sizeof (buf), "%s/%s", subdir, fname); h->path = safe_strdup (buf); } else @@ -737,11 +737,11 @@ static int maildir_parse_dir (CONTEXT * if (subdir) { - snprintf (buf, sizeof (buf), "%s/%s", ctx->path, subdir); + safe_snprintf (buf, sizeof (buf), "%s/%s", ctx->path, subdir); is_old = (mutt_strcmp ("cur", subdir) == 0); } else - strfcpy (buf, ctx->path, sizeof (buf)); + safe_strfcpy (buf, ctx->path, sizeof (buf)); if ((dirp = opendir (buf)) == NULL) return -1; @@ -965,7 +965,7 @@ void maildir_delayed_parsing (CONTEXT * when = (struct timeval *) data; #endif - snprintf (fn, sizeof (fn), "%s/%s", ctx->path, p->h->path); + safe_snprintf (fn, sizeof (fn), "%s/%s", ctx->path, p->h->path); #if USE_HCACHE if (option(OPTHCACHEVERIFY)) @@ -1082,7 +1082,7 @@ static void maildir_flags (char *dest, s if (hdr && (hdr->flagged || hdr->replied || hdr->read || hdr->deleted || hdr->old || hdr->maildir_flags)) { char tmp[LONG_STRING]; - snprintf (tmp, sizeof (tmp), + safe_snprintf (tmp, sizeof (tmp), "%s%s%s%s%s", hdr->flagged ? "F" : "", hdr->replied ? "R" : "", @@ -1090,7 +1090,7 @@ static void maildir_flags (char *dest, s NONULL(hdr->maildir_flags)); if (hdr->maildir_flags) qsort (tmp, strlen (tmp), 1, ch_compar); - snprintf (dest, destlen, ":2,%s", tmp); + safe_snprintf (dest, destlen, ":2,%s", tmp); } } @@ -1123,13 +1123,13 @@ int maildir_open_new_message (MESSAGE * *suffix = '\0'; if (hdr && (hdr->read || hdr->old)) - strfcpy (subdir, "cur", sizeof (subdir)); + safe_strfcpy (subdir, "cur", sizeof (subdir)); else - strfcpy (subdir, "new", sizeof (subdir)); + safe_strfcpy (subdir, "new", sizeof (subdir)); FOREVER { - snprintf (path, _POSIX_PATH_MAX, "%s/tmp/%s.%ld.%u_%d.%s%s", + safe_snprintf (path, _POSIX_PATH_MAX, "%s/tmp/%s.%ld.%u_%d.%s%s", dest->path, subdir, time (NULL), (unsigned int)getpid (), Counter++, NONULL (Hostname), suffix); @@ -1203,17 +1203,17 @@ int maildir_commit_message (CONTEXT * ct /* extract the flags */ if ((s = strchr (s, ':'))) - strfcpy (suffix, s, sizeof (suffix)); + safe_strfcpy (suffix, s, sizeof (suffix)); else suffix[0] = '\0'; /* construct a new file name. */ FOREVER { - snprintf (path, _POSIX_PATH_MAX, "%s/%ld.%u_%d.%s%s", subdir, + safe_snprintf (path, _POSIX_PATH_MAX, "%s/%ld.%u_%d.%s%s", subdir, time (NULL), (unsigned int)getpid (), Counter++, NONULL (Hostname), suffix); - snprintf (full, _POSIX_PATH_MAX, "%s/%s", ctx->path, path); + safe_snprintf (full, _POSIX_PATH_MAX, "%s/%s", ctx->path, path); dprint (2, (debugfile, "maildir_commit_message (): renaming %s to %s.\n", msg->path, full)); @@ -1310,8 +1310,8 @@ static int _mh_commit_message (CONTEXT * FOREVER { hi++; - snprintf (tmp, sizeof (tmp), "%d", hi); - snprintf (path, sizeof (path), "%s/%s", ctx->path, tmp); + safe_snprintf (tmp, sizeof (tmp), "%d", hi); + safe_snprintf (path, sizeof (path), "%s/%s", ctx->path, tmp); if (safe_rename (msg->path, path) == 0) { if (hdr) @@ -1364,8 +1364,8 @@ static int mh_rewrite_message (CONTEXT * if ((rc = mutt_copy_message (dest->fp, ctx, h, M_CM_UPDATE, CH_UPDATE | CH_UPDATE_LEN)) == 0) { - snprintf (oldpath, _POSIX_PATH_MAX, "%s/%s", ctx->path, h->path); - strfcpy (partpath, h->path, _POSIX_PATH_MAX); + safe_snprintf (oldpath, _POSIX_PATH_MAX, "%s/%s", ctx->path, h->path); + safe_strfcpy (partpath, h->path, _POSIX_PATH_MAX); if (ctx->magic == M_MAILDIR) rc = maildir_commit_message (ctx, dest, h); @@ -1397,7 +1397,7 @@ static int mh_rewrite_message (CONTEXT * if (ctx->magic == M_MH && rc == 0) { - snprintf (newpath, _POSIX_PATH_MAX, "%s/%s", ctx->path, h->path); + safe_snprintf (newpath, _POSIX_PATH_MAX, "%s/%s", ctx->path, h->path); if ((rc = safe_rename (newpath, oldpath)) == 0) mutt_str_replace (&h->path, partpath); } @@ -1459,7 +1459,7 @@ static int maildir_sync_message (CONTEXT return (-1); } p++; - strfcpy (newpath, p, sizeof (newpath)); + safe_strfcpy (newpath, p, sizeof (newpath)); /* kill the previous flags */ if ((p = strchr (newpath, ':')) != NULL) @@ -1467,10 +1467,10 @@ static int maildir_sync_message (CONTEXT maildir_flags (suffix, sizeof (suffix), h); - snprintf (partpath, sizeof (partpath), "%s/%s%s", + safe_snprintf (partpath, sizeof (partpath), "%s/%s%s", (h->read || h->old) ? "cur" : "new", newpath, suffix); - snprintf (fullpath, sizeof (fullpath), "%s/%s", ctx->path, partpath); - snprintf (oldpath, sizeof (oldpath), "%s/%s", ctx->path, h->path); + safe_snprintf (fullpath, sizeof (fullpath), "%s/%s", ctx->path, partpath); + safe_snprintf (oldpath, sizeof (oldpath), "%s/%s", ctx->path, h->path); if (mutt_strcmp (fullpath, oldpath) == 0) { @@ -1517,7 +1517,7 @@ int mh_sync_mailbox (CONTEXT * ctx, int if (ctx->hdrs[i]->deleted && (ctx->magic != M_MAILDIR || !option (OPTMAILDIRTRASH))) { - snprintf (path, sizeof (path), "%s/%s", ctx->path, ctx->hdrs[i]->path); + safe_snprintf (path, sizeof (path), "%s/%s", ctx->path, ctx->hdrs[i]->path); if (ctx->magic == M_MAILDIR || (option (OPTMHPURGE) && ctx->magic == M_MH)) { @@ -1534,7 +1534,7 @@ int mh_sync_mailbox (CONTEXT * ctx, int /* MH just moves files out of the way when you delete them */ if (*ctx->hdrs[i]->path != ',') { - snprintf (tmp, sizeof (tmp), "%s/,%s", ctx->path, + safe_snprintf (tmp, sizeof (tmp), "%s/,%s", ctx->path, ctx->hdrs[i]->path); unlink (tmp); rename (path, tmp); @@ -1601,7 +1601,7 @@ static char *maildir_canon_filename (cha if ((t = strrchr (src, '/'))) src = t + 1; - strfcpy (dest, src, l); + safe_strfcpy (dest, src, l); if ((u = strrchr (dest, ':'))) *u = '\0'; @@ -1699,11 +1699,11 @@ int maildir_check_mailbox (CONTEXT * ctx if (!option (OPTCHECKNEW)) return 0; - snprintf (buf, sizeof (buf), "%s/new", ctx->path); + safe_snprintf (buf, sizeof (buf), "%s/new", ctx->path); if (stat (buf, &st_new) == -1) return -1; - snprintf (buf, sizeof (buf), "%s/cur", ctx->path); + safe_snprintf (buf, sizeof (buf), "%s/cur", ctx->path); if (stat (buf, &st_cur) == -1) return -1; @@ -1837,12 +1837,12 @@ int mh_check_mailbox (CONTEXT * ctx, int if (!option (OPTCHECKNEW)) return 0; - strfcpy (buf, ctx->path, sizeof (buf)); + safe_strfcpy (buf, ctx->path, sizeof (buf)); if (stat (buf, &st) == -1) return -1; /* create .mh_sequences when there isn't one. */ - snprintf (buf, sizeof (buf), "%s/.mh_sequences", ctx->path); + safe_snprintf (buf, sizeof (buf), "%s/.mh_sequences", ctx->path); if ((i = stat (buf, &st_cur) == -1) && errno == ENOENT) { char *tmp; @@ -1938,7 +1938,7 @@ FILE *_maildir_open_find_message (const FILE *fp = NULL; int oe = ENOENT; - snprintf (dir, sizeof (dir), "%s/%s", folder, subfolder); + safe_snprintf (dir, sizeof (dir), "%s/%s", folder, subfolder); if ((dp = opendir (dir)) == NULL) { @@ -1952,7 +1952,7 @@ FILE *_maildir_open_find_message (const if (!mutt_strcmp (tunique, unique)) { - snprintf (fname, sizeof (fname), "%s/%s/%s", folder, subfolder, + safe_snprintf (fname, sizeof (fname), "%s/%s/%s", folder, subfolder, de->d_name); fp = fopen (fname, "r"); /* __FOPEN_CHECKED__ */ oe = errno; @@ -2028,7 +2028,7 @@ int maildir_check_empty (const char *pat /* we do "cur" on the first iteration since its more likely that we'll * find old messages without having to scan both subdirs */ - snprintf (realpath, sizeof (realpath), "%s/%s", path, + safe_snprintf (realpath, sizeof (realpath), "%s/%s", path, iter == 0 ? "cur" : "new"); if ((dp = opendir (realpath)) == NULL) return -1; Index: mutt_socket.c =================================================================== RCS file: /home/roessler/cvs/mutt/mutt_socket.c,v retrieving revision 3.16 diff -p -u -r3.16 mutt_socket.c --- mutt_socket.c 28 Apr 2006 08:35:03 -0000 3.16 +++ mutt_socket.c 24 May 2006 10:09:54 -0000 @@ -447,7 +447,7 @@ int raw_socket_open (CONNECTION* conn) hints.ai_socktype = SOCK_STREAM; - snprintf (port, sizeof (port), "%d", conn->account.port); + safe_snprintf (port, sizeof (port), "%d", conn->account.port); # ifdef HAVE_LIBIDN if (idna_to_ascii_lz (conn->account.host, &host_idna, 1) != IDNA_SUCCESS) Index: mutt_ssl.c =================================================================== RCS file: /home/roessler/cvs/mutt/mutt_ssl.c,v retrieving revision 3.14 diff -p -u -r3.14 mutt_ssl.c --- mutt_ssl.c 28 Apr 2006 08:35:03 -0000 3.14 +++ mutt_ssl.c 24 May 2006 10:09:54 -0000 @@ -162,7 +162,7 @@ int ssl_init (void) /* load entropy from egd sockets */ #ifdef HAVE_RAND_EGD add_entropy (getenv ("EGDSOCKET")); - snprintf (path, sizeof(path), "%s/.entropy", NONULL(Homedir)); + safe_snprintf (path, sizeof(path), "%s/.entropy", NONULL(Homedir)); add_entropy (path); add_entropy ("/tmp/entropy"); #endif @@ -423,7 +423,7 @@ static void x509_fingerprint (char *s, i { char ch[8]; snprintf (ch, 8, "%02X%s", md[j], (j % 2 ? " " : "")); - safe_strcat (s, l, ch); + strfcat (s, l, ch); } } } @@ -675,9 +675,9 @@ static int ssl_check_certificate (sslsoc helpstr[0] = '\0'; mutt_make_help (buf, sizeof (buf), _("Exit "), MENU_GENERIC, OP_EXIT); - safe_strcat (helpstr, sizeof (helpstr), buf); + strfcat (helpstr, sizeof (helpstr), buf); mutt_make_help (buf, sizeof (buf), _("Help"), MENU_GENERIC, OP_HELP); - safe_strcat (helpstr, sizeof (helpstr), buf); + strfcat (helpstr, sizeof (helpstr), buf); menu->help = helpstr; done = 0; @@ -749,5 +749,5 @@ static int ssl_passwd_cb(char *buf, int if (mutt_account_getpass (account)) return 0; - return snprintf(buf, size, "%s", account->pass); + return safe_snprintf(buf, size, "%s", account->pass); } Index: mutt_ssl_gnutls.c =================================================================== RCS file: /home/roessler/cvs/mutt/mutt_ssl_gnutls.c,v retrieving revision 3.14 diff -p -u -r3.14 mutt_ssl_gnutls.c --- mutt_ssl_gnutls.c 18 May 2006 17:35:30 -0000 3.14 +++ mutt_ssl_gnutls.c 24 May 2006 10:09:54 -0000 @@ -387,7 +387,7 @@ static void tls_fingerprint (gnutls_dige { char ch[8]; snprintf (ch, 8, "%02X%s", md[j], (j % 2 ? " " : "")); - safe_strcat (s, l, ch); + strfcat (s, l, ch); } s[2*n+n/2-1] = '\0'; /* don't want trailing space */ } @@ -769,9 +769,9 @@ static int tls_check_certificate (CONNEC helpstr[0] = '\0'; mutt_make_help (buf, sizeof (buf), _("Exit "), MENU_GENERIC, OP_EXIT); - safe_strcat (helpstr, sizeof (helpstr), buf); + strfcat (helpstr, sizeof (helpstr), buf); mutt_make_help (buf, sizeof (buf), _("Help"), MENU_GENERIC, OP_HELP); - safe_strcat (helpstr, sizeof (helpstr), buf); + strfcat (helpstr, sizeof (helpstr), buf); menu->help = helpstr; done = 0; Index: muttlib.c =================================================================== RCS file: /home/roessler/cvs/mutt/muttlib.c,v retrieving revision 3.43 diff -p -u -r3.43 muttlib.c --- muttlib.c 18 May 2006 17:35:30 -0000 3.43 +++ muttlib.c 24 May 2006 10:09:55 -0000 @@ -72,23 +72,23 @@ void mutt_adv_mktemp (char *s, size_t l) size_t sl; struct stat sb; - strfcpy (buf, NONULL (Tempdir), sizeof (buf)); + safe_strfcpy (buf, NONULL (Tempdir), sizeof (buf)); mutt_expand_path (buf, sizeof (buf)); if (s[0] == '\0') { - snprintf (s, l, "%s/muttXXXXXX", buf); + safe_snprintf (s, l, "%s/muttXXXXXX", buf); mktemp (s); } else { - strfcpy (tmp, s, sizeof (tmp)); + safe_strfcpy (tmp, s, sizeof (tmp)); mutt_sanitize_filename (tmp, 1); - snprintf (s, l, "%s/%s", buf, tmp); + safe_snprintf (s, l, "%s/%s", buf, tmp); if (lstat (s, &sb) == -1 && errno == ENOENT) return; if ((period = strrchr (tmp, '.')) != NULL) *period = 0; - snprintf (s, l, "%s/%s.XXXXXX", buf, tmp); + safe_snprintf (s, l, "%s/%s.XXXXXX", buf, tmp); mktemp (s); if (period != NULL) { @@ -113,7 +113,7 @@ int mutt_copy_body (FILE *fp, BODY **tgt if (src->filename) { use_disp = 1; - strfcpy (tmp, src->filename, sizeof (tmp)); + safe_strfcpy (tmp, src->filename, sizeof (tmp)); } else { @@ -314,20 +314,20 @@ void mutt_expand_link (char *newpath, co /* link is full path */ if (*link == '/') { - strfcpy (newpath, link, _POSIX_PATH_MAX); + safe_strfcpy (newpath, link, _POSIX_PATH_MAX); return; } if ((lb = strrchr (path, '/')) == NULL) { /* no path in link */ - strfcpy (newpath, link, _POSIX_PATH_MAX); + safe_strfcpy (newpath, link, _POSIX_PATH_MAX); return; } len = lb - path + 1; memcpy (newpath, path, len); - strfcpy (newpath + len, link, _POSIX_PATH_MAX - len); + safe_strfcpy (newpath + len, link, _POSIX_PATH_MAX - len); } char *mutt_expand_path (char *s, size_t slen) @@ -356,7 +356,7 @@ char *_mutt_expand_path (char *s, size_t { if (*(s + 1) == '/' || *(s + 1) == 0) { - strfcpy (p, NONULL(Homedir), sizeof (p)); + safe_strfcpy (p, NONULL(Homedir), sizeof (p)); tail = s + 1; } else @@ -367,7 +367,7 @@ char *_mutt_expand_path (char *s, size_t if ((pw = getpwnam (s + 1))) { - strfcpy (p, pw->pw_dir, sizeof (p)); + safe_strfcpy (p, pw->pw_dir, sizeof (p)); if (t) { *t = '/'; @@ -396,10 +396,10 @@ char *_mutt_expand_path (char *s, size_t if (mx_is_imap (NONULL (Maildir)) && (Maildir[strlen (Maildir) - 1] == '}' || Maildir[strlen (Maildir) - 1] == '/')) - strfcpy (p, NONULL (Maildir), sizeof (p)); + safe_strfcpy (p, NONULL (Maildir), sizeof (p)); else #endif - snprintf (p, sizeof (p), "%s/", NONULL (Maildir)); + safe_snprintf (p, sizeof (p), "%s/", NONULL (Maildir)); tail = s + 1; } @@ -431,14 +431,14 @@ char *_mutt_expand_path (char *s, size_t case '>': { - strfcpy (p, NONULL(Inbox), sizeof (p)); + safe_strfcpy (p, NONULL(Inbox), sizeof (p)); tail = s + 1; } break; case '<': { - strfcpy (p, NONULL(Outbox), sizeof (p)); + safe_strfcpy (p, NONULL(Outbox), sizeof (p)); tail = s + 1; } break; @@ -447,12 +447,12 @@ char *_mutt_expand_path (char *s, size_t { if (*(s+1) == '!') { - strfcpy (p, NONULL(LastFolder), sizeof (p)); + safe_strfcpy (p, NONULL(LastFolder), sizeof (p)); tail = s + 2; } else { - strfcpy (p, NONULL(Spoolfile), sizeof (p)); + safe_strfcpy (p, NONULL(Spoolfile), sizeof (p)); tail = s + 1; } } @@ -460,14 +460,14 @@ char *_mutt_expand_path (char *s, size_t case '-': { - strfcpy (p, NONULL(LastFolder), sizeof (p)); + safe_strfcpy (p, NONULL(LastFolder), sizeof (p)); tail = s + 1; } break; case '^': { - strfcpy (p, NONULL(CurrentFolder), sizeof (p)); + safe_strfcpy (p, NONULL(CurrentFolder), sizeof (p)); tail = s + 1; } break; @@ -482,12 +482,12 @@ char *_mutt_expand_path (char *s, size_t if (rx && *p && !recurse) { mutt_rx_sanitize_string (q, sizeof (q), p); - snprintf (tmp, sizeof (tmp), "%s%s", q, tail); + safe_snprintf (tmp, sizeof (tmp), "%s%s", q, tail); } else - snprintf (tmp, sizeof (tmp), "%s%s", p, tail); + safe_snprintf (tmp, sizeof (tmp), "%s%s", p, tail); - strfcpy (s, tmp, slen); + safe_strfcpy (s, tmp, slen); } while (recurse); @@ -732,7 +732,7 @@ void mutt_merge_envelopes(ENVELOPE* base void _mutt_mktemp (char *s, const char *src, int line) { - snprintf (s, _POSIX_PATH_MAX, "%s/mutt-%s-%d-%d-%d", NONULL (Tempdir), NONULL(Hostname), (int) getuid(), (int) getpid (), Counter++); + safe_snprintf (s, _POSIX_PATH_MAX, "%s/mutt-%s-%d-%d-%d", NONULL (Tempdir), NONULL(Hostname), (int) getuid(), (int) getpid (), Counter++); dprint (1, (debugfile, "%s:%d: mutt_mktemp returns \"%s\".