Changeset 3538bc8

Timestamp:

Feb 11, 2009, 12:20:22 PM (15 years ago)

Author:

Nelson Elhage <nelhage@mit.edu>

Branches:

master, debian, release-1.10, release-1.4, release-1.5, release-1.6, release-1.7, release-1.8, release-1.9

Children:

823671c

Parents:

99b50a5

git-author:

Sam Hartman <hartmans@mit.edu> (02/10/09 17:57:06)

git-committer:

Nelson Elhage <nelhage@mit.edu> (02/11/09 12:20:22)

Message:

zwrite.c: toline should not use sprintf

The construction of toline uses sprintf without bounds checking.
Use dynamic allocation.

File:

• zwrite.c (modified) (2 diffs)

zwrite.c

@@ -222 +222 @@
 {
   int i, j;
-  char toline[LINE];
+  char *toline = NULL;
   char *tmp = NULL;
 
@@ -229 +229 @@
   j=owl_list_get_size(&(z->recips));
   if (j>0 && z->cc) {
-    strcpy(toline, "CC: ");
+    toline = owl_strdup( "CC: ");
     for (i=0; i<j; i++) {
+      tmp = toline;
       if (strcmp(z->realm, "")) {
-        sprintf(toline + strlen(toline), "%s@%s ", (char *) owl_list_get_element(&(z->recips), i), z->realm);
+        toline = owl_sprintf( "%s%s@%s ", toline, (char *) owl_list_get_element(&(z->recips), i), z->realm);
       } else {
-        sprintf(toline + strlen(toline), "%s ", (char *) owl_list_get_element(&(z->recips), i));
-      }
+        toline = owl_sprintf( "%s%s ", toline, (char *) owl_list_get_element(&(z->recips), i));
+      }
+      owl_free(tmp);
+      tmp = NULL;
     }
     tmp = owl_get_iso_8859_1_if_possible(msg);
     z->message=owl_sprintf("%s\n%s", toline, tmp);
+    owl_free(toline);
   } else {
     z->message=owl_get_iso_8859_1_if_possible(msg);