diff options
| author | Marcus Boerger <helly@php.net> | 2007-02-24 02:17:47 +0000 |
|---|---|---|
| committer | Marcus Boerger <helly@php.net> | 2007-02-24 02:17:47 +0000 |
| commit | 50ea26760da4e0fcf4980e739e1d0ed520de8d59 (patch) | |
| tree | 888a32ce58864f5318a7f1072f8526c6a99212f9 /ext/imap/php_imap.c | |
| parent | 3e262bd36989898ac01224f0a987e79f44d25b31 (diff) | |
| download | php-git-50ea26760da4e0fcf4980e739e1d0ed520de8d59.tar.gz | |
- Avoid sprintf, even when checked copy'n'paste or changes lead to errors
Diffstat (limited to 'ext/imap/php_imap.c')
| -rw-r--r-- | ext/imap/php_imap.c | 39 |
1 files changed, 29 insertions, 10 deletions
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 34aa01a10b..1ca0d42e41 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -1173,7 +1173,7 @@ PHP_FUNCTION(imap_headers) tmp[3] = cache->answered ? 'A' : ' '; tmp[4] = cache->deleted ? 'D' : ' '; tmp[5] = cache->draft ? 'X' : ' '; - sprintf(tmp + 6, "%4ld) ", cache->msgno); + snprintf(tmp + 6, sizeof(tmp) - 6, "%4ld) ", cache->msgno); mail_date(tmp+11, cache); tmp[22] = ' '; tmp[23] = '\0'; @@ -1625,13 +1625,13 @@ PHP_FUNCTION(imap_headerinfo) add_property_string(return_value, "Deleted", cache->deleted ? "D" : " ", 1); add_property_string(return_value, "Draft", cache->draft ? "X" : " ", 1); - sprintf(dummy, "%4ld", cache->msgno); + snprintf(dummy, sizeof(dummy), "%4ld", cache->msgno); add_property_string(return_value, "Msgno", dummy, 1); mail_date(dummy, cache); add_property_string(return_value, "MailDate", dummy, 1); - sprintf(dummy, "%ld", cache->rfc822_size); + snprintf(dummy, sizeof(dummy), "%ld", cache->rfc822_size); add_property_string(return_value, "Size", dummy, 1); add_property_long(return_value, "udate", mail_longdate(cache)); @@ -3377,7 +3377,8 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char * char *tsm_errmsg = NULL; ADDRESS *addr; char *bufferTo = NULL, *bufferCc = NULL, *bufferBcc = NULL, *bufferHeader = NULL; - int offset, bufferLen = 0;; + int offset, bufferLen = 0; + size_t bt_len; if (headers) { bufferLen += strlen(headers); @@ -3399,7 +3400,9 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char * strlcat(bufferHeader, to, bufferLen + 1); strlcat(bufferHeader, "\r\n", bufferLen + 1); tempMailTo = estrdup(to); - bufferTo = (char *)emalloc(strlen(to) + 1); + bt_len = strlen(to); + bufferTo = (char *)safe_emalloc(bt_len, 1, 1); + bt_len++; offset = 0; addr = NULL; rfc822_parse_adrlist(&addr, tempMailTo, NULL); @@ -3407,7 +3410,11 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char * if (strcmp(addr->host, ERRHOST) == 0) { PHP_IMAP_BAD_DEST; } else { - offset += sprintf(bufferTo + offset, "%s@%s,", addr->mailbox, addr->host); + bufferTo = safe_erealloc(bufferTo, bt_len, 1, strlen(addr->mailbox)); + bt_len += strlen(addr->mailbox); + bufferTo = safe_erealloc(bufferTo, bt_len, 1, strlen(addr->host)); + bt_len += strlen(addr->host); + offset += snprintf(bufferTo + offset, bt_len - offset, "%s@%s,", addr->mailbox, addr->host); } addr = addr->next; } @@ -3422,7 +3429,9 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char * strlcat(bufferHeader, cc, bufferLen + 1); strlcat(bufferHeader, "\r\n", bufferLen + 1); tempMailTo = estrdup(cc); - bufferCc = (char *)emalloc(strlen(cc) + 1); + bt_len = strlen(cc); + bufferCc = (char *)safe_emalloc(bt_len, 1, 1); + bt_len++; offset = 0; addr = NULL; rfc822_parse_adrlist(&addr, tempMailTo, NULL); @@ -3430,7 +3439,11 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char * if (strcmp(addr->host, ERRHOST) == 0) { PHP_IMAP_BAD_DEST; } else { - offset += sprintf(bufferCc + offset, "%s@%s,", addr->mailbox, addr->host); + bufferCc = safe_erealloc(bufferCc, bt_len, 1, strlen(addr->mailbox)); + bt_len += strlen(addr->mailbox); + bufferCc = safe_erealloc(bufferCc, bt_len, 1, strlen(addr->host)); + bt_len += strlen(addr->host); + offset += snprintf(bufferCc + offset, bt_len - offset, "%s@%s,", addr->mailbox, addr->host); } addr = addr->next; } @@ -3442,7 +3455,9 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char * if (bcc && *bcc) { tempMailTo = estrdup(bcc); - bufferBcc = (char *)emalloc(strlen(bcc) + 1); + bt_len = strlen(bcc); + bufferBcc = (char *)safe_emalloc(bt_len, 1, 1); + bt_len++; offset = 0; addr = NULL; rfc822_parse_adrlist(&addr, tempMailTo, NULL); @@ -3450,7 +3465,11 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char * if (strcmp(addr->host, ERRHOST) == 0) { PHP_IMAP_BAD_DEST; } else { - offset += sprintf(bufferBcc + offset, "%s@%s,", addr->mailbox, addr->host); + bufferBcc = safe_erealloc(bufferBcc, bt_len, 1, strlen(addr->mailbox)); + bt_len += strlen(addr->mailbox); + bufferBcc = safe_erealloc(bufferBcc, bt_len, 1, strlen(addr->host)); + bt_len += strlen(addr->host); + offset += snprintf(bufferBcc + offset, bt_len - offset, "%s@%s,", addr->mailbox, addr->host); } addr = addr->next; } |