summaryrefslogtreecommitdiff
path: root/mail
diff options
context:
space:
mode:
authordholland <dholland@pkgsrc.org>2015-11-08 20:13:24 +0000
committerdholland <dholland@pkgsrc.org>2015-11-08 20:13:24 +0000
commit089f7f74edb55aad9a11d107dfc53f4e2d35ca47 (patch)
treedd82f2ae0c2c89489e20e1fcf34a41ab0a978326 /mail
parent855b71628c649706fa7f82badff150b67f64d046 (diff)
downloadpkgsrc-089f7f74edb55aad9a11d107dfc53f4e2d35ca47.tar.gz
unchecked buffers considered harmful; fixes openbsd build.
Diffstat (limited to 'mail')
-rw-r--r--mail/alpine/distinfo3
-rw-r--r--mail/alpine/patches/patch-imap_src_mtest_mtest.c303
2 files changed, 305 insertions, 1 deletions
diff --git a/mail/alpine/distinfo b/mail/alpine/distinfo
index 3e691b6b132..3e18f07b313 100644
--- a/mail/alpine/distinfo
+++ b/mail/alpine/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2015/11/03 23:27:01 agc Exp $
+$NetBSD: distinfo,v 1.21 2015/11/08 20:13:24 dholland Exp $
SHA1 (alpine-2.11.tar.xz) = 656556f5d2e5ec7e3680d1760cd02aa3a0072c46
RMD160 (alpine-2.11.tar.xz) = ea4b2d87500d1aa1b424033ec3263e3cf3c53814
@@ -7,5 +7,6 @@ Size (alpine-2.11.tar.xz) = 4403188 bytes
SHA1 (patch-aa) = c306613a297d61591d577b6968a31fc85b03f852
SHA1 (patch-ab) = f0983d8c0123b06a2970eb2736b04afad1502450
SHA1 (patch-imap_src_c-client_auth_gss.c) = 622b18f03074f87036f5469323125b4c855d9ce5
+SHA1 (patch-imap_src_mtest_mtest.c) = a08084e1ea656385b267049bb2465b1af6c2949b
SHA1 (patch-imap_src_osdep_unix_Makefile.gss) = ca09bc26a139c68afe8ac1f99be54bd1fc0e77f0
SHA1 (patch-imap_src_osdep_unix_kerb_mit.c) = c77d5ee1e8aee30811c2df0562caa375ed270c0e
diff --git a/mail/alpine/patches/patch-imap_src_mtest_mtest.c b/mail/alpine/patches/patch-imap_src_mtest_mtest.c
new file mode 100644
index 00000000000..c3002cbe339
--- /dev/null
+++ b/mail/alpine/patches/patch-imap_src_mtest_mtest.c
@@ -0,0 +1,303 @@
+$NetBSD: patch-imap_src_mtest_mtest.c,v 1.1 2015/11/08 20:13:24 dholland Exp $
+
+- patch up buffer handling (required to build on openbsd)
+
+--- imap/src/mtest/mtest.c.orig 2013-08-15 04:36:01.000000000 +0000
++++ imap/src/mtest/mtest.c
+@@ -81,9 +81,23 @@ void overview_header (MAILSTREAM *stream
+ void header (MAILSTREAM *stream,long msgno);
+ void display_body (BODY *body,char *pfx,long i);
+ void status (MAILSTREAM *stream);
+-void prompt (char *msg,char *txt);
++void prompt (char *msg,char *txt,size_t len);
+ void smtptest (long debug);
+
++static char *dogets(char *buf, size_t max) {
++ char *ret;
++ size_t len;
++
++ ret = fgets(buf, max, stdin);
++ if (ret != NULL) {
++ len = strlen(buf);
++ if (len > 0 && buf[len-1] == '\n') {
++ buf[len-1] = '\0';
++ }
++ }
++ return ret;
++}
++
+ /* Main program - initialization */
+
+ int main ()
+@@ -118,13 +132,13 @@ int main ()
+ #endif
+ curhst = cpystr (mylocalhost ());
+ puts ("MTest -- C client test program");
+- if (!*personalname) prompt ("Personal name: ",personalname);
++ if (!*personalname) prompt ("Personal name: ",personalname, sizeof(personalname));