\n", src, line, s)); unlink (s); } @@ -883,8 +883,8 @@ void mutt_expand_fmt (char *dest, size_t if (!found && destlen > 0) { - safe_strcat (dest, destlen, " "); - safe_strcat (dest, destlen, src); + strfcat (dest, destlen, " "); + strfcat (dest, destlen, src); } } @@ -897,7 +897,7 @@ int mutt_check_overwrite (const char *at char tmp[_POSIX_PATH_MAX]; struct stat st; - strfcpy (fname, path, flen); + safe_strfcpy (fname, path, flen); if (access (fname, F_OK) != 0) return 0; if (stat (fname, &st) != 0) @@ -963,7 +963,7 @@ void mutt_save_path (char *d, size_t dsi { if (a && a->mailbox) { - strfcpy (d, a->mailbox, dsize); + safe_strfcpy (d, a->mailbox, dsize); if (!option (OPTSAVEADDRESS)) { char *p; Index: mx.c =================================================================== RCS file: /home/roessler/cvs/mutt/mx.c,v retrieving revision 3.26 diff -p -u -r3.26 mx.c --- mx.c 18 May 2006 17:35:30 -0000 3.26 +++ mx.c 24 May 2006 10:09:56 -0000 @@ -79,11 +79,11 @@ static int invoke_dotlock (const char *p char r[SHORT_STRING]; if (flags & DL_FL_RETRY) - snprintf (r, sizeof (r), "-r %d ", retry ? MAXLOCKATTEMPT : 0); + safe_snprintf (r, sizeof (r), "-r %d ", retry ? MAXLOCKATTEMPT : 0); mutt_quote_filename (f, sizeof (f), path); - snprintf (cmd, sizeof (cmd), + safe_snprintf (cmd, sizeof (cmd), "%s %s%s%s%s%s%s%s", NONULL (MuttDotlock), flags & DL_FL_TRY ? "-t " : "", @@ -380,29 +380,29 @@ int mx_get_magic (const char *path) { /* check for maildir-style mailbox */ - snprintf (tmp, sizeof (tmp), "%s/cur", path); + safe_snprintf (tmp, sizeof (tmp), "%s/cur", path); if (stat (tmp, &st) == 0 && S_ISDIR (st.st_mode)) return (M_MAILDIR); /* check for mh-style mailbox */ - snprintf (tmp, sizeof (tmp), "%s/.mh_sequences", path); + safe_snprintf (tmp, sizeof (tmp), "%s/.mh_sequences", path); if (access (tmp, F_OK) == 0) return (M_MH); - snprintf (tmp, sizeof (tmp), "%s/.xmhcache", path); + safe_snprintf (tmp, sizeof (tmp), "%s/.xmhcache", path); if (access (tmp, F_OK) == 0) return (M_MH); - snprintf (tmp, sizeof (tmp), "%s/.mew_cache", path); + safe_snprintf (tmp, sizeof (tmp), "%s/.mew_cache", path); if (access (tmp, F_OK) == 0) return (M_MH); - snprintf (tmp, sizeof (tmp), "%s/.mew-cache", path); + safe_snprintf (tmp, sizeof (tmp), "%s/.mew-cache", path); if (access (tmp, F_OK) == 0) return (M_MH); - snprintf (tmp, sizeof (tmp), "%s/.sylpheed_cache", path); + safe_snprintf (tmp, sizeof (tmp), "%s/.sylpheed_cache", path); if (access (tmp, F_OK) == 0) return (M_MH); @@ -411,7 +411,7 @@ int mx_get_magic (const char *path) * Usenet news from the spool. ;-) */ - snprintf (tmp, sizeof (tmp), "%s/.overview", path); + safe_snprintf (tmp, sizeof (tmp), "%s/.overview", path); if (access (tmp, F_OK) == 0) return (M_MH); @@ -531,7 +531,7 @@ static int mx_open_mailbox_append (CONTE if (ctx->magic == M_MAILDIR) { - snprintf (tmp, sizeof (tmp), "%s/cur", ctx->path); + safe_snprintf (tmp, sizeof (tmp), "%s/cur", ctx->path); if (mkdir (tmp, S_IRWXU)) { mutt_perror (tmp); @@ -539,22 +539,22 @@ static int mx_open_mailbox_append (CONTE return (-1); } - snprintf (tmp, sizeof (tmp), "%s/new", ctx->path); + safe_snprintf (tmp, sizeof (tmp), "%s/new", ctx->path); if (mkdir (tmp, S_IRWXU)) { mutt_perror (tmp); - snprintf (tmp, sizeof (tmp), "%s/cur", ctx->path); + safe_snprintf (tmp, sizeof (tmp), "%s/cur", ctx->path); rmdir (tmp); rmdir (ctx->path); return (-1); } - snprintf (tmp, sizeof (tmp), "%s/tmp", ctx->path); + safe_snprintf (tmp, sizeof (tmp), "%s/tmp", ctx->path); if (mkdir (tmp, S_IRWXU)) { mutt_perror (tmp); - snprintf (tmp, sizeof (tmp), "%s/cur", ctx->path); + safe_snprintf (tmp, sizeof (tmp), "%s/cur", ctx->path); rmdir (tmp); - snprintf (tmp, sizeof (tmp), "%s/new", ctx->path); + safe_snprintf (tmp, sizeof (tmp), "%s/new", ctx->path); rmdir (tmp); rmdir (ctx->path); return (-1); @@ -564,7 +564,7 @@ static int mx_open_mailbox_append (CONTE { int i; - snprintf (tmp, sizeof (tmp), "%s/.mh_sequences", ctx->path); + safe_snprintf (tmp, sizeof (tmp), "%s/.mh_sequences", ctx->path); if ((i = creat (tmp, S_IRWXU)) == -1) { mutt_perror (tmp); @@ -864,11 +864,11 @@ int mx_close_mailbox (CONTEXT *ctx, int if ((p = mutt_find_hook (M_MBOXHOOK, ctx->path))) { isSpool = 1; - strfcpy (mbox, p, sizeof (mbox)); + safe_strfcpy (mbox, p, sizeof (mbox)); } else { - strfcpy (mbox, NONULL(Inbox), sizeof (mbox)); + safe_strfcpy (mbox, NONULL(Inbox), sizeof (mbox)); isSpool = mutt_is_spool (ctx->path) && !mutt_is_spool (mbox); } mutt_expand_path (mbox, sizeof (mbox)); @@ -1396,7 +1396,7 @@ MESSAGE *mx_open_message (CONTEXT *ctx, HEADER *cur = ctx->hdrs[msgno]; char path[_POSIX_PATH_MAX]; - snprintf (path, sizeof (path), "%s/%s", ctx->path, cur->path); + safe_snprintf (path, sizeof (path), "%s/%s", ctx->path, cur->path); if ((msg->fp = fopen (path, "r")) == NULL && errno == ENOENT && ctx->magic == M_MAILDIR) Index: pgp.c =================================================================== RCS file: /home/roessler/cvs/mutt/pgp.c,v retrieving revision 3.61 diff -p -u -r3.61 pgp.c --- pgp.c 22 Nov 2005 12:31:58 -0000 3.61 +++ pgp.c 24 May 2006 10:09:57 -0000 @@ -589,7 +589,7 @@ int pgp_verify_one (BODY *sigbdy, STATE int badsig = -1; int rv; - snprintf (sigfile, sizeof (sigfile), "%s.asc", tempfile); + safe_snprintf (sigfile, sizeof (sigfile), "%s.asc", tempfile); if(!(fp = safe_fopen (sigfile, "w"))) { @@ -1579,7 +1579,7 @@ int pgp_send_menu (HEADER *msg, int *red if ((p = pgp_ask_for_key (_("Sign as: "), NULL, KEYFLAG_CANSIGN, PGP_PUBRING))) { - snprintf (input_signas, sizeof (input_signas), "0x%s", + safe_snprintf (input_signas, sizeof (input_signas), "0x%s", pgp_keyid (p)); mutt_str_replace (&PgpSignAs, input_signas); pgp_free_key (&p); Index: pgpinvoke.c =================================================================== RCS file: /home/roessler/cvs/mutt/pgpinvoke.c,v retrieving revision 3.8 diff -p -u -r3.8 pgpinvoke.c --- pgpinvoke.c 17 Sep 2005 20:46:10 -0000 3.8 +++ pgpinvoke.c 24 May 2006 10:09:57 -0000 @@ -76,8 +76,8 @@ const char *_mutt_fmt_pgp_command (char { if (!optional) { - snprintf (fmt, sizeof (fmt), "%%%ss", prefix); - snprintf (dest, destlen, fmt, NONULL (cctx->ids)); + safe_snprintf (fmt, sizeof (fmt), "%%%ss", prefix); + safe_snprintf (dest, destlen, fmt, NONULL (cctx->ids)); } else if (!cctx->ids) optional = 0; @@ -88,8 +88,8 @@ const char *_mutt_fmt_pgp_command (char { if (!optional) { - snprintf (fmt, sizeof (fmt), "%%%ss", prefix); - snprintf (dest, destlen, fmt, NONULL (cctx->signas)); + safe_snprintf (fmt, sizeof (fmt), "%%%ss", prefix); + safe_snprintf (dest, destlen, fmt, NONULL (cctx->signas)); } else if (!cctx->signas) optional = 0; @@ -100,8 +100,8 @@ const char *_mutt_fmt_pgp_command (char { if (!optional) { - snprintf (fmt, sizeof (fmt), "%%%ss", prefix); - snprintf (dest, destlen, fmt, NONULL (cctx->sig_fname)); + safe_snprintf (fmt, sizeof (fmt), "%%%ss", prefix); + safe_snprintf (dest, destlen, fmt, NONULL (cctx->sig_fname)); } else if (!cctx->sig_fname) optional = 0; @@ -112,8 +112,8 @@ const char *_mutt_fmt_pgp_command (char { if (!optional) { - snprintf (fmt, sizeof (fmt), "%%%ss", prefix); - snprintf (dest, destlen, fmt, NONULL (cctx->fname)); + safe_snprintf (fmt, sizeof (fmt), "%%%ss", prefix); + safe_snprintf (dest, destlen, fmt, NONULL (cctx->fname)); } else if (!cctx->fname) optional = 0; @@ -124,8 +124,8 @@ const char *_mutt_fmt_pgp_command (char { if (!optional) { - snprintf (fmt, sizeof (fmt), "%%%ss", prefix); - snprintf (dest, destlen, fmt, cctx->need_passphrase ? "PGPPASSFD=0" : ""); + safe_snprintf (fmt, sizeof (fmt), "%%%ss", prefix); + safe_snprintf (dest, destlen, fmt, cctx->need_passphrase ? "PGPPASSFD=0" : ""); } else if (!cctx->need_passphrase || pgp_use_gpg_agent()) optional = 0; @@ -344,7 +344,7 @@ pid_t pgp_invoke_list_keys (FILE **pgpin for (; hints; hints = hints->next) { mutt_quote_filename (quoted, sizeof (quoted), (char *) hints->data); - snprintf (tmpuids, sizeof (tmpuids), "%s %s", uids, quoted); + safe_snprintf (tmpuids, sizeof (tmpuids), "%s %s", uids, quoted); strcpy (uids, tmpuids); /* __STRCPY_CHECKED__ */ } Index: pgpkey.c =================================================================== RCS file: /home/roessler/cvs/mutt/pgpkey.c,v retrieving revision 3.11 diff -p -u -r3.11 pgpkey.c --- pgpkey.c 17 Sep 2005 20:46:11 -0000 3.11 +++ pgpkey.c 24 May 2006 10:09:58 -0000 @@ -512,14 +512,14 @@ static pgp_key_t pgp_select_key (pgp_key helpstr[0] = 0; mutt_make_help (buf, sizeof (buf), _("Exit "), MENU_PGP, OP_EXIT); - strcat (helpstr, buf); /* __STRCAT_CHECKED__ */ + strfcat (helpstr, sizeof (helpstr), buf); mutt_make_help (buf, sizeof (buf), _("Select "), MENU_PGP, OP_GENERIC_SELECT_ENTRY); - strcat (helpstr, buf); /* __STRCAT_CHECKED__ */ + strfcat (helpstr, sizeof (helpstr), buf); mutt_make_help (buf, sizeof (buf), _("Check key "), MENU_PGP, OP_VERIFY_KEY); - strcat (helpstr, buf); /* __STRCAT_CHECKED__ */ + strfcat (helpstr, sizeof (helpstr), buf); mutt_make_help (buf, sizeof (buf), _("Help"), MENU_PGP, OP_HELP); - strcat (helpstr, buf); /* __STRCAT_CHECKED__ */ + strfcat (helpstr, sizeof (helpstr), buf); menu = mutt_new_menu (); menu->max = i; @@ -562,7 +562,7 @@ static pgp_key_t pgp_select_key (pgp_key mutt_message _("Invoking PGP..."); - snprintf (tmpbuf, sizeof (tmpbuf), "0x%s", pgp_keyid (pgp_principal_key (KeyTable[menu->current]->parent))); + safe_snprintf (tmpbuf, sizeof (tmpbuf), "0x%s", pgp_keyid (pgp_principal_key (KeyTable[menu->current]->parent))); if ((thepid = pgp_invoke_verify_key (NULL, NULL, NULL, -1, fileno (fp), fileno (devnull), tmpbuf)) == -1) @@ -725,7 +725,7 @@ BODY *pgp_make_key_attachment (char *tem if (!key) return NULL; - snprintf (tmp, sizeof (tmp), "0x%s", pgp_keyid (pgp_principal_key (key))); + safe_snprintf (tmp, sizeof (tmp), "0x%s", pgp_keyid (pgp_principal_key (key))); pgp_free_key (&key); if (!tempf) Index: pop.c =================================================================== RCS file: /home/roessler/cvs/mutt/pop.c,v retrieving revision 3.9 diff -p -u -r3.9 pop.c --- pop.c 21 Oct 2005 04:35:37 -0000 3.9 +++ pop.c 24 May 2006 10:09:58 -0000 @@ -64,13 +64,13 @@ static int pop_read_header (POP_DATA *po return -3; } - snprintf (buf, sizeof (buf), "LIST %d\r\n", h->refno); + safe_snprintf (buf, sizeof (buf), "LIST %d\r\n", h->refno); ret = pop_query (pop_data, buf, sizeof (buf)); if (ret == 0) { sscanf (buf, "+OK %d %ld", &index, &length); - snprintf (buf, sizeof (buf), "TOP %d 0\r\n", h->refno); + safe_snprintf (buf, sizeof (buf), "TOP %d 0\r\n", h->refno); ret = pop_fetch_data (pop_data, buf, NULL, fetch_message, f); if (pop_data->cmd_top == 2) @@ -397,7 +397,7 @@ int pop_fetch_message (MESSAGE* msg, CON return -1; } - snprintf (buf, sizeof (buf), "RETR %d\r\n", h->refno); + safe_snprintf (buf, sizeof (buf), "RETR %d\r\n", h->refno); ret = pop_fetch_data (pop_data, buf, &progressbar, fetch_message, msg->fp); if (ret == 0) @@ -471,14 +471,14 @@ int pop_sync_mailbox (CONTEXT *ctx, int { if (ctx->hdrs[i]->deleted) { - snprintf (buf, sizeof (buf), "DELE %d\r\n", ctx->hdrs[i]->refno); + safe_snprintf (buf, sizeof (buf), "DELE %d\r\n", ctx->hdrs[i]->refno); ret = pop_query (pop_data, buf, sizeof (buf)); } } if (ret == 0) { - strfcpy (buf, "QUIT\r\n", sizeof (buf)); + safe_strfcpy (buf, "QUIT\r\n", sizeof (buf)); ret = pop_query (pop_data, buf, sizeof (buf)); } @@ -585,7 +585,7 @@ void pop_fetch_mail (void) mutt_message _("Checking for new messages..."); /* find out how many messages are in the mailbox. */ - strfcpy (buffer, "STAT\r\n", sizeof (buffer)); + safe_strfcpy (buffer, "STAT\r\n", sizeof (buffer)); ret = pop_query (pop_data, buffer, sizeof (buffer)); if (ret == -1) goto fail; @@ -600,7 +600,7 @@ void pop_fetch_mail (void) /* only get unread messages */ if (msgs > 0 && option (OPTPOPLAST)) { - strfcpy (buffer, "LAST\r\n", sizeof (buffer)); + safe_strfcpy (buffer, "LAST\r\n", sizeof (buffer)); ret = pop_query (pop_data, buffer, sizeof (buffer)); if (ret == -1) goto fail; @@ -628,7 +628,7 @@ void pop_fetch_mail (void) ret = -3; else { - snprintf (buffer, sizeof (buffer), "RETR %d\r\n", i); + safe_snprintf (buffer, sizeof (buffer), "RETR %d\r\n", i); ret = pop_fetch_data (pop_data, buffer, NULL, fetch_message, msg->fp); if (ret == -3) rset = 1; @@ -645,7 +645,7 @@ void pop_fetch_mail (void) if (ret == 0 && delanswer == M_YES) { /* delete the message on the server */ - snprintf (buffer, sizeof (buffer), "DELE %d\r\n", i); + safe_snprintf (buffer, sizeof (buffer), "DELE %d\r\n", i); ret = pop_query (pop_data, buffer, sizeof (buffer)); } @@ -673,14 +673,14 @@ void pop_fetch_mail (void) if (rset) { /* make sure no messages get deleted */ - strfcpy (buffer, "RSET\r\n", sizeof (buffer)); + safe_strfcpy (buffer, "RSET\r\n", sizeof (buffer)); if (pop_query (pop_data, buffer, sizeof (buffer)) == -1) goto fail; } finish: /* exit gracefully */ - strfcpy (buffer, "QUIT\r\n", sizeof (buffer)); + safe_strfcpy (buffer, "QUIT\r\n", sizeof (buffer)); if (pop_query (pop_data, buffer, sizeof (buffer)) == -1) goto fail; mutt_socket_close (conn); Index: pop_auth.c =================================================================== RCS file: /home/roessler/cvs/mutt/pop_auth.c,v retrieving revision 3.7 diff -p -u -r3.7 pop_auth.c --- pop_auth.c 17 Sep 2005 20:46:11 -0000 3.7 +++ pop_auth.c 24 May 2006 10:09:58 -0000 @@ -78,13 +78,13 @@ static pop_auth_res_t pop_auth_sasl (POP mutt_message _("Authenticating (SASL)..."); - snprintf (buf, sizeof (buf), "AUTH %s", mech); + safe_snprintf (buf, sizeof (buf), "AUTH %s", mech); olen = strlen (buf); /* looping protocol */ FOREVER { - strfcpy (buf + olen, "\r\n", sizeof (buf) - olen); + safe_strfcpy (buf + olen, "\r\n", sizeof (buf) - olen); mutt_socket_write (pop_data->conn, buf); if (mutt_socket_readln (inbuf, sizeof (inbuf), pop_data->conn) < 0) { @@ -143,7 +143,7 @@ bail: /* terminate SASL sessoin if the last responce is not +OK nor -ERR */ if (!mutt_strncmp (inbuf, "+ ", 2)) { - snprintf (buf, sizeof (buf), "*\r\n"); + safe_snprintf (buf, sizeof (buf), "*\r\n"); if (pop_query (pop_data, buf, sizeof (buf)) == -1) return POP_A_SOCKET; } @@ -192,10 +192,10 @@ static pop_auth_res_t pop_auth_apop (POP MD5Final (digest, &mdContext); for (i = 0; i < sizeof (digest); i++) - sprintf (hash + 2 * i, "%02x", digest[i]); + snprintf (hash + 2 * i, sizeof (hash) - (2 * i), "%02x", digest[i]); /* Send APOP command to server */ - snprintf (buf, sizeof (buf), "APOP %s %s\r\n", pop_data->conn->account.user, hash); + safe_snprintf (buf, sizeof (buf), "APOP %s %s\r\n", pop_data->conn->account.user, hash); switch (pop_query (pop_data, buf, sizeof (buf))) { @@ -222,7 +222,7 @@ static pop_auth_res_t pop_auth_user (POP mutt_message _("Logging in..."); - snprintf (buf, sizeof (buf), "USER %s\r\n", pop_data->conn->account.user); + safe_snprintf (buf, sizeof (buf), "USER %s\r\n", pop_data->conn->account.user); ret = pop_query (pop_data, buf, sizeof (buf)); if (pop_data->cmd_user == 2) @@ -246,7 +246,7 @@ static pop_auth_res_t pop_auth_user (POP if (ret == 0) { - snprintf (buf, sizeof (buf), "PASS %s\r\n", pop_data->conn->account.pass); + safe_snprintf (buf, sizeof (buf), "PASS %s\r\n", pop_data->conn->account.pass); ret = pop_query_d (pop_data, buf, sizeof (buf), #ifdef DEBUG /* don't print the password unless we're at the ungodly debugging level */ Index: pop_lib.c =================================================================== RCS file: /home/roessler/cvs/mutt/pop_lib.c,v retrieving revision 3.13 diff -p -u -r3.13 pop_lib.c --- pop_lib.c 28 Apr 2006 08:35:03 -0000 3.13 +++ pop_lib.c 24 May 2006 10:09:58 -0000 @@ -165,7 +165,7 @@ static int pop_capabilities (POP_DATA *p /* Execute CAPA command */ if (mode == 0 || pop_data->cmd_capa) { - strfcpy (buf, "CAPA\r\n", sizeof (buf)); + safe_strfcpy (buf, "CAPA\r\n", sizeof (buf)); switch (pop_fetch_data (pop_data, buf, NULL, fetch_capa, pop_data)) { case 0: @@ -185,7 +185,7 @@ static int pop_capabilities (POP_DATA *p pop_data->cmd_uidl = 2; pop_data->cmd_top = 2; - strfcpy (buf, "AUTH\r\n", sizeof (buf)); + safe_strfcpy (buf, "AUTH\r\n", sizeof (buf)); if (pop_fetch_data (pop_data, buf, NULL, fetch_auth, pop_data) == -1) return -1; } @@ -292,7 +292,7 @@ int pop_open_connection (POP_DATA *pop_d } if (pop_data->use_stls == 2) { - strfcpy (buf, "STLS\r\n", sizeof (buf)); + safe_strfcpy (buf, "STLS\r\n", sizeof (buf)); ret = pop_query (pop_data, buf, sizeof (buf)); if (ret == -1) goto err_conn; @@ -349,7 +349,7 @@ int pop_open_connection (POP_DATA *pop_d } /* get total size of mailbox */ - strfcpy (buf, "STAT\r\n", sizeof (buf)); + safe_strfcpy (buf, "STAT\r\n", sizeof (buf)); ret = pop_query (pop_data, buf, sizeof (buf)); if (ret == -1) goto err_conn; @@ -384,13 +384,13 @@ void pop_logout (CONTEXT *ctx) if (ctx->readonly) { - strfcpy (buf, "RSET\r\n", sizeof (buf)); + safe_strfcpy (buf, "RSET\r\n", sizeof (buf)); ret = pop_query (pop_data, buf, sizeof (buf)); } if (ret != -1) { - strfcpy (buf, "QUIT\r\n", sizeof (buf)); + safe_strfcpy (buf, "QUIT\r\n", sizeof (buf)); pop_query (pop_data, buf, sizeof (buf)); } @@ -461,7 +461,7 @@ int pop_fetch_data (POP_DATA *pop_data, long pos = 0; size_t lenbuf = 0; - strfcpy (buf, query, sizeof (buf)); + safe_strfcpy (buf, query, sizeof (buf)); ret = pop_query (pop_data, buf, sizeof (buf)); if (ret < 0) return ret; Index: postpone.c =================================================================== RCS file: /home/roessler/cvs/mutt/postpone.c,v retrieving revision 3.18 diff -p -u -r3.18 postpone.c --- postpone.c 20 Apr 2006 16:46:49 -0000 3.18 +++ postpone.c 24 May 2006 10:09:59 -0000 @@ -115,7 +115,7 @@ int mutt_num_postponed (int force) char buf[_POSIX_PATH_MAX]; - snprintf (buf, sizeof (buf), "%s/new", Postponed); + safe_snprintf (buf, sizeof (buf), "%s/new", Postponed); if (access (buf, F_OK) == 0 && stat (buf, &st) == -1) { PostCount = 0; @@ -321,7 +321,7 @@ int mutt_get_postponed (CONTEXT *ctx, HE { p = tmp->data + 11; SKIPWS (p); - strfcpy (fcc, p, fcclen); + safe_strfcpy (fcc, p, fcclen); mutt_pretty_mailbox (fcc); /* remove the X-Mutt-Fcc: header field */ Index: recvattach.c =================================================================== RCS file: /home/roessler/cvs/mutt/recvattach.c,v retrieving revision 3.22 diff -p -u -r3.22 recvattach.c --- recvattach.c 18 Apr 2006 15:28:50 -0000 3.22 +++ recvattach.c 24 May 2006 10:09:59 -0000 @@ -436,7 +436,7 @@ static int mutt_query_save_attachment (F } else if (rc == -1) return -1; - strfcpy(tfile, buf, sizeof(tfile)); + safe_strfcpy(tfile, buf, sizeof(tfile)); } else { Index: rfc1524.c =================================================================== RCS file: /home/roessler/cvs/mutt/rfc1524.c,v retrieving revision 3.9 diff -p -u -r3.9 rfc1524.c --- rfc1524.c 18 May 2006 17:35:30 -0000 3.9 +++ rfc1524.c 24 May 2006 10:10:00 -0000 @@ -90,7 +90,7 @@ int rfc1524_expand_command (BODY *a, cha param[z] = '\0'; _pvalue = mutt_get_parameter (param, a->parameter); - strfcpy (pvalue, NONULL(_pvalue), sizeof (pvalue)); + safe_strfcpy (pvalue, NONULL(_pvalue), sizeof (pvalue)); if (option (OPTMAILCAPSANITIZE)) mutt_sanitize_filename (pvalue, 0); @@ -111,7 +111,7 @@ int rfc1524_expand_command (BODY *a, cha buf[y++] = command[x++]; } buf[y] = '\0'; - strfcpy (command, buf, clen); + safe_strfcpy (command, buf, clen); return needspipe; } @@ -469,7 +469,7 @@ int rfc1524_expand_filename (char *namet if (!nametemplate) { if (oldfile) - strfcpy (newfile, oldfile, nflen); + safe_strfcpy (newfile, oldfile, nflen); } else if (!oldfile) { @@ -537,14 +537,14 @@ int rfc1524_expand_filename (char *namet else strnfcpy(left, nametemplate, sizeof(left), i); if(rmatch) *right = 0; - else strfcpy(right, nametemplate + i + 2, sizeof(right)); + else safe_strfcpy(right, nametemplate + i + 2, sizeof(right)); - snprintf(newfile, nflen, "%s%s%s", left, oldfile, right); + safe_snprintf(newfile, nflen, "%s%s%s", left, oldfile, right); } else { /* no "%s" in the name template. */ - strfcpy(newfile, nametemplate, nflen); + safe_strfcpy(newfile, nametemplate, nflen); } } Index: rfc2231.c =================================================================== RCS file: /home/roessler/cvs/mutt/rfc2231.c,v retrieving revision 3.8 diff -p -u -r3.8 rfc2231.c --- rfc2231.c 18 May 2006 17:35:30 -0000 3.8 +++ rfc2231.c 24 May 2006 10:10:00 -0000 @@ -348,14 +348,15 @@ int rfc2231_encode_string (char **pd) if (encode) { - e = safe_malloc (dlen + 2*ext + strlen (charset) + 3); - sprintf (e, "%s''", charset); /* __SPRINTF_CHECKED__ */ + size_t elen = dlen + 2*ext + strlen (charset) + 3; + e = safe_malloc (elen); + snprintf (e, elen, "%s''", charset); t = e + strlen (e); for (s = d, slen = dlen; slen; s++, slen--) if (*s < 0x20 || *s >= 0x7f || strchr (MimeSpecials, *s) || strchr ("*'%", *s)) { - sprintf (t, "%%%02X", (unsigned char)*s); + snprintf (t, elen - (t - e), "%%%02X", (unsigned char)*s); t += 3; } else Index: sendlib.c =================================================================== RCS file: /home/roessler/cvs/mutt/sendlib.c,v retrieving revision 3.38 diff -p -u -r3.38 sendlib.c --- sendlib.c 18 May 2006 17:35:30 -0000 3.38 +++ sendlib.c 24 May 2006 10:10:01 -0000 @@ -327,7 +327,7 @@ int mutt_write_mime_header (BODY *a, FIL */ if (!ascii_strcasecmp (p->attribute, "boundary") && !strcmp (buffer, tmp)) - snprintf (buffer, sizeof (buffer), "\"%s\"", tmp); + safe_snprintf (buffer, sizeof (buffer), "\"%s\"", tmp); FREE (&tmp); @@ -939,13 +939,13 @@ int mutt_lookup_mime_type (BODY *att, co switch (count) { case 0: - snprintf (buf, sizeof (buf), "%s/.mime.types", NONULL(Homedir)); + safe_snprintf (buf, sizeof (buf), "%s/.mime.types", NONULL(Homedir)); break; case 1: - strfcpy (buf, SYSCONFDIR"/mime.types", sizeof(buf)); + safe_strfcpy (buf, SYSCONFDIR"/mime.types", sizeof(buf)); break; case 2: - strfcpy (buf, PKGDATADIR"/mime.types", sizeof (buf)); + safe_strfcpy (buf, PKGDATADIR"/mime.types", sizeof (buf)); break; default: dprint (1, (debugfile, "mutt_lookup_mime_type: Internal error, count = %d.\n", count)); @@ -1719,7 +1719,7 @@ char *mutt_gen_msgid (void) if(!(fqdn = mutt_fqdn(0))) fqdn = NONULL(Hostname); - snprintf (buf, sizeof (buf), "<%d%02d%02d%02d%02d%02d.G%c%u@%s>", + safe_snprintf (buf, sizeof (buf), "<%d%02d%02d%02d%02d%02d.G%c%u@%s>", tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, MsgIdPfx, (unsigned int)getpid (), fqdn); MsgIdPfx = (MsgIdPfx == 'Z') ? 'A' : MsgIdPfx + 1; Index: smime.c =================================================================== RCS file: /home/roessler/cvs/mutt/smime.c,v retrieving revision 3.48 diff -p -u -r3.48 smime.c --- smime.c 16 Dec 2005 18:49:40 -0000 3.48 +++ smime.c 24 May 2006 10:10:02 -0000 @@ -150,17 +150,17 @@ static const char *_mutt_fmt_smime_comma char buf1[LONG_STRING], buf2[LONG_STRING]; struct stat sb; - strfcpy (path, NONULL (SmimeCALocation), sizeof (path)); + safe_strfcpy (path, NONULL (SmimeCALocation), sizeof (path)); mutt_expand_path (path, sizeof (path)); mutt_quote_filename (buf1, sizeof (buf1), path); if (stat (path, &sb) != 0 || !S_ISDIR (sb.st_mode)) - snprintf (buf2, sizeof (buf2), "-CAfile %s", buf1); + safe_snprintf (buf2, sizeof (buf2), "-CAfile %s", buf1); else - snprintf (buf2, sizeof (buf2), "-CApath %s", buf1); + safe_snprintf (buf2, sizeof (buf2), "-CApath %s", buf1); - snprintf (fmt, sizeof (fmt), "%%%ss", prefix); - snprintf (dest, destlen, fmt, buf2); + safe_snprintf (fmt, sizeof (fmt), "%%%ss", prefix); + safe_snprintf (dest, destlen, fmt, buf2); } else if (!SmimeCALocation) optional = 0; @@ -170,8 +170,8 @@ static const char *_mutt_fmt_smime_comma case 'c': { /* certificate (list) */ if (!optional) { - snprintf (fmt, sizeof (fmt), "%%%ss", prefix); - snprintf (dest, destlen, fmt, NONULL(cctx->certificates)); + safe_snprintf (fmt, sizeof (fmt), "%%%ss", prefix); + safe_snprintf (dest, destlen, fmt, NONULL(cctx->certificates)); } else if (!cctx->certificates) optional = 0; @@ -181,8 +181,8 @@ static const char *_mutt_fmt_smime_comma case 'i': { /* intermediate certificates */ if (!optional) { - snprintf (fmt, sizeof (fmt), "%%%ss", prefix); - snprintf (dest, destlen, fmt, NONULL(cctx->intermediates)); + safe_snprintf (fmt, sizeof (fmt), "%%%ss", prefix); + safe_snprintf (dest, destlen, fmt, NONULL(cctx->intermediates)); } else if (!cctx->intermediates) optional = 0; @@ -193,8 +193,8 @@ static const char *_mutt_fmt_smime_comma { /* detached signature */ if (!optional) { - snprintf (fmt, sizeof (fmt), "%%%ss", prefix); - snprintf (dest, destlen, fmt, NONULL (cctx->sig_fname)); + safe_snprintf (fmt, sizeof (fmt), "%%%ss", prefix); + safe_snprintf (dest, destlen, fmt, NONULL (cctx->sig_fname)); } else if (!cctx->sig_fname) optional = 0; @@ -205,8 +205,8 @@ static const char *_mutt_fmt_smime_comma { /* private key */ if (!optional) { - snprintf (fmt, sizeof (fmt), "%%%ss", prefix); - snprintf (dest, destlen, fmt, NONULL (cctx->key)); + safe_snprintf (fmt, sizeof (fmt), "%%%ss", prefix); + safe_snprintf (dest, destlen, fmt, NONULL (cctx->key)); } else if (!cctx->key) optional = 0; @@ -216,8 +216,8 @@ static const char *_mutt_fmt_smime_comma case 'a': { /* algorithm for encryption */ if (!optional) { - snprintf (fmt, sizeof (fmt), "%%%ss", prefix); - snprintf (dest, destlen, fmt, NONULL (cctx->cryptalg)); + safe_snprintf (fmt, sizeof (fmt), "%%%ss", prefix); + safe_snprintf (dest, destlen, fmt, NONULL (cctx->cryptalg)); } else if (!cctx->key) optional = 0; @@ -228,8 +228,8 @@ static const char *_mutt_fmt_smime_comma { /* file to process */ if (!optional) { - snprintf (fmt, sizeof (fmt), "%%%ss", prefix); - snprintf (dest, destlen, fmt, NONULL (cctx->fname)); + safe_snprintf (fmt, sizeof (fmt), "%%%ss", prefix); + safe_snprintf (dest, destlen, fmt, NONULL (cctx->fname)); } else if (!cctx->fname) optional = 0; @@ -366,7 +366,7 @@ char* smime_ask_for_key (char *prompt, c char title[256]; if (!prompt) prompt = _("Enter keyID: "); - snprintf(index_file, sizeof (index_file), "%s/.index", + safe_snprintf(index_file, sizeof (index_file), "%s/.index", public ? NONULL(SmimeCertificates) : NONULL(SmimeKeys)); index = fopen(index_file, "r"); @@ -465,7 +465,7 @@ char* smime_ask_for_key (char *prompt, c } if (hash) { fname = safe_malloc(13); /* Hash + '.' + Suffix + \0 */ - sprintf(fname, "%.8x.%i", Table[cur].hash, Table[cur].suffix); + snprintf(fname, 13, "%.8x.%i", Table[cur].hash, Table[cur].suffix); } else fname = NULL; @@ -506,7 +506,7 @@ char *smime_get_field_from_db (char *mai specs on their CA-directory. */ - snprintf (cert_path, sizeof (cert_path), "%s/.index", + safe_snprintf (cert_path, sizeof (cert_path), "%s/.index", (public ? NONULL(SmimeCertificates) : NONULL(SmimeKeys))); if (!stat (cert_path, &info)) @@ -563,7 +563,7 @@ char *smime_get_field_from_db (char *mai } else if (choice == M_YES) { - strfcpy (key, fields[1], sizeof (key)); + safe_strfcpy (key, fields[1], sizeof (key)); ask = 0; break; } @@ -572,7 +572,7 @@ char *smime_get_field_from_db (char *mai { if (public) key_trust_level = *fields[4]; - strfcpy (key, fields[1], sizeof (key)); + safe_strfcpy (key, fields[1], sizeof (key)); } found = 1; } @@ -591,14 +591,14 @@ char *smime_get_field_from_db (char *mai !(mutt_strncasecmp (query, fields[2], query_len))) { ask = 0; - strfcpy (key, fields[1], sizeof (key)); + safe_strfcpy (key, fields[1], sizeof (key)); } /* query = certificate: return intermediate certificate. */ else if (numFields >= 4 && !(mutt_strncasecmp (query, fields[1], query_len))) { ask = 0; - strfcpy (key, fields[3], sizeof (key)); + safe_strfcpy (key, fields[3], sizeof (key)); } } @@ -678,10 +678,10 @@ void _smime_getkeys (char *mailbox) } else smime_void_passphrase (); - snprintf (SmimeKeyToUse, sizeof (SmimeKeyToUse), "%s/%s", + safe_snprintf (SmimeKeyToUse, sizeof (SmimeKeyToUse), "%s/%s", NONULL(SmimeKeys), k); - snprintf (SmimeCertToUse, sizeof (SmimeCertToUse), "%s/%s", + safe_snprintf (SmimeCertToUse, sizeof (SmimeCertToUse), "%s/%s", NONULL(SmimeCertificates), k); if (mutt_strcasecmp (k, SmimeDefaultKey)) @@ -700,10 +700,10 @@ void _smime_getkeys (char *mailbox) smime_void_passphrase (); } - snprintf (SmimeKeyToUse, sizeof (SmimeKeyToUse), "%s/%s", + safe_snprintf (SmimeKeyToUse, sizeof (SmimeKeyToUse), "%s/%s", NONULL (SmimeKeys), NONULL (SmimeDefaultKey)); - snprintf (SmimeCertToUse, sizeof (SmimeCertToUse), "%s/%s", + safe_snprintf (SmimeCertToUse, sizeof (SmimeCertToUse), "%s/%s", NONULL (SmimeCertificates), NONULL (SmimeDefaultKey)); } @@ -714,10 +714,10 @@ void smime_getkeys (ENVELOPE *env) if (option (OPTSDEFAULTDECRYPTKEY) && SmimeDefaultKey && *SmimeDefaultKey) { - snprintf (SmimeKeyToUse, sizeof (SmimeKeyToUse), "%s/%s", + safe_snprintf (SmimeKeyToUse, sizeof (SmimeKeyToUse), "%s/%s", NONULL (SmimeKeys), SmimeDefaultKey); - snprintf (SmimeCertToUse, sizeof (SmimeCertToUse), "%s/%s", + safe_snprintf (SmimeCertToUse, sizeof (SmimeCertToUse), "%s/%s", NONULL(SmimeCertificates), SmimeDefaultKey); return; @@ -1298,7 +1298,7 @@ BODY *smime_build_smime_entity (BODY *a, while (*++cert_end && *cert_end != '\n'); if (!*cert_end) break; *cert_end = '\0'; - snprintf (certfile+off, sizeof (certfile)-off, " %s/%s", + safe_snprintf (certfile+off, sizeof (certfile)-off, " %s/%s", NONULL(SmimeCertificates), cert_start); *cert_end = '\n'; cert_start = cert_end; @@ -1416,13 +1416,13 @@ BODY *smime_sign_message (BODY *a ) - snprintf (SmimeKeyToUse, sizeof (SmimeKeyToUse), "%s/%s", + safe_snprintf (SmimeKeyToUse, sizeof (SmimeKeyToUse), "%s/%s", NONULL(SmimeKeys), SmimeDefaultKey); - snprintf (SmimeCertToUse, sizeof (SmimeCertToUse), "%s/%s", + safe_snprintf (SmimeCertToUse, sizeof (SmimeCertToUse), "%s/%s", NONULL(SmimeCertificates), SmimeDefaultKey); - snprintf (SmimeIntermediateToUse, sizeof (SmimeIntermediateToUse), "%s/%s", + safe_snprintf (SmimeIntermediateToUse, sizeof (SmimeIntermediateToUse), "%s/%s", NONULL(SmimeCertificates), intermediates); @@ -1554,7 +1554,7 @@ int smime_verify_one (BODY *sigbdy, STAT char *savePrefix = NULL; - snprintf (signedfile, sizeof (signedfile), "%s.sig", tempfile); + safe_snprintf (signedfile, sizeof (signedfile), "%s.sig", tempfile); /* decode to a tempfile, saving the original destination */ fp = s->fpout; Index: url.c =================================================================== RCS file: /home/roessler/cvs/mutt/url.c,v retrieving revision 3.9 diff -p -u -r3.9 url.c --- url.c 17 Sep 2005 20:46:11 -0000 3.9 +++ url.c 24 May 2006 10:10:02 -0000 @@ -95,7 +95,7 @@ int url_parse_file (char *d, const char else if (!ascii_strncasecmp (src, "file://", 7)) /* we don't support remote files */ return -1; else - strfcpy (d, src + 5, dl); + safe_strfcpy (d, src + 5, dl); url_pct_decode (d); return 0; @@ -178,7 +178,7 @@ int url_ciss_tostring (ciss_url_t* ciss, if (ciss->scheme == U_UNKNOWN) return -1; - snprintf (dest, len, "%s:", mutt_getnamebyvalue (ciss->scheme, UrlMap)); + safe_snprintf (dest, len, "%s:", mutt_getnamebyvalue (ciss->scheme, UrlMap)); if (ciss->host) { @@ -187,17 +187,17 @@ int url_ciss_tostring (ciss_url_t* ciss, if (ciss->user) { if (flags & U_DECODE_PASSWD && ciss->pass) - snprintf (dest, len, "%s:%s@", ciss->user, ciss->pass); + safe_snprintf (dest, len, "%s:%s@", ciss->user, ciss->pass); else - snprintf (dest, len, "%s@", ciss->user); + safe_snprintf (dest, len, "%s@", ciss->user); len -= (l = strlen (dest)); dest += l; } if (ciss->port) - snprintf (dest, len, "%s:%hu/", ciss->host, ciss->port); + safe_snprintf (dest, len, "%s:%hu/", ciss->host, ciss->port); else - snprintf (dest, len, "%s/", ciss->host); + safe_snprintf (dest, len, "%s/", ciss->host); } if (ciss->path) @@ -251,7 +251,7 @@ int url_parse_mailto (ENVELOPE *e, char { taglen = strlen (tag); /* mutt_parse_rfc822_line makes some assumptions */ - snprintf (scratch, sizeof (scratch), "%s: %s", tag, value); + safe_snprintf (scratch, sizeof (scratch), "%s: %s", tag, value); scratch[taglen] = '\0'; value = &scratch[taglen+1]; SKIPWS (value); Index: imap/auth_cram.c =================================================================== RCS file: /home/roessler/cvs/mutt/imap/auth_cram.c,v retrieving revision 3.7 diff -p -u -r3.7 auth_cram.c --- imap/auth_cram.c 10 Dec 2005 07:01:36 -0000 3.7 +++ imap/auth_cram.c 24 May 2006 10:10:03 -0000 @@ -93,7 +93,7 @@ imap_auth_res_t imap_auth_cram_md5 (IMAP */ hmac_md5 (idata->conn->account.pass, obuf, hmac_response); /* dubious optimisation I saw elsewhere: make the whole string in one call */ - snprintf (obuf, sizeof (obuf), + safe_snprintf (obuf, sizeof (obuf), "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", idata->conn->account.user, hmac_response[0], hmac_response[1], hmac_response[2], hmac_response[3], Index: imap/auth_gss.c =================================================================== RCS file: /home/roessler/cvs/mutt/imap/auth_gss.c,v retrieving revision 3.7 diff -p -u -r3.7 auth_gss.c --- imap/auth_gss.c 10 Dec 2005 07:01:36 -0000 3.7 +++ imap/auth_gss.c 24 May 2006 10:10:03 -0000 @@ -64,7 +64,7 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA return IMAP_AUTH_FAILURE; /* get an IMAP service ticket for the server */ - snprintf (buf1, sizeof (buf1), "imap@%s", idata->conn->account.host); + safe_snprintf (buf1, sizeof (buf1), "imap@%s", idata->conn->account.host); request_buf.value = buf1; request_buf.length = strlen (buf1) + 1; maj_stat = gss_import_name (&min_stat, &request_buf, gss_nt_service_name, Index: imap/auth_login.c =================================================================== RCS file: /home/roessler/cvs/mutt/imap/auth_login.c,v retrieving revision 3.5 diff -p -u -r3.5 auth_login.c --- imap/auth_login.c 17 Sep 2005 20:46:11 -0000 3.5 +++ imap/auth_login.c 24 May 2006 10:10:03 -0000 @@ -58,7 +58,7 @@ imap_auth_res_t imap_auth_login (IMAP_DA idata->conn->account.user)); #endif - snprintf (buf, sizeof (buf), "LOGIN %s %s", q_user, q_pass); + safe_snprintf (buf, sizeof (buf), "LOGIN %s %s", q_user, q_pass); rc = imap_exec (idata, buf, IMAP_CMD_FAIL_OK | IMAP_CMD_PASS); if (!rc) Index: imap/auth_sasl.c =================================================================== RCS file: /home/roessler/cvs/mutt/imap/auth_sasl.c,v retrieving revision 3.15 diff -p -u -r3.15 auth_sasl.c --- imap/auth_sasl.c 18 Apr 2006 23:22:30 -0000 3.15 +++ imap/auth_sasl.c 24 May 2006 10:10:03 -0000 @@ -96,7 +96,7 @@ imap_auth_res_t imap_auth_sasl (IMAP_DAT mutt_message (_("Authenticating (%s)..."), mech); - snprintf (buf, sizeof (buf), "AUTHENTICATE %s", mech); + safe_snprintf (buf, sizeof (buf), "AUTHENTICATE %s", mech); if (mutt_bit_isset (idata->capabilities, SASL_IR) && client_start) { len = mutt_strlen (buf); @@ -172,7 +172,7 @@ imap_auth_res_t imap_auth_sasl (IMAP_DAT if (irc == IMAP_CMD_RESPOND) { - strfcpy (buf + olen, "\r\n", sizeof (buf) - olen); + safe_strfcpy (buf + olen, "\r\n", sizeof (buf) - olen); mutt_socket_write (idata->conn, buf); } Index: imap/browse.c =================================================================== RCS file: /home/roessler/cvs/mutt/imap/browse.c,v retrieving revision 3.17 diff -p -u -r3.17 browse.c --- imap/browse.c 15 Jan 2006 21:37:03 -0000 3.17 +++ imap/browse.c 24 May 2006 10:10:03 -0000 @@ -70,7 +70,7 @@ int imap_browse (char* path, struct brow save_lsub = option (OPTIMAPCHECKSUBSCRIBED); unset_option (OPTIMAPCHECKSUBSCRIBED); - strfcpy (list_cmd, option (OPTIMAPLSUB) ? "LSUB" : "LIST", sizeof (list_cmd)); + safe_strfcpy (list_cmd, option (OPTIMAPLSUB) ? "LSUB" : "LIST", sizeof (list_cmd)); if (!(idata = imap_conn_find (&(mx.account), 0))) goto fail; @@ -110,7 +110,7 @@ int imap_browse (char* path, struct brow * aren't already going to */ if (mbox[n-1] != idata->delim) { - snprintf (buf, sizeof (buf), "%s \"\" \"%s\"", list_cmd, mbox); + safe_snprintf (buf, sizeof (buf), "%s \"\" \"%s\"", list_cmd, mbox); imap_cmd_start (idata, buf); idata->cmddata = &list; do @@ -211,10 +211,10 @@ int imap_browse (char* path, struct brow nsup = state->entrylen; dprint (3, (debugfile, "imap_browse: Quoting mailbox scan: %s -> ", mbox)); - snprintf (buf, sizeof (buf), "%s%%", mbox); + safe_snprintf (buf, sizeof (buf), "%s%%", mbox); imap_quote_string (buf2, sizeof (buf2), buf); dprint (3, (debugfile, "%s\n", buf2)); - snprintf (buf, sizeof (buf), "%s \"\" %s", list_cmd, buf2); + safe_snprintf (buf, sizeof (buf), "%s \"\" %s", list_cmd, buf2); if (browse_add_list_result (idata, buf, state, 0)) goto fail; @@ -582,11 +582,11 @@ static int browse_verify_namespace (IMAP * of data in some cases, I guess, but I currently feel that's better * than invisible namespaces */ if (nsi->delim) - snprintf (buf, sizeof (buf), "%s \"\" \"%s%c%%\"", + safe_snprintf (buf, sizeof (buf), "%s \"\" \"%s%c%%\"", option (OPTIMAPLSUB) ? "LSUB" : "LIST", nsi->prefix, nsi->delim); else - snprintf (buf, sizeof (buf), "%s \"\" \"%s%%\"", + safe_snprintf (buf, sizeof (buf), "%s \"\" \"%s%%\"", option (OPTIMAPLSUB) ? "LSUB" : "LIST", nsi->prefix); imap_cmd_start (idata, buf); Index: imap/command.c =================================================================== RCS file: /home/roessler/cvs/mutt/imap/command.c,v retrieving revision 3.38 diff -p -u -r3.38 command.c --- imap/command.c 3 Apr 2006 20:26:14 -0000 3.38 +++ imap/command.c 24 May 2006 10:10:04 -0000 @@ -313,7 +313,7 @@ static IMAP_COMMAND* cmd_new (IMAP_DATA* cmd = idata->cmds + idata->nextcmd; idata->nextcmd = (idata->nextcmd + 1) % IMAP_PIPELINE_DEPTH; - snprintf (cmd->seq, sizeof (cmd->seq), "a%04u", idata->seqno++); + safe_snprintf (cmd->seq, sizeof (cmd->seq), "a%04u", idata->seqno++); if (idata->seqno > 9999) idata->seqno = 0; @@ -657,7 +657,7 @@ static void cmd_parse_lsub (IMAP_DATA* i dprint (2, (debugfile, "Subscribing to %s\n", list.name)); - strfcpy (buf, "mailboxes \"", sizeof (buf)); + safe_strfcpy (buf, "mailboxes \"", sizeof (buf)); mutt_account_tourl (&idata->conn->account, &url); url.path = list.name; if (!mutt_strcmp (url.user, ImapUser)) Index: imap/imap.c =================================================================== RCS file: /home/roessler/cvs/mutt/imap/imap.c,v retrieving revision 3.81 diff -p -u -r3.81 imap.c --- imap/imap.c 18 May 2006 18:35:10 -0000 3.81 +++ imap/imap.c 24 May 2006 10:10:05 -0000 @@ -87,9 +87,9 @@ int imap_access (const char* path, int f imap_munge_mbox_name (mbox, sizeof (mbox), mailbox); if (mutt_bit_isset (idata->capabilities, IMAP4REV1)) - snprintf (buf, sizeof (buf), "STATUS %s (UIDVALIDITY)", mbox); + safe_snprintf (buf, sizeof (buf), "STATUS %s (UIDVALIDITY)", mbox); else if (mutt_bit_isset (idata->capabilities, STATUS)) - snprintf (buf, sizeof (buf), "STATUS %s (UID-VALIDITY)", mbox); + safe_snprintf (buf, sizeof (buf), "STATUS %s (UID-VALIDITY)", mbox); else { dprint (2, (debugfile, "imap_access: STATUS not supported?\n")); @@ -110,7 +110,7 @@ int imap_create_mailbox (IMAP_DATA* idat char buf[LONG_STRING], mbox[LONG_STRING]; imap_munge_mbox_name (mbox, sizeof (mbox), mailbox); - snprintf (buf, sizeof (buf), "CREATE %s", mbox); + safe_snprintf (buf, sizeof (buf), "CREATE %s", mbox); if (imap_exec (idata, buf, 0) != 0) return -1; @@ -127,7 +127,7 @@ int imap_rename_mailbox (IMAP_DATA* idat imap_munge_mbox_name (oldmbox, sizeof (oldmbox), mx->mbox); imap_munge_mbox_name (newmbox, sizeof (newmbox), newname); - snprintf (buf, sizeof (buf), "RENAME %s %s", oldmbox, newmbox); + safe_snprintf (buf, sizeof (buf), "RENAME %s %s", oldmbox, newmbox); if (imap_exec (idata, buf, 0) != 0) return -1; @@ -152,7 +152,7 @@ int imap_delete_mailbox (CONTEXT* ctx, I } imap_munge_mbox_name (mbox, sizeof (mbox), mx.mbox); - snprintf (buf, sizeof (buf), "DELETE %s", mbox); + safe_snprintf (buf, sizeof (buf), "DELETE %s", mbox); if (imap_exec ((IMAP_DATA*) idata, buf, 0) != 0) return -1; @@ -262,7 +262,7 @@ void imap_expunge_mailbox (IMAP_DATA* id #if USE_HCACHE if (hc) { - sprintf (uidbuf, "/%u", HEADER_DATA(h)->uid); + snprintf (uidbuf, sizeof (uidbuf), "/%u", HEADER_DATA(h)->uid); mutt_hcache_delete (hc, uidbuf, imap_hcache_keylen); } #endif @@ -582,7 +582,7 @@ int imap_open_mailbox (CONTEXT* ctx) /* pipeline ACL test */ if (mutt_bit_isset (idata->capabilities, ACL)) { - snprintf (bufout, sizeof (bufout), "MYRIGHTS %s", buf); + safe_snprintf (bufout, sizeof (bufout), "MYRIGHTS %s", buf); imap_cmd_queue (idata, bufout); } /* assume we have all rights if ACL is unavailable */ @@ -602,7 +602,7 @@ int imap_open_mailbox (CONTEXT* ctx) && mutt_account_match (&pmx.account, &mx.account)) imap_status (Postponed, 1); - snprintf (bufout, sizeof (bufout), "%s %s", + safe_snprintf (bufout, sizeof (bufout), "%s %s", ctx->readonly ? "EXAMINE" : "SELECT", buf); idata->state = IMAP_SELECTED; @@ -975,7 +975,7 @@ int imap_sync_message (IMAP_DATA *idata, return 0; } - snprintf (uid, sizeof (uid), "%u", HEADER_DATA(hdr)->uid); + safe_snprintf (uid, sizeof (uid), "%u", HEADER_DATA(hdr)->uid); cmd->dptr = cmd->data; mutt_buffer_addstr (cmd, "UID STORE "); mutt_buffer_addstr (cmd, uid); @@ -1148,7 +1148,7 @@ int imap_sync_mailbox (CONTEXT* ctx, int #if USE_HCACHE if (hc && h->deleted) { - sprintf (uidbuf, "/%u", HEADER_DATA(h)->uid); + snprintf (uidbuf, sizeof (uidbuf), "/%u", HEADER_DATA(h)->uid); mutt_hcache_delete (hc, uidbuf, imap_hcache_keylen); } #endif @@ -1461,7 +1461,7 @@ int imap_buffy_check (int force) } imap_munge_mbox_name (munged, sizeof (munged), name); - snprintf (command, sizeof (command), "STATUS %s (UIDNEXT UIDVALIDITY UNSEEN)", munged); + safe_snprintf (command, sizeof (command), "STATUS %s (UIDNEXT UIDVALIDITY UNSEEN)", munged); if (imap_cmd_queue (idata, command) < 0) { @@ -1517,7 +1517,7 @@ int imap_status (char* path, int queue) mutt_bit_isset(idata->capabilities,STATUS)) { imap_munge_mbox_name (mbox, sizeof(mbox), buf); - snprintf (buf, sizeof (buf), "STATUS %s (%s)", mbox, "MESSAGES"); + safe_snprintf (buf, sizeof (buf), "STATUS %s (%s)", mbox, "MESSAGES"); imap_unmunge_mbox_name (mbox); } else @@ -1744,7 +1744,7 @@ int imap_subscribe (char *path, int subs memset (&token, 0, sizeof (token)); err.data = errstr; err.dsize = sizeof (errstr); - snprintf (mbox, sizeof (mbox), "%smailboxes \"%s\"", + safe_snprintf (mbox, sizeof (mbox), "%smailboxes \"%s\"", subscribe ? "" : "un", path); if (mutt_parse_rc_line (mbox, &token, &err)) dprint (1, (debugfile, "Error adding subscribed mailbox: %s\n", errstr)); @@ -1757,7 +1757,7 @@ int imap_subscribe (char *path, int subs mutt_message (_("Unsubscribing from %s..."), buf); imap_munge_mbox_name (mbox, sizeof(mbox), buf); - snprintf (buf, sizeof (buf), "%sSUBSCRIBE %s", subscribe ? "" : "UN", mbox); + safe_snprintf (buf, sizeof (buf), "%sSUBSCRIBE %s", subscribe ? "" : "UN", mbox); if (imap_exec (idata, buf, 0) < 0) goto fail; @@ -1806,7 +1806,7 @@ imap_complete_hosts (char *dest, size_t { if (rc) { - strfcpy (dest, mailbox->path, len); + safe_strfcpy (dest, mailbox->path, len); rc = 0; } else @@ -1831,7 +1831,7 @@ imap_complete_hosts (char *dest, size_t { if (rc) { - strfcpy (dest, urlstr, len); + safe_strfcpy (dest, urlstr, len); rc = 0; } else @@ -1880,7 +1880,7 @@ int imap_complete(char* dest, size_t dle list[0] = '\0'; /* fire off command */ - snprintf (buf, sizeof(buf), "%s \"\" \"%s%%\"", + safe_snprintf (buf, sizeof(buf), "%s \"\" \"%s%%\"", option (OPTIMAPLSUB) ? "LSUB" : "LIST", list); imap_cmd_start (idata, buf); Index: imap/message.c =================================================================== RCS file: /home/roessler/cvs/mutt/imap/message.c,v retrieving revision 3.50 diff -p -u -r3.50 message.c --- imap/message.c 18 May 2006 18:35:10 -0000 3.50 +++ imap/message.c 24 May 2006 10:10:05 -0000 @@ -82,12 +82,12 @@ int imap_read_headers (IMAP_DATA* idata, if (mutt_bit_isset (idata->capabilities,IMAP4REV1)) { - snprintf (hdrreq, sizeof (hdrreq), "BODY.PEEK[HEADER.FIELDS (%s%s%s)]", + safe_snprintf (hdrreq, sizeof (hdrreq), "BODY.PEEK[HEADER.FIELDS (%s%s%s)]", want_headers, ImapHeaders ? " " : "", ImapHeaders ? ImapHeaders : ""); } else if (mutt_bit_isset (idata->capabilities,IMAP4)) { - snprintf (hdrreq, sizeof (hdrreq), "RFC822.HEADER.LINES (%s%s%s)", + safe_snprintf (hdrreq, sizeof (hdrreq), "RFC822.HEADER.LINES (%s%s%s)", want_headers, ImapHeaders ? " " : "", ImapHeaders ? ImapHeaders : ""); } else @@ -131,7 +131,7 @@ int imap_read_headers (IMAP_DATA* idata, } if (evalhc) { - snprintf (buf, sizeof (buf), + safe_snprintf (buf, sizeof (buf), "UID FETCH 1:%u (UID FLAGS)", *uidnext - 1); FREE (&uidnext); @@ -158,7 +158,7 @@ int imap_read_headers (IMAP_DATA* idata, else if (mfhrc < 0) break; - sprintf(uid_buf, "/%u", h.data->uid); /* XXX --tg 21:41 04-07-11 */ + snprintf(uid_buf, sizeof (uid_buf), "/%u", h.data->uid); /* XXX --tg 21:41 04-07-11 */ uid_validity = (unsigned int*)mutt_hcache_fetch (hc, uid_buf, &imap_hcache_keylen); if (uid_validity != NULL && *uid_validity == idata->uid_validity) @@ -225,7 +225,7 @@ int imap_read_headers (IMAP_DATA* idata, * If we get more messages while doing this, we make another * request for all the new messages. */ - snprintf (buf, sizeof (buf), + safe_snprintf (buf, sizeof (buf), "FETCH %d:%d (UID FLAGS INTERNALDATE RFC822.SIZE %s)", msgno + 1, fetchlast, hdrreq); @@ -287,7 +287,7 @@ int imap_read_headers (IMAP_DATA* idata, ctx->hdrs[msgno]->content->length = h.content_length; #if USE_HCACHE - sprintf(uid_buf, "/%u", h.data->uid); + snprintf(uid_buf, sizeof (uid_buf), "/%u", h.data->uid); mutt_hcache_store(hc, uid_buf, ctx->hdrs[msgno], idata->uid_validity, &imap_hcache_keylen); #endif /* USE_HCACHE */ @@ -413,7 +413,7 @@ int imap_fetch_message (MESSAGE *msg, CO * command handler */ h->active = 0; - snprintf (buf, sizeof (buf), "UID FETCH %u %s", HEADER_DATA(h)->uid, + safe_snprintf (buf, sizeof (buf), "UID FETCH %u %s", HEADER_DATA(h)->uid, (mutt_bit_isset (idata->capabilities, IMAP4REV1) ? (option (OPTIMAPPEEK) ? "BODY.PEEK[]" : "BODY[]") : "RFC822")); @@ -595,7 +595,7 @@ int imap_append_message (CONTEXT *ctx, M mutt_progress_bar (&progressbar, 0); imap_munge_mbox_name (mbox, sizeof (mbox), mailbox); - snprintf (buf, sizeof (buf), "APPEND %s (%s%s%s%s%s) {%lu}", mbox, + safe_snprintf (buf, sizeof (buf), "APPEND %s (%s%s%s%s%s) {%lu}", mbox, msg->flags.read ? "\\Seen" : "", msg->flags.read && (msg->flags.replied || msg->flags.flagged) ? " " : "", msg->flags.replied ? "\\Answered" : "", @@ -755,7 +755,7 @@ int imap_copy_messages (CONTEXT* ctx, HE else { mutt_message (_("Copying message %d to %s..."), h->index+1, mbox); - snprintf (uid, sizeof (uid), "%u", HEADER_DATA (h)->uid); + safe_snprintf (uid, sizeof (uid), "%u", HEADER_DATA (h)->uid); mutt_buffer_addstr (&cmd, uid); if (h->active && h->changed) @@ -851,15 +851,15 @@ static int msg_cache_path (IMAP_DATA* id account = &idata->conn->account; - snprintf (buf, len, "%s/", ImapCachedir); + safe_snprintf (buf, len, "%s/", ImapCachedir); slen = mutt_strlen (buf); if (account->flags & M_ACCT_USER) - snprintf (buf + slen, len - slen, "%s@", account->user); + safe_snprintf (buf + slen, len - slen, "%s@", account->user); safe_strcat (buf, len, account->host); if (account->flags & M_ACCT_PORT) { slen = mutt_strlen (buf); - snprintf (buf + slen, len - slen, ":%hu", account->port); + safe_snprintf (buf + slen, len - slen, ":%hu", account->port); } safe_strcat (buf, len, "/"); @@ -886,7 +886,7 @@ static int msg_cache_path (IMAP_DATA* id *s = '\0'; slen = mutt_strlen (buf); - snprintf (buf + slen, len - slen, "/%u-%u", idata->uid_validity, + safe_snprintf (buf + slen, len - slen, "/%u-%u", idata->uid_validity, HEADER_DATA(h)->uid); return 0; @@ -941,6 +941,7 @@ int imap_cache_del (IMAP_DATA* idata, HE void imap_add_keywords (char* s, HEADER* h, LIST* mailbox_flags, size_t slen) { LIST *keywords; + size_t spos = strlen (s); if (!mailbox_flags || !HEADER_DATA(h) || !HEADER_DATA(h)->keywords) return; @@ -951,6 +952,13 @@ void imap_add_keywords (char* s, HEADER* { if (imap_has_flag (mailbox_flags, keywords->data)) { + spos += strlen (keywords->data); + if (spos + 1 > slen) + { + mutt_error _("Too many tags! Truncated."); + mutt_sleep (1); + return; + } safe_strcat (s, slen, keywords->data); safe_strcat (s, slen, " "); } Index: imap/util.c =================================================================== RCS file: /home/roessler/cvs/mutt/imap/util.c,v retrieving revision 3.23 diff -p -u -r3.23 util.c --- imap/util.c 18 May 2006 17:35:30 -0000 3.23 +++ imap/util.c 24 May 2006 10:10:06 -0000 @@ -137,8 +137,8 @@ int imap_parse_path (const char* path, I if ((c = strrchr (tmp, '@'))) { *c = '\0'; - strfcpy (mx->account.user, tmp, sizeof (mx->account.user)); - strfcpy (tmp, c+1, sizeof (tmp)); + safe_strfcpy (mx->account.user, tmp, sizeof (mx->account.user)); + safe_strfcpy (tmp, c+1, sizeof (tmp)); mx->account.flags |= M_ACCT_USER; } @@ -296,7 +296,7 @@ char *imap_fix_path (IMAP_DATA *idata, c if (!mailbox || !*mailbox) { - strfcpy (path, "INBOX", plen); + safe_strfcpy (path, "INBOX", plen); return path; }