* fix a buffer overrun in case of bad strings in vcards.

diff --git a/webcit/debian/rules b/webcit/debian/rules
index 0a62396a7ad18123328dc3c7ff7fa29a1a156ee6..a414b89bb6c129d0944ffa20c95bca38130660f5 100755 (executable)
--- a/webcit/debian/rules
+++ b/webcit/debian/rules
@@ -24,7 +24,7 @@ ifneq (,$(findstring profiling,$(DEB_BUILD_OPTIONS)))
        LDFLAGS += -pg 
 endif
 ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
-       CFLAGS += -O0 -ggdb -rdynamic -MD -MP -D TECH_PREVIEW -pedantic
+       CFLAGS += -O0 -ggdb -rdynamic -MD -MP -D TECH_PREVIEW -pedantic -Wformat-nonliteral
        EXTRA_ARGS =  --with-backtrace
 else
        CFLAGS += -O2

diff --git a/webcit/decode.c b/webcit/decode.c
index 267e85982117dde96c95a9f574417543f647f962..c702fdfa387e4fafb9c68ef861164c316e4e4cbc 100644 (file)
--- a/webcit/decode.c
+++ b/webcit/decode.c
@@ -48,7 +48,7 @@ inline char *FindNextEnd (char *bptr)
  * Handle subjects with RFC2047 encoding such as:
  * =?koi8-r?B?78bP0s3Mxc7JxSDXz9rE1dvO2c3JINvB0sHNySDP?=
  */
-void utf8ify_rfc822_string(char *buf) {
+void utf8ify_rfc822_string(char **buf) {
        char *start, *end, *next, *nextend, *ptr;
        char newbuf[1024];
        char charset[128];
@@ -71,9 +71,9 @@ void utf8ify_rfc822_string(char *buf) {
         *  handle it anyway by converting from a user-specified default
         *  charset to UTF-8 if we see any nonprintable characters.
         */
-       len = strlen(buf);
+       len = strlen(*buf);
        for (i=0; i<len; ++i) {
-               if ((buf[i] < 32) || (buf[i] > 126)) {
+               if (((*buf)[i] < 32) || ((*buf)[i] > 126)) {
                        illegal_non_rfc2047_encoding = 1;
                        i = len; /*< take a shortcut, it won't be more than one. */
                }
@@ -87,15 +87,15 @@ void utf8ify_rfc822_string(char *buf) {
                        if (ic != (iconv_t)(-1) ) {
                                ibuf = malloc(1024);
                                isav = ibuf;
-                               safestrncpy(ibuf, buf, 1024);
+                               safestrncpy(ibuf, *buf, 1023);
                                ibuflen = strlen(ibuf);
                                obuflen = 1024;
                                obuf = (char *) malloc(obuflen);
                                osav = obuf;
                                iconv(ic, &ibuf, &ibuflen, &obuf, &obuflen);
-                               osav[1024-obuflen] = 0;
-                               strcpy(buf, osav);
-                               free(osav);
+                               osav[1023-obuflen] = 0;
+                               free(*buf);
+                               *buf = osav;
                                iconv_close(ic);
                                free(isav);
                        }
@@ -104,8 +104,8 @@ void utf8ify_rfc822_string(char *buf) {
 
        /* pre evaluate the first pair */
        nextend = end = NULL;
-       len = strlen(buf);
-       start = strstr(buf, "=?");
+       len = strlen(*buf);
+       start = strstr(*buf, "=?");
        if (start != NULL) 
                end = FindNextEnd (start);
 
@@ -138,7 +138,7 @@ void utf8ify_rfc822_string(char *buf) {
                                /* now terminate the gab at the end */
                                delta = (next - end) - 2;
                                len -= delta;
-                               buf[len] = '\0';
+                               (*buf)[len] = '\0';
 
                                /* move next to its new location. */
                                next -= delta;
@@ -153,7 +153,7 @@ void utf8ify_rfc822_string(char *buf) {
        /* Now we handle foreign character sets properly encoded
         * in RFC2047 format.
         */
-       while (start=strstr(buf, "=?"), end=FindNextEnd((start != NULL)? start : buf),
+       while (start=strstr((*buf), "=?"), end=FindNextEnd((start != NULL)? start : (*buf)),
                ((start != NULL) && (end != NULL) && (end > start)) )
        {
                extract_token(charset, start, 1, '?', sizeof charset);
@@ -201,8 +201,9 @@ void utf8ify_rfc822_string(char *buf) {
                        remove_token(end, 0, '?');
                        strcpy(end, &end[1]);
 
-                       snprintf(newbuf, sizeof newbuf, "%s%s%s", buf, osav, end);
-                       strcpy(buf, newbuf);
+                       snprintf(newbuf, sizeof newbuf, "%s%s%s", *buf, osav, end);
+                       strcpy(*buf, newbuf);
+                       
                        free(osav);
                        iconv_close(ic);
                }
@@ -216,8 +217,8 @@ void utf8ify_rfc822_string(char *buf) {
                        remove_token(end, 0, '?');
                        strcpy(end, &end[1]);
 
-                       snprintf(newbuf, sizeof newbuf, "%s(unreadable)%s", buf, end);
-                       strcpy(buf, newbuf);
+                       snprintf(newbuf, sizeof newbuf, "%s(unreadable)%s", *buf, end);
+                       strcpy(*buf, newbuf);
                }
 
                free(isav);

diff --git a/webcit/vcard_edit.c b/webcit/vcard_edit.c
index 1f44dd862640d721dd7d843f16f543448cb91ce0..860ae1a9341072886d309df614d30a360543f014 100644 (file)
--- a/webcit/vcard_edit.c
+++ b/webcit/vcard_edit.c
@@ -348,7 +348,7 @@ void display_parsed_vcard(StrBuf *Target, struct vCard *v, int full, long msgnum
                        len = strlen(v->prop[i].value);
                        /* if we have some untagged QP, detect it here. */
                        if (!is_qp && (strstr(v->prop[i].value, "=?")!=NULL))
-                               utf8ify_rfc822_string(v->prop[i].value);
+                               utf8ify_rfc822_string(&v->prop[i].value);
 
                        if (is_qp) {
                                // %ff can become 6 bytes in utf8 

diff --git a/webcit/webcit.h b/webcit/webcit.h
index 6815c817f784d310e71213e4015e3d7e1acd412c..7e1e7e0f3fc523f75b2107c3613d7d00599789ef 100644 (file)
--- a/webcit/webcit.h
+++ b/webcit/webcit.h
@@ -821,7 +821,7 @@ int client_read_sslbuffer(StrBuf *buf, int timeout);
 void client_write_ssl(const StrBuf *Buf);
 #endif
 
-void utf8ify_rfc822_string(char *buf);
+void utf8ify_rfc822_string(char **buf);
 
 void begin_burst(void);
 long end_burst(void);