+ /* user wants protocol telemetry? */
+- prompt ("Debug protocol (y/n)?",tmp);
++ prompt ("Debug protocol (y/n)?",tmp, sizeof(tmp));
+ ucase (tmp);
+ debug = (tmp[0] == 'Y') ? T : NIL;
+ do {
+- prompt ("Mailbox ('?' for help): ",tmp);
++ prompt ("Mailbox ('?' for help): ",tmp, sizeof(tmp));
+ if (!strcmp (tmp,"?")) {
+ puts ("Enter INBOX, mailbox name, or IMAP mailbox as {host}mailbox");
+ puts ("Known local mailboxes:");
+@@ -155,14 +169,16 @@ void mm (MAILSTREAM *stream,long debug)
+ void *sdb = NIL;
+ char cmd[MAILTMPLEN];
+ char *s,*arg;
++ size_t argmax;
+ unsigned long i;
+ unsigned long last = 0;
+ BODY *body;
+ status (stream); /* first report message status */
+ while (stream) {
+- prompt ("MTest>",cmd); /* prompt user, get command */
++ prompt ("MTest>",cmd, sizeof(cmd)); /* prompt user, get command */
+ /* get argument */
+ if (arg = strchr (cmd,' ')) *arg++ = '\0';
++ if (arg) argmax = sizeof(cmd) - (arg - cmd);
+ switch (*ucase (cmd)) { /* dispatch based on command */
+ case 'B': /* Body command */
+ if (arg) last = atoi (arg);
+@@ -189,7 +205,8 @@ void mm (MAILSTREAM *stream,long debug)
+ break;
+ }
+ arg = cmd;
+- sprintf (arg,"%lu",last);
++ argmax = sizeof(cmd);
++ snprintf (arg, argmax, "%lu",last);
+ }
+ if (last && (last <= stream->nmsgs))
+ mail_setflag (stream,arg,"\\DELETED");
+@@ -202,6 +219,7 @@ void mm (MAILSTREAM *stream,long debug)
+ case 'F': /* Find command */
+ if (!arg) {
+ arg = "%";
++ argmax = 0;
+ if (s = sm_read (&sdb)) {
+ puts ("Local network subscribed mailboxes:");
+ do if (*s == '{') (mm_lsub (NIL,NIL,s,NIL));
+@@ -255,7 +273,7 @@ void mm (MAILSTREAM *stream,long debug)
+ }
+ /* get the new mailbox */
+ while (!(stream = mail_open (stream,arg,debug))) {
+- prompt ("Mailbox: ",arg);
++ prompt ("Mailbox: ",arg, argmax);
+ if (!arg[0]) break;
+ }
+ last = 0;
+@@ -327,7 +345,8 @@ void mm (MAILSTREAM *stream,long debug)
+ break;
+ }
+ arg = cmd;
+- sprintf (arg,"%lu",last);
++ argmax = sizeof(cmd);
++ snprintf (arg, argmax, "%lu",last);
+ }
+ if (last > 0 && last <= stream->nmsgs)
+ mail_clearflag (stream,arg,"\\DELETED");
+@@ -376,7 +395,7 @@ void overview_header (MAILSTREAM *stream
+ tmp[3] = elt->answered ? 'A' : ' ';
+ tmp[4] = elt->deleted ? 'D' : ' ';
+ mail_parse_date (&selt,ov->date);
+- sprintf (tmp+5,"%4lu) ",elt->msgno);
++ snprintf (tmp+5, sizeof(tmp)-5, "%4lu) ",elt->msgno);
+ mail_date (tmp+11,&selt);
+ tmp[17] = ' ';
+ tmp[18] = '\0';
+@@ -386,19 +405,20 @@ void overview_header (MAILSTREAM *stream
+ for (adr = ov->from; adr && !adr->host; adr = adr->next);
+ if (adr) { /* if a personal name exists use it */
+ if (!(t = adr->personal))
+- sprintf (t = tmp+400,"%s@%s",adr->mailbox,adr->host);
++ snprintf (t = tmp+400, sizeof(tmp)-400, "%s@%s",adr->mailbox,adr->host);
+ memcpy (tmp+18,t,(size_t) min (20,(long) strlen (t)));
+ }
+ strcat (tmp," ");
+ if (i = elt->user_flags) {
+ strcat (tmp,"{");
++ /* XXX bounds? */
+ while (i) {
+ strcat (tmp,stream->user_flags[find_rightmost_bit (&i)]);
