Mercurial > DynamicMail
changeset 43:cf24492b5b5c
Fix a few potential security issues revealed by gcc fortify.
author | Brian Smith <brian@dbsoft.org> |
---|---|
date | Tue, 06 Oct 2020 17:22:32 -0500 |
parents | 4c3a05aaece5 |
children | 784919bf9c35 |
files | dmail.c minimal/minimal.c |
diffstat | 2 files changed, 36 insertions(+), 33 deletions(-) [+] |
line wrap: on
line diff
--- a/dmail.c Tue Oct 06 02:01:00 2020 -0500 +++ b/dmail.c Tue Oct 06 17:22:32 2020 -0500 @@ -96,25 +96,25 @@ /* Generic function to parse information from a config file */ void dmail_getline(FILE *f, char *entry, char *entrydata) { - char in[256]; + char in[256] = {0}; int z; - memset(in, 0, 256); - fgets(in, 255, f); - - if(in[strlen(in)-1] == '\n') - in[strlen(in)-1] = 0; - - if(in[0] != '#') + if(fgets(in, 255, f)) { - for(z=0;z<strlen(in);z++) + if(in[strlen(in)-1] == '\n') + in[strlen(in)-1] = 0; + + if(in[0] != '#') { - if(in[z] == '=') + for(z=0;z<strlen(in);z++) { - in[z] = 0; - strcpy(entry, in); - strcpy(entrydata, &in[z+1]); - return; + if(in[z] == '=') + { + in[z] = 0; + strcpy(entry, in); + strcpy(entrydata, &in[z+1]); + return; + } } } }
--- a/minimal/minimal.c Tue Oct 06 02:01:00 2020 -0500 +++ b/minimal/minimal.c Tue Oct 06 17:22:32 2020 -0500 @@ -57,7 +57,7 @@ /* Open a mail account, allocating any needed resources */ Account * API backend_openaccount(char *name) { - char *namebuf; + char *namebuf; AccountStruct *as = malloc(sizeof(AccountStruct)); dw_mutex_lock(backend_mtx); @@ -78,7 +78,7 @@ /* Open a mail account, allocating any needed resources */ Account * API backend_newaccount(char *name) { - char *namebuf; + char *namebuf; AccountStruct *as = malloc(sizeof(AccountStruct)); MailFolder mf; @@ -247,25 +247,25 @@ /* Generic function to parse information from a config file */ void minimal_getline(FILE *f, char *entry, char *entrydata) { - char in[256]; + char in[256] = {0}; int z; - memset(in, 0, 256); - fgets(in, 255, f); - - if(in[strlen(in)-1] == '\n') - in[strlen(in)-1] = 0; - - if(in[0] != '#') + if(fgets(in, 255, f)) { - for(z=0;z<strlen(in);z++) + if(in[strlen(in)-1] == '\n') + in[strlen(in)-1] = 0; + + if(in[0] != '#') { - if(in[z] == '=') + for(z=0;z<strlen(in);z++) { - in[z] = 0; - strcpy(entry, in); - strcpy(entrydata, &in[z+1]); - return; + if(in[z] == '=') + { + in[z] = 0; + strcpy(entry, in); + strcpy(entrydata, &in[z+1]); + return; + } } } } @@ -789,9 +789,12 @@ if(!stat(namebuf, &bleah) && (tmp = fopen(namebuf, FOPEN_READ_BINARY))) { - mailbuf = malloc(bleah.st_size+1); - fread(mailbuf, bleah.st_size, 1, tmp); - mailbuf[bleah.st_size] = 0; + mailbuf = calloc(1, bleah.st_size+1); + if(mailbuf && !fread(mailbuf, bleah.st_size, 1, tmp)) + { + free(mailbuf); + mailbuf = NULL; + } fclose(tmp); *len = bleah.st_size; }