Skip to content

Commit

Permalink
- Format string security fix
Browse files Browse the repository at this point in the history 
Signed-off-by: Scott R. Shinn <[email protected]>
  • Loading branch information
@atomicturtle
atomicturtle committed May 18, 2016
1 parent f6d60fd commit 413e0d8
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 20 deletions.
14 changes: 7 additions & 7 deletions src/os_maild/sendcustomemail.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ int OS_SendCustomEmail(char **to, char *subject, char *smtpserver, char *from, c
snprintf(snd_msg, 127, TO, to[0]);

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -183,7 +183,7 @@ int OS_SendCustomEmail(char **to, char *subject, char *smtpserver, char *from, c
snprintf(snd_msg, 127, FROM, from);

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -206,7 +206,7 @@ int OS_SendCustomEmail(char **to, char *subject, char *smtpserver, char *from, c
snprintf(snd_msg, 127, TO, to[i]);

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -226,7 +226,7 @@ int OS_SendCustomEmail(char **to, char *subject, char *smtpserver, char *from, c
#endif

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -237,7 +237,7 @@ int OS_SendCustomEmail(char **to, char *subject, char *smtpserver, char *from, c
snprintf(snd_msg, 127, XHEADER, idsname);

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -248,7 +248,7 @@ int OS_SendCustomEmail(char **to, char *subject, char *smtpserver, char *from, c
snprintf(snd_msg, 127, SUBJECT, subject);

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
fprintf(sendmail, ENDHEADER);
} else {
OS_SendTCP(socket, snd_msg);
Expand All @@ -259,7 +259,7 @@ int OS_SendCustomEmail(char **to, char *subject, char *smtpserver, char *from, c
fseek(fp, 0, SEEK_SET);
while (fgets(buffer, 2048, fp) != NULL) {
if (sendmail) {
fprintf(sendmail, buffer);
fprintf(sendmail, "%s", buffer);
} else {
OS_SendTCP(socket, buffer);
}
Expand Down
26 changes: 13 additions & 13 deletions src/os_maild/sendmail.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ int OS_Sendsms(MailConfig *mail, struct tm *p, MailMsg *sms_msg)
snprintf(snd_msg, 127, FROM, mail->from);

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -223,7 +223,7 @@ int OS_Sendsms(MailConfig *mail, struct tm *p, MailMsg *sms_msg)
#endif

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -233,9 +233,9 @@ int OS_Sendsms(MailConfig *mail, struct tm *p, MailMsg *sms_msg)
snprintf(snd_msg, 127, SUBJECT, sms_msg->subject);

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
fprintf(sendmail, ENDHEADER);
fprintf(sendmail, sms_msg->body);
fprintf(sendmail, "%s", sms_msg->body);

if (pclose(sendmail) == -1) {
merror(WAITPID_ERROR, ARGV0, errno, strerror(errno));
Expand Down Expand Up @@ -456,7 +456,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
snprintf(snd_msg, 127, TO, mail->to[0]);

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -465,7 +465,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
snprintf(snd_msg, 127, FROM, mail->from);

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -475,7 +475,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
memset(snd_msg, '\0', 128);
snprintf(snd_msg, 127, REPLYTO, mail->reply_to);
if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -493,7 +493,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
snprintf(snd_msg, 127, TO, mail->to[i]);

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -515,7 +515,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
snprintf(snd_msg, 127, TO, mail->gran_to[i]);

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -536,7 +536,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
#endif

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -547,7 +547,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
snprintf(snd_msg, 127, XHEADER, mail->idsname);

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
} else {
OS_SendTCP(socket, snd_msg);
}
Expand All @@ -568,7 +568,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
}

if (sendmail) {
fprintf(sendmail, snd_msg);
fprintf(sendmail, "%s", snd_msg);
fprintf(sendmail, ENDHEADER);
} else {
OS_SendTCP(socket, snd_msg);
Expand All @@ -580,7 +580,7 @@ int OS_Sendmail(MailConfig *mail, struct tm *p)
/* Send multiple emails together if we have to */
do {
if (sendmail) {
fprintf(sendmail, mailmsg->mail->body);
fprintf(sendmail, "%s", mailmsg->mail->body);
} else {
OS_SendTCP(socket, mailmsg->mail->body);
}
Expand Down

1 comment on commit 413e0d8

@chewi
Copy link
Contributor

@chewi chewi commented on 413e0d8 Apr 11, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I only just found out about this commit. Feeling rather embarrassed now. I don't write C as often as I'd like. Thanks for fixing it. Perhaps fputs would be marginally better though?

Please sign in to comment.