kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/mail/metamail/files/patch-af
Jacques Vidrine ee71d98820 Correct two format string vulnerabilities and two buffer overflows in 
metamail (CVE names CAN-2004-0104 and CAN-2004-0104).

Submitted by:	Ulf Härnhammar <Ulf.Harnhammar.9485@student.uu.se>
2004-02-18 21:47:18 +00:00

185 lines
7.4 KiB
Text
Raw Blame History

*** mailto.c.orig Wed Feb 9 23:30:26 1994
--- metamail/mailto.c Mon Nov 20 01:21:37 1995
***************
*** 570,575 ****
--- 570,576 ----
if (isupper(*sdum)) *sdum = tolower(*sdum);
}
if (strcmp(CharacterSet, "us-ascii")
+ && strcmp(CharacterSet, "koi8-r")
&& strncmp(CharacterSet, "iso-8859-", 9)) {
fprintf(stderr, "mailto: Unsupported character set: %s\n", CharacterSet);
exit(-1);
***************
*** 1130,1135 ****
--- 1131,1137 ----
if (part->isrich) {
if (strcmp(CharacterSet, "us-ascii")
&& (strncmp(CharacterSet, "iso-8859-", 9)
+ && strcmp(CharacterSet, "koi8-r")
|| part->encoding_type_needed != ENC_NONE)) {
fprintf(fp, "Content-type: text/richtext; charset=\"%s\"\n", CharacterSet);
} else {
***************
*** 1140,1145 ****
--- 1142,1148 ----
WriteCtypeNicely(fp, part->content_type);
if (strcmp(CharacterSet, "us-ascii")
&& (strncmp(CharacterSet, "iso-8859-", 9)
+ && strcmp(CharacterSet, "koi8-r")
|| part->encoding_type_needed != ENC_NONE)) {
fprintf(fp, "; charset=\"%s\"\n", CharacterSet);
} else fputs("\n", fp);
***************
*** 1745,1750 ****
--- 1748,1754 ----
}
printf("\n\nEnter your choice as a number from 0 to %d: ", i);
fflush(stdout);
+ *LineBuf = '\0';
fgets(LineBuf, sizeof(LineBuf), stdin);
ans = atoi(LineBuf);
if (ans == 0 || ans == 1) {
***************
*** 1791,1797 ****
int ct;
printf("\nEnter the MIME Content-type value for the data from file %s\n (type '?' for a list of locally-valid content-types): ", sdum);
fflush(stdout);
! gets(LineBuf);
if (index(LineBuf, '/')) {
char lc[100], *s, AnsBuf[100];
strcpy(lc, LineBuf);
--- 1795,1801 ----
int ct;
printf("\nEnter the MIME Content-type value for the data from file %s\n (type '?' for a list of locally-valid content-types): ", sdum);
fflush(stdout);
! fgets(LineBuf, sizeof(LineBuf), stdin);
if (index(LineBuf, '/')) {
char lc[100], *s, AnsBuf[100];
strcpy(lc, LineBuf);
***************
*** 1809,1815 ****
}
if (mc) break;
printf("The MIME content-type '%s' is not listed in your local mailcap files,\nand may not be a valid MIME type. Do you want to use it anyway [no] ? ", LineBuf);
! s = gets(AnsBuf);
while (s && *s && isspace((unsigned char) *s)) ++s;
if (s && (*s == 'y' || *s == 'Y')) break;
continue;
--- 1813,1819 ----
}
if (mc) break;
printf("The MIME content-type '%s' is not listed in your local mailcap files,\nand may not be a valid MIME type. Do you want to use it anyway [no] ? ", LineBuf);
! s = fgets(AnsBuf, sizeof(AnsBuf), stdin);
while (s && *s && isspace((unsigned char) *s)) ++s;
if (s && (*s == 'y' || *s == 'Y')) break;
continue;
*** metamail/metamail.c.orig Wed Feb 16 19:57:19 1994
--- metamail/metamail.c Wed Feb 18 15:39:09 2004