+ if (i) strcat (tmp," ");
+ }
+ strcat (tmp,"} ");
+ }
+- sprintf (tmp + strlen (tmp),"%.25s (%lu chars)",
++ snprintf (tmp + strlen (tmp), 400 - strlen(tmp), "%.25s (%lu chars)",
+ ov->subject ? ov->subject : " ",ov->optional.octets);
+ puts (tmp);
+ }
+@@ -415,6 +435,7 @@ void header (MAILSTREAM *stream,long msg
+ unsigned long i;
+ char tmp[MAILTMPLEN];
+ char *t;
++ size_t len;
+ MESSAGECACHE *cache = mail_elt (stream,msgno);
+ mail_fetchstructure (stream,msgno,NIL);
+ tmp[0] = cache->recent ? (cache->seen ? 'R': 'N') : ' ';
+@@ -422,7 +443,7 @@ void header (MAILSTREAM *stream,long msg
+ tmp[2] = cache->flagged ? 'F' : ' ';
+ tmp[3] = cache->answered ? 'A' : ' ';
+ tmp[4] = cache->deleted ? 'D' : ' ';
+- sprintf (tmp+5,"%4lu) ",cache->msgno);
++ snprintf (tmp+5, sizeof(tmp)-5, "%4lu) ",cache->msgno);
+ mail_date (tmp+11,cache);
+ tmp[17] = ' ';
+ tmp[18] = '\0';
+@@ -437,7 +458,9 @@ void header (MAILSTREAM *stream,long msg
+ strcat (tmp,"} ");
+ }
+ mail_fetchsubject (t = tmp + strlen (tmp),stream,msgno,(long) 25);
+- sprintf (t += strlen (t)," (%lu chars)",cache->rfc822_size);
++ len = strlen (t);
++ t += len;
++ snprintf (t, sizeof(tmp)-len, " (%lu chars)",cache->rfc822_size);
+ puts (tmp);
+ }
+
+@@ -451,31 +474,57 @@ void display_body (BODY *body,char *pfx,
+ {
+ char tmp[MAILTMPLEN];
+ char *s = tmp;
++ size_t len, smax = sizeof(tmp);
+ PARAMETER *par;
+ PART *part; /* multipart doesn't have a row to itself */
+ if (body->type == TYPEMULTIPART) {
+ /* if not first time, extend prefix */
+- if (pfx) sprintf (tmp,"%s%ld.",pfx,++i);
++ if (pfx) snprintf (tmp, sizeof(tmp), "%s%ld.",pfx,++i);
+ else tmp[0] = '\0';
+ for (i = 0,part = body->nested.part; part; part = part->next)
+ display_body (&part->body,tmp,i++);
+ }
+ else { /* non-multipart, output oneline descriptor */
+ if (!pfx) pfx = ""; /* dummy prefix if top level */
+- sprintf (s," %s%ld %s",pfx,++i,body_types[body->type]);
+- if (body->subtype) sprintf (s += strlen (s),"/%s",body->subtype);
+- if (body->description) sprintf (s += strlen (s)," (%s)",body->description);
+- if (par = body->parameter) do
+- sprintf (s += strlen (s),";%s=%s",par->attribute,par->value);
++ snprintf (s, smax, " %s%ld %s",pfx,++i,body_types[body->type]);
++ if (body->subtype) {
++ len = strlen(s);
++ s += len;
++ smax -= len;
++ snprintf (s, smax, "/%s",body->subtype);
++ }
++ if (body->description) {
++ len = strlen(s);
++ s += len;
++ smax -= len;
++ snprintf (s, smax, " (%s)",body->description);
++ }
++ if (par = body->parameter) do {
++ len = strlen(s);
++ s += len;
++ smax -= len;
++ snprintf (s, smax, ";%s=%s",par->attribute,par->value);
++ }
+ while (par = par->next);
+- if (body->id) sprintf (s += strlen (s),", id = %s",body->id);
++ if (body->id) {
++ len = strlen(s);
++ s += len;
++ smax -= len;
++ snprintf (s, smax, ", id = %s",body->id);
++ }
+ switch (body->type) { /* bytes or lines depending upon body type */
+ case TYPEMESSAGE: /* encapsulated message */
