Index: driver.c =================================================================== RCS file: /home/cvs/debian/fetchmail/driver.c,v retrieving revision 1.17 retrieving revision 1.19 diff -u -r1.17 -r1.19 --- driver.c 21 Jun 2001 14:57:37 -0000 1.17 +++ driver.c 23 Jun 2001 01:39:35 -0000 1.19 @@ -40,6 +40,7 @@ #endif /* KERBEROS_V4 */ #include "i18n.h" +#include "socket.h" #include "fetchmail.h" #include "tunable.h" @@ -333,7 +334,12 @@ int cnt; /* convert sz to string */ - sprintf(size, "%d", msgsizes[num-1]); +#ifdef HAVE_SNPRINTF + snprintf(size, sizeof(size), +#else + sprintf(size, +#endif /* HAVE_SNPRINTF */ + "%d", msgsizes[num-1]); /* build a list of skipped messages * val.id = size of msg (string cnvt) @@ -831,7 +837,12 @@ else if (h_errno == TRY_AGAIN) strcpy(errbuf, _("temporary name server error.")); else - sprintf(errbuf, _("unknown DNS error %d."), h_errno); +#ifdef HAVE_SNPRINTF + snprintf(errbuf, sizeof(errbuf), +#else + sprintf(errbuf, +#endif /* HAVE_SNPRINTF */ + _("unknown DNS error %d."), h_errno); } else #endif /* HAVE_RES_SEARCH */ @@ -1065,10 +1076,20 @@ /* show user how many messages we downloaded */ if (idp->id) - (void) sprintf(buf, _("%s at %s (folder %s)"), +#ifdef HAVE_SNPRINTF + (void) snprintf(buf, sizeof(buf), +#else + (void) sprintf(buf, +#endif /* HAVE_SNPRINTF */ + _("%s at %s (folder %s)"), ctl->remotename, ctl->server.truename, idp->id); else - (void) sprintf(buf, _("%s at %s"), +#ifdef HAVE_SNPRINTF + (void) snprintf(buf, sizeof(buf), +#else + (void) sprintf(buf, +#endif /* HAVE_SNPRINTF */ + _("%s at %s"), ctl->remotename, ctl->server.truename); if (outlevel > O_SILENT) { Index: fetchmail.c =================================================================== RCS file: /home/cvs/debian/fetchmail/fetchmail.c,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- fetchmail.c 18 Jun 2001 15:09:34 -0000 1.18 +++ fetchmail.c 23 Jun 2001 01:39:35 -0000 1.19 @@ -130,7 +130,7 @@ int main(int argc, char **argv) { - int st, bkgd = FALSE; + int bkgd = FALSE; int parsestatus, implicitmode = FALSE; struct query *ctl; netrc_entry *netrc_list; Index: fetchmail.h =================================================================== RCS file: /home/cvs/debian/fetchmail/fetchmail.h,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- fetchmail.h 18 Jun 2001 15:09:34 -0000 1.10 +++ fetchmail.h 23 Jun 2001 01:39:35 -0000 1.11 @@ -431,6 +431,7 @@ void lock_setup(void), lock_assert(void); void lock_or_die(void), lock_release(void); int lock_state(void); +void lock_dispose(void); /* use these to track what was happening when the nonresponse timer fired */ #define GENERAL_WAIT 0 /* unknown wait type */ @@ -551,6 +552,7 @@ int doPOP3 (struct query *); int doIMAP (struct query *); int doETRN (struct query *); +int doODMR (struct query *); /* authentication functions */ int do_cram_md5(int sock, char *command, struct query *ctl); Index: imap.c =================================================================== RCS file: /home/cvs/debian/fetchmail/imap.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- imap.c 30 May 2001 18:25:52 -0000 1.11 +++ imap.c 23 Jun 2001 01:39:35 -0000 1.12 @@ -376,7 +376,7 @@ #ifdef NTLM_ENABLE if ((ctl->server.authenticate == A_ANY || ctl->server.authenticate == A_NTLM) - && strstr (capabilities, "AUTH=NTLM")) + && strstr (capabilities, "AUTH=NTLM")) { if ((ok = do_imap_ntlm(sock, ctl))) { /* SASL cancellation of authentication */ @@ -386,6 +386,7 @@ } else return(ok); + } #else if (ctl->server.authenticate == A_NTLM) { Index: lock.c =================================================================== RCS file: /home/cvs/debian/fetchmail/lock.c,v retrieving revision 1.1.1.2 retrieving revision 1.2 diff -u -r1.1.1.2 -r1.2 --- lock.c 