***************
*** 83,89 ****
#define MAX_FILE_NAME_SIZE 256
#define WRITE_BINARY "w"
#else /* AMIGA */
! extern char **environ, *gets();
#define CATCOMMAND "cat"
#define CATTEMPLATE "cat %s"
#define METAMAIL "metamail"
--- 83,89 ----
#define MAX_FILE_NAME_SIZE 256
#define WRITE_BINARY "w"
#else /* AMIGA */
! extern char **environ;
#define CATCOMMAND "cat"
#define CATTEMPLATE "cat %s"
#define METAMAIL "metamail"
***************
*** 579,585 ****
int overwriteans = -1;
do {
printf("File %s exists. Do you want to overwrite it (y/n) ?\n", Fname);
! s = gets(AnsBuf);
if (!s) {
overwriteans = 0;
} else {
--- 579,585 ----
int overwriteans = -1;
do {
printf("File %s exists. Do you want to overwrite it (y/n) ?\n", Fname);
! s = fgets(AnsBuf, sizeof(AnsBuf), stdin);
if (!s) {
overwriteans = 0;
} else {
***************
*** 1202,1210 ****
fprintf(outfp, "Content-type: %s", ContentType);
for (j=0; j<CParamsUsed; ++j) {
fprintf(outfp, " ; ");
! fprintf(outfp, CParams[j]);
fprintf(outfp, " = ");
! fprintf(outfp, CParamValues[j]);
}
fprintf(outfp, "\n\n");
TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType);
--- 1202,1210 ----
fprintf(outfp, "Content-type: %s", ContentType);
for (j=0; j<CParamsUsed; ++j) {
fprintf(outfp, " ; ");
! fprintf(outfp, "%s", CParams[j]);
fprintf(outfp, " = ");
! fprintf(outfp, "%s", CParamValues[j]);
}
fprintf(outfp, "\n\n");
TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType);
***************
*** 1823,1829 ****
} else {
printf("This message contains '%s'-format data.\nDo you want to view it using the '%s' command (y/n) [y] ? ", ctype, ShortCommand(progname));
}
! s = gets(AnsBuf);
if (!s) return(0); /* EOF */
while (s && *s && isspace((unsigned char) *s)) ++s;
if (*s == 'y' || *s == 'Y' || !*s || *s == '\n') return(1);
--- 1823,1829 ----
} else {
printf("This message contains '%s'-format data.\nDo you want to view it using the '%s' command (y/n) [y] ? ", ctype, ShortCommand(progname));
}
! s = fgets(AnsBuf, sizeof(AnsBuf), stdin);
if (!s) return(0); /* EOF */
while (s && *s && isspace((unsigned char) *s)) ++s;
if (*s == 'y' || *s == 'Y' || !*s || *s == '\n') return(1);
***************
*** 2022,2028 ****
if (lc2strcmp(charset, PrevCharset)) {
char *s2, *charsetinuse;
! strcpy(PrevCharset, charset);
for (s2=PrevCharset; *s2; ++s2) {
if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2);
}
--- 2022,2029 ----
if (lc2strcmp(charset, PrevCharset)) {
char *s2, *charsetinuse;
! strncpy(PrevCharset, charset, sizeof(PrevCharset));
! PrevCharset[sizeof(PrevCharset) - 1] = '\0';
for (s2=PrevCharset; *s2; ++s2) {
if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2);
}
***************
*** 2032,2038 ****
}
}
if (ecode == ENCODING_NONE) {
! printf(txt+1);
} else {
/* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */
MkTmpFileName(TmpFile);
--- 2033,2039 ----
}
}
if (ecode == ENCODING_NONE) {
! printf("%s", txt+1);
} else {
/* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */
MkTmpFileName(TmpFile);
Reference in a new issue View git blame Copy permalink