1 |
This is a backport of |
2 |
https://cyrus.foundation/cyrus-imapd/commit/?id=ff4e6c71d932b3e6bbfa67d76f095e27ff21bad0 |
3 |
|
4 |
The patch is mentioned in http://seclists.org/oss-sec/2015/q3/651 as fixing |
5 |
potential overflows. |
6 |
|
7 |
diff --git a/master/master.c b/master/master.c |
8 |
index 3886441..455548b 100644 |
9 |
--- a/master/master.c |
10 |
+++ b/master/master.c |
11 |
@@ -197,13 +197,15 @@ void event_free(struct event *a) |
12 |
free(a); |
13 |
} |
14 |
|
15 |
-void get_prog(char *path, unsigned size, char *const *cmd) |
16 |
+void get_prog(char *path, size_t size, char *const *cmd) |
17 |
{ |
18 |
+ if (!size) return; |
19 |
if (cmd[0][0] == '/') { |
20 |
- /* master lacks strlcpy, due to no libcyrus */ |
21 |
- snprintf(path, size, "%s", cmd[0]); |
22 |
+ /* master lacks strlcpy, due to no libcyrus */ |
23 |
+ strncpy(path, cmd[0], size - 1); |
24 |
} |
25 |
else snprintf(path, size, "%s/%s", SERVICE_PATH, cmd[0]); |
26 |
+ path[size-1] = '\0'; |
27 |
} |
28 |
|
29 |
void get_statsock(int filedes[2]) |