Mercurial > DynamicMail

changeset 43:cf24492b5b5c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix a few potential security issues revealed by gcc fortify.
author Brian Smith <brian@dbsoft.org>
date Tue, 06 Oct 2020 17:22:32 -0500
parents 4c3a05aaece5
children 784919bf9c35
files dmail.c minimal/minimal.c
diffstat 2 files changed, 36 insertions(+), 33 deletions(-) [+]
line wrap: on
line diff
--- a/dmail.c	Tue Oct 06 02:01:00 2020 -0500
+++ b/dmail.c	Tue Oct 06 17:22:32 2020 -0500
@@ -96,25 +96,25 @@
 /* Generic function to parse information from a config file */
 void dmail_getline(FILE *f, char *entry, char *entrydata)
 {
-	char in[256];
+	char in[256] = {0};
 	int z;
 
-	memset(in, 0, 256);
-	fgets(in, 255, f);
-
-	if(in[strlen(in)-1] == '\n')
-		in[strlen(in)-1] = 0;
-
-	if(in[0] != '#')
+	if(fgets(in, 255, f))
 	{
-		for(z=0;z<strlen(in);z++)
+		if(in[strlen(in)-1] == '\n')
+			in[strlen(in)-1] = 0;
+
+		if(in[0] != '#')
 		{
-			if(in[z] == '=')
+			for(z=0;z<strlen(in);z++)
 			{
-				in[z] = 0;
-				strcpy(entry, in);
-				strcpy(entrydata, &in[z+1]);
-				return;
+				if(in[z] == '=')
+				{
+					in[z] = 0;
+					strcpy(entry, in);
+					strcpy(entrydata, &in[z+1]);
+					return;
+				}
 			}
 		}
 	}
--- a/minimal/minimal.c	Tue Oct 06 02:01:00 2020 -0500
+++ b/minimal/minimal.c	Tue Oct 06 17:22:32 2020 -0500
@@ -57,7 +57,7 @@
 /* Open a mail account, allocating any needed resources */
 Account * API backend_openaccount(char *name)
 {
-    char *namebuf;
+	char *namebuf;
 	AccountStruct *as = malloc(sizeof(AccountStruct));
 
 	dw_mutex_lock(backend_mtx);
@@ -78,7 +78,7 @@
 /* Open a mail account, allocating any needed resources */
 Account * API backend_newaccount(char *name)
 {
-    char *namebuf;
+	char *namebuf;
 	AccountStruct *as = malloc(sizeof(AccountStruct));
 	MailFolder mf;
 
@@ -247,25 +247,25 @@
 /* Generic function to parse information from a config file */
 void minimal_getline(FILE *f, char *entry, char *entrydata)
 {
-	char in[256];
+	char in[256] = {0};
 	int z;
 
-	memset(in, 0, 256);
-	fgets(in, 255, f);
-
-	if(in[strlen(in)-1] == '\n')
-		in[strlen(in)-1] = 0;
-
-	if(in[0] != '#')
+	if(fgets(in, 255, f))
 	{
-		for(z=0;z<strlen(in);z++)
+		if(in[strlen(in)-1] == '\n')
+	   		in[strlen(in)-1] = 0;
+
+		if(in[0] != '#')
 		{
-			if(in[z] == '=')
+			for(z=0;z<strlen(in);z++)
 			{
-				in[z] = 0;
-				strcpy(entry, in);
-				strcpy(entrydata, &in[z+1]);
-				return;
+				if(in[z] == '=')
+				{
+					in[z] = 0;
+					strcpy(entry, in);
+					strcpy(entrydata, &in[z+1]);
+					return;
+				}
 			}
 		}
 	}
@@ -789,9 +789,12 @@
 
 	if(!stat(namebuf, &bleah) && (tmp = fopen(namebuf, FOPEN_READ_BINARY)))
 	{
-		mailbuf = malloc(bleah.st_size+1);
-		fread(mailbuf, bleah.st_size, 1, tmp);
-		mailbuf[bleah.st_size] = 0;
+		mailbuf = calloc(1, bleah.st_size+1);
+		if(mailbuf && !fread(mailbuf, bleah.st_size, 1, tmp))
+		{
+			free(mailbuf);
+			mailbuf = NULL;
+		}
 		fclose(tmp);
 		*len = bleah.st_size;
 	}