[Commits] [SCM] claws branch, master, updated. 3.17.0-180-g3a482f4

ticho at claws-mail.org ticho at claws-mail.org
Sat Nov 24 23:16:19 CET 2018


The branch, master has been updated
       via  3a482f4d25110e588ef58d5ee67fa4216a6b631d (commit)
      from  a44ea1792e33e0554c721d50f3038c4e1e20ed81 (commit)

Summary of changes:
 src/plugins/mailmbox/mailimf_types_helper.c |   16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)


- Log -----------------------------------------------------------------
commit 3a482f4d25110e588ef58d5ee67fa4216a6b631d
Author: Andrej Kacian <ticho at claws-mail.org>
Date:   Sat Nov 24 23:14:26 2018 +0100

    Mailmbox: fix buffer overflow in mailimf_get_message_id().
    
    The compiler warning was:
    
    mailimf_types_helper.c: In function ‘mailimf_get_message_id’:
    mailimf_types_helper.c:1270:51: warning: ‘%s’ directive output may be truncated writing up to 511 bytes into a region of size between 463 and 500 [-Wformat-truncation=]
       snprintf(id, MAX_MESSAGE_ID, "etPan.%llx.%lx.%x@%s",
                                                       ^~
         (long long)now, value, getpid(), name);
                                          ~~~~
    mailimf_types_helper.c:1270:3: note: ‘snprintf’ output between 13 and 561 bytes into a destination of size 512
       snprintf(id, MAX_MESSAGE_ID, "etPan.%llx.%lx.%x@%s",
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         (long long)now, value, getpid(), name);
         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff --git a/src/plugins/mailmbox/mailimf_types_helper.c b/src/plugins/mailmbox/mailimf_types_helper.c
index a0c4e96..67e921f 100644
--- a/src/plugins/mailmbox/mailimf_types_helper.c
+++ b/src/plugins/mailmbox/mailimf_types_helper.c
@@ -35,6 +35,8 @@
 #include <string.h>
 #include <time.h>
 #include <unistd.h>
+#include <limits.h>
+#include <errno.h>
 
 #include "mailimf.h"
 
@@ -1260,13 +1262,23 @@ char * mailimf_get_message_id(void)
 {
   char id[MAX_MESSAGE_ID];
   time_t now;
-  char name[MAX_MESSAGE_ID];
+  char name[HOST_NAME_MAX];
   long value;
+	int ret;
 
   now = time(NULL);
   value = random();
 
-  gethostname(name, MAX_MESSAGE_ID);
+	/* It's unlikely that HOST_NAME_MAX goes above 64, but let's
+	 * leave a generous reserve for the hostname in the message
+	 * id string. */
+  if (HOST_NAME_MAX > MAX_MESSAGE_ID - 64 ||
+			(ret = gethostname(name, HOST_NAME_MAX)) != 0) {
+		if (ret != 0)
+			perror("gethostname");
+		strncpy(name, "unknown", HOST_NAME_MAX);
+	}
+
   snprintf(id, MAX_MESSAGE_ID, "etPan.%llx.%lx.%x@%s",
 	   (long long)now, value, getpid(), name);
 

-----------------------------------------------------------------------


hooks/post-receive
-- 
Claws Mail


More information about the Commits mailing list