12 May 2001 18:38:00 -0000 1.1.1.2 +++ lock.c 23 Jun 2001 01:39:35 -0000 1.2 @@ -16,6 +16,7 @@ #include #endif #include +#include #include "fetchmail.h" #include "i18n.h" Index: sink.c =================================================================== RCS file: /home/cvs/debian/fetchmail/sink.c,v retrieving revision 1.7 retrieving revision 1.9 diff -u -r1.7 -r1.9 --- sink.c 21 Jun 2001 14:57:37 -0000 1.7 +++ sink.c 23 Jun 2001 01:39:36 -0000 1.9 @@ -293,7 +293,11 @@ return(FALSE); /* our first duty is to keep the sacred foo counters turning... */ - sprintf(boundary, +#ifdef HAVE_SNPRINTF + snprintf(boundary, sizeof(boundary), +#else + sprintf(boundary, +#endif /* HAVE_SNPRINTF */ "foo-mani-padme-hum-%d-%d-%ld", (int)getpid(), (int)getppid(), time((time_t *)NULL)); @@ -613,14 +617,24 @@ */ if (!msg->return_path[0]) { - sprintf(addr, "%s(_at_)%s", ctl->remotename, ctl->server.truename); +#ifdef HAVE_SNPRINTF + snprintf(addr, sizeof(addr), +#else + sprintf(addr, +#endif /* HAVE_SNPRINTF */ + "%s(_at_)%s", ctl->remotename, ctl->server.truename); ap = addr; } else if (strchr(msg->return_path, '@')) ap = msg->return_path; else /* in case Return-Path existed but was local */ { - sprintf(addr, "%s(_at_)%s", msg->return_path, ctl->server.truename); +#ifdef HAVE_SNPRINTF + snprintf(addr, sizeof(addr), +#else + sprintf(addr, +#endif /* HAVE_SNPRINTF */ + "%s(_at_)%s", msg->return_path, ctl->server.truename); ap = addr; } @@ -660,7 +674,6 @@ else { char errbuf[POPBUFSIZE]; - int res; #ifdef __UNUSED__ /* @@ -675,13 +688,14 @@ * also as the body is discarded after calling * RSET! */ + int res; if ((res = handle_smtp_report(ctl, msg))==PS_REFUSED) return(PS_REFUSED); #endif /* __UNUSED__ */ - strcpy(errbuf, idp->id); - strcat(errbuf, ": "); - strcat(errbuf, smtp_response); + strncpy(errbuf, idp->id, sizeof(errbuf)); + strncat(errbuf, ": ", sizeof(errbuf)); + strncat(errbuf, smtp_response, sizeof(errbuf)); xalloca(from_responses[*bad_addresses], char *, @@ -710,7 +724,7 @@ if (!(*good_addresses)) { if (strchr(run.postmaster, '@')) - strcpy(addr, run.postmaster); + strncpy(addr, run.postmaster, sizeof(addr)); else { #ifdef HAVE_SNPRINTF @@ -1167,7 +1181,7 @@ #endif va_end(ap); - strcat(buf, "\r\n"); + strncat(buf, "\r\n", sizeof(buf)); stuffline(ctl, buf); } Index: smtp.c =================================================================== RCS file: /home/cvs/debian/fetchmail/smtp.c,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- smtp.c 10 Feb 2001 20:58:28 -0000 1.1.1.2 +++ smtp.c 23 Jun 2001 01:39:36 -0000 1.3 @@ -97,11 +97,21 @@ char buf[MSGBUFSIZE]; if (strchr(from, '<')) - sprintf(buf, "MAIL FROM: %s", from); +#ifdef HAVE_SNPRINTF + snprintf(buf, sizeof(buf), +#else + sprintf(buf, +#endif /* HAVE_SNPRINTF */ + "MAIL FROM: %s", from); else - sprintf(buf, "MAIL FROM:<%s>", from); +#ifdef HAVE_SNPRINTF + snprintf(buf, sizeof(buf), +#else + sprintf(buf, +#endif /* HAVE_SNPRINTF */ + "MAIL FROM:<%s>", from); if (opts) - strcat(buf, opts); + strncat(buf, opts, sizeof(buf)); SockPrintf(sock,"%s\r\n", buf); if (outlevel >= O_MONITOR) report(stdout, "%cMTP> %s\n", smtp_mode, buf); Index: socket.c =================================================================== RCS file: /home/cvs/debian/fetchmail/socket.c,v retrieving revision 1.1.1.10 retrieving revision 1.2 diff -u -r1.1.1.10 -r1.2 --- socket.c 30 May 2001 18:15:25 -0000 1.1.1.10 +++ socket.c 23 Jun 2001 00:49:25 -0000 1.2 @@ -325,7 +325,12 @@ #ifdef HAVE_SOCKETPAIR if (plugin) { char buf[10]; - sprintf(buf,"%d",clientPort); +#ifdef HAVE_SNPRINTF + snprintf(buf, sizeof(buf), /* Yeah, paranoic. So what? :P */ +#else + sprintf(buf, +#endif /* HAVE_SNPRINTF */ + "%d",clientPort); return handle_plugin(host,buf,plugin); } #endif /* HAVE_SOCKETPAIR */ Index: socket.h =================================================================== RCS file: /home/cvs/debian/fetchmail/socket.h,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- socket.h 22 May 2001 04:07:14 -0000 1.4 +++ socket.h 23 Jun 2001 01:39:36 -0000 1.5 @@ -58,6 +58,11 @@ */ int SockClose(int sock); +/* +FIXME: document this +*/ +int UnixOpen(const char *path); + #if SSL_ENABLE int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char *certpath, char *fingerprint, char *servercname, char *label); Index: transact.c =================================================================== RCS file: /home/cvs/debian/fetchmail/transact.c,v retrieving revision 1.3 retrieving revision 1.5 diff -u -r1.3 -r1.5 --- transact.c 21 Jun 2001 14:57:37 -0000 1.3 +++ transact.c 23 Jun 2001 01:39:36 -0000 1.5 @@ -10,6 +10,7 @@ #include "config.h" #include #include +#include /* isspace() */ #ifdef HAVE_MEMORY_H #include #endif /* HAVE_MEMORY_H */ @@ -1014,14 +1015,24 @@ { /* utter any per-message Received information we need here */ if (ctl->server.trueaddr) { - sprintf(buf, "Received: from %s [%u.%u.%u.%u]\r\n", +#ifdef HAVE_SNPRINTF + snprintf(buf, sizeof(buf), +#else + sprintf(buf, +#endif /* HAVE_SNPRINTF */ + "Received: from %s [%u.%u.%u.%u]\r\n", ctl->server.truename, (unsigned char)ctl->server.trueaddr[0], (unsigned char)ctl->server.trueaddr[1], (unsigned char)ctl->server.trueaddr[2], (unsigned char)ctl->server.trueaddr[3]); } else { - sprintf(buf, "Received: from %s\r\n", ctl->server.truename); +#ifdef HAVE_SNPRINTF + snprintf(buf, sizeof(buf), +#else + sprintf(buf, +#endif /* HAVE_SNPRINTF */ + "Received: from %s\r\n", ctl->server.truename); } n = stuffline(ctl, buf); if (n != -1) @@ -1030,7 +1041,12 @@ * This header is technically invalid under RFC822. * POP3, IMAP, etc. are not legal mail-parameter values. */ - sprintf(buf, "\tby %s with %s (fetchmail-%s", +#ifdef HAVE_SNPRINTF + snprintf(buf, sizeof(buf), +#else + sprintf(buf, +#endif /* HAVE_SNPRINTF */ + "\tby %s with %s (fetchmail-%s", fetchmailhost, protocol->name, VERSION); @@ -1040,14 +1056,18 @@ ctl->server.pollname, ctl->remotename); } - strcat(buf, ")\r\n"); + strncat(buf, ")\r\n", sizeof(buf)); n = stuffline(ctl, buf); if (n != -1) { buf[0] = '\t'; if (good_addresses == 0) { - sprintf(buf+1, +#ifdef HAVE_SNPRINTF + snprintf(buf+1, sizeof(buf)-1, +#else + sprintf(buf+1, +#endif /* HAVE_SNPRINTF */ "for %s(_at_)%s (by default); ", user, ctl->destaddr); } @@ -1057,22 +1077,32 @@ if (idp->val.status.mark == XMIT_ACCEPT) break; /* only report first address */ if (strchr(idp->id, '@')) - sprintf(buf+1, "for %s", idp->id); +#ifdef HAVE_SNPRINTF + snprintf(buf+1, sizeof(buf)-1, +#else + sprintf(buf+1, +#endif /* HAVE_SNPRINTF */ + "for %s", idp->id); else /* * This could be a bit misleading, as destaddr is * the forwarding host rather than the actual * destination. Most of the time they coincide. */ - sprintf(buf+1, "for %s(_at_)%s", idp->id, ctl->destaddr); +#ifdef HAVE_SNPRINTF + snprintf(buf+1, sizeof(buf)-1, +#else + sprintf(buf+1, +#endif /* HAVE_SNPRINTF */ + "for %s(_at_)%s", idp->id, ctl->destaddr); sprintf(buf+strlen(buf), " (%s); ", MULTIDROP(ctl) ? "multi-drop" : "single-drop"); } else buf[1] = '\0'; - strcat(buf, rfc822timestamp()); - strcat(buf, "\r\n"); + strncat(buf, rfc822timestamp(), sizeof(buf)); + strncat(buf, "\r\n", sizeof(buf)); n = stuffline(ctl, buf); } } @@ -1307,7 +1337,7 @@ #endif va_end(ap); - strcat(buf, "\r\n"); + strncat(buf, "\r\n", sizeof(buf)); SockWrite(sock, buf, strlen(buf)); if (outlevel >= O_MONITOR) @@ -1393,7 +1423,7 @@ #endif va_end(ap); - strcat(buf, "\r\n"); + strncat(buf, "\r\n", sizeof(buf)); SockWrite(sock, buf, strlen(buf)); if (outlevel >= O_MONITOR)