+ case TYPETEXT: /* plain text */
+- sprintf (s += strlen (s)," (%lu lines)",body->size.lines);
++ len = strlen(s);
++ s += len;
++ smax -= len;
++ snprintf (s, smax, " (%lu lines)",body->size.lines);
+ break;
+ default:
+- sprintf (s += strlen (s)," (%lu bytes)",body->size.bytes);
++ len = strlen(s);
++ s += len;
++ smax -= len;
++ snprintf (s, smax, " (%lu bytes)",body->size.bytes);
+ break;
+ }
+ puts (tmp); /* output this line */
+@@ -484,7 +533,7 @@ void display_body (BODY *body,char *pfx,
+ (body = body->nested.msg->body)) {
+ if (body->type == TYPEMULTIPART) display_body (body,pfx,i-1);
+ else { /* build encapsulation prefix */
+- sprintf (tmp,"%s%ld.",pfx,i);
++ snprintf (tmp, sizeof(tmp), "%s%ld.",pfx,i);
+ display_body (body,tmp,(long) 0);
+ }
+ }
+@@ -592,10 +641,10 @@ void status (MAILSTREAM *stream)
+ * pointer to input buffer
+ */
+
+-void prompt (char *msg,char *txt)
++void prompt (char *msg,char *txt, size_t max)
+ {
+ printf ("%s",msg);
+- gets (txt);
++ dogets (txt, max);
+ }
+
+ /* Interfaces to C-client */
+@@ -699,10 +748,13 @@ void mm_login (NETMBX *mb,char *user,cha
+ if (curhst) fs_give ((void **) &curhst);
+ curhst = (char *) fs_get (1+strlen (mb->host));
+ strcpy (curhst,mb->host);
+- sprintf (s = tmp,"{%s/%s",mb->host,mb->service);
+- if (*mb->user) sprintf (tmp+strlen (tmp),"/user=%s",strcpy (user,mb->user));
+- if (*mb->authuser) sprintf (tmp+strlen (tmp),"/authuser=%s",mb->authuser);
+- if (*mb->user) strcat (s = tmp,"} password:");
++ snprintf (s = tmp, sizeof(tmp), "{%s/%s",mb->host,mb->service);
++ if (*mb->user) snprintf (tmp+strlen (tmp), sizeof(tmp)-strlen(tmp), "/user=%s",strcpy (user,mb->user));
++ if (*mb->authuser) snprintf (tmp+strlen (tmp), sizeof(tmp)-strlen(tmp), "/authuser=%s",mb->authuser);
++ if (*mb->user) {
++ s = tmp;
++ snprintf(tmp+strlen(tmp), sizeof(tmp)-strlen(tmp), "%s", "} password:");
++ }
+ else {
+ printf ("%s} username: ",tmp);
+ fgets (user,NETMAXUSER-1,stdin);
+@@ -758,14 +810,14 @@ void smtptest (long debug)
+ msg->return_path = mail_newaddr ();
+ msg->return_path->mailbox = cpystr (curusr);
+ msg->return_path->host = cpystr (curhst);
+- prompt ("To: ",line);
++ prompt ("To: ",line, sizeof(line));
+ rfc822_parse_adrlist (&msg->to,line,curhst);
+ if (msg->to) {
+- prompt ("cc: ",line);
++ prompt ("cc: ",line, sizeof(line));
+ rfc822_parse_adrlist (&msg->cc,line,curhst);
+ }
+ else {
+- prompt ("Newsgroups: ",line);
++ prompt ("Newsgroups: ",line, sizeof(line));
+ if (*line) msg->newsgroups = cpystr (line);
+ else {
+ mail_free_body (&body);
+@@ -774,12 +826,12 @@ void smtptest (long debug)
+ return;
+ }
+ }
+- prompt ("Subject: ",line);
++ prompt ("Subject: ",line, sizeof(line));
+ msg->subject = cpystr (line);
+ puts (" Msg (end with a line with only a '.'):");
+ body->type = TYPETEXT;
+ *text = '\0';
+- while (gets (line)) {
++ while (dogets (line, sizeof(line))) {
+ if (line[0] == '.') {
+ if (line[1] == '\0') break;
+ else strcat (text,".");