* couple of minor security fixes

[citadel.git] / citadel / internet_addressing.c

diff --git a/citadel/internet_addressing.c b/citadel/internet_addressing.c
index 0c00d9fe3a3b39d9cd7ccb70f87927055168b8e0..91648a86e41627ff86205d13f2e74f285f301fe6 100644 (file)
--- a/citadel/internet_addressing.c
+++ b/citadel/internet_addressing.c
@@ -434,7 +434,7 @@ int convert_field(struct CtdlMessage *msg, int beg, int end) {
                if (parsed_date < 0L) parsed_date = time(NULL);
                lprintf(9, "Parsed date is %s",
                        asctime(localtime(&parsed_date)));
-               sprintf(buf, "%ld", parsed_date );
+               snprintf(buf, sizeof buf, "%ld", parsed_date );
                if (msg->cm_fields['T'] == NULL)
                        msg->cm_fields['T'] = strdoop(buf);
                processed = 1;
@@ -443,7 +443,7 @@ int convert_field(struct CtdlMessage *msg, int beg, int end) {
        else if (!strcasecmp(key, "From")) {
                process_rfc822_addr(value, user, node, name);
                lprintf(9, "Converted to <%s@%s> (%s)\n", user, node, name);
-               sprintf(addr, "%s@%s", user, node);
+               snprintf(addr, sizeof addr, "%s@%s", user, node);
                if (msg->cm_fields['A'] == NULL)
                        msg->cm_fields['A'] = strdoop(name);
                processed = 1;
@@ -526,7 +526,7 @@ struct CtdlMessage *convert_internet_message(char *rfc822) {
 
        /* If there's no timestamp on this message, set it to now. */
        if (msg->cm_fields['T'] == NULL) {
-               sprintf(buf, "%ld", time(NULL));
+               snprintf(buf, sizeof buf, "%ld", time(NULL));
                msg->cm_fields['T'] = strdoop(buf);
        }