+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
fetchmail-SA-2010-02: Denial of service in debug mode w/ multichar locales
Topics: Denial of service in debug output
(C) Copyright 2010 by Matthias Andree, <matthias.andree@gmx.de>.
Some rights reserved.
-This work is licensed under the Creative Commons
-Attribution-Noncommercial-No Derivative Works 3.0 Germany License.
+This work is licensed under the
+Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0).
+
To view a copy of this license, visit
-http://creativecommons.org/licenses/by-nc-nd/3.0/de/ or send a letter to
+http://creativecommons.org/licenses/by-nd/3.0/de/deed.en
+or send a letter to:
Creative Commons
-171 Second Street
-Suite 300
-SAN FRANCISCO, CALIFORNIA 94105
+444 Castro Street
+Suite 900
+MOUNTAIN VIEW, CALIFORNIA 94041
USA
diff --git a/rfc822.c b/rfc822.c
index 6f2dbf3..dbcda32 100644
---- a/rfc822.c
+- --- a/rfc822.c
+++ b/rfc822.c
@@ -25,6 +25,7 @@ MIT license. Compile with -DMAIN to build the demonstrator.
#include <stdlib.h>
}
#ifndef MAIN
-- if (outlevel >= O_DEBUG)
-- report_build(stdout, GT_("About to rewrite %.*s...\n"),
-- (int)BEFORE_EOL(buf), buf);
+- - if (outlevel >= O_DEBUG)
+- - report_build(stdout, GT_("About to rewrite %.*s...\n"),
+- - (int)BEFORE_EOL(buf), buf);
+ if (outlevel >= O_DEBUG) {
+ report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, BEFORE_EOL(buf))));
+ xfree(cp);
}
#ifndef MAIN
-- if (outlevel >= O_DEBUG)
-- report_complete(stdout, GT_("...rewritten version is %.*s.\n"),
-- (int)BEFORE_EOL(buf), buf);
+- - if (outlevel >= O_DEBUG)
+- - report_complete(stdout, GT_("...rewritten version is %.*s.\n"),
+- - (int)BEFORE_EOL(buf), buf);
+ if (outlevel >= O_DEBUG) {
+ report_complete(stdout, GT_("...rewritten version is %s.\n"),
+ (cp = sdump(buf, BEFORE_EOL(buf))));
return(buf);
diff --git a/uid.c b/uid.c
index fdc6f5d..9a62ee2 100644
---- a/uid.c
+- --- a/uid.c
+++ b/uid.c
@@ -20,6 +20,7 @@
{
report_build(stdout, GT_("Old UID list from %s:"),
ctl->server.pollname);
-- for (idp = ctl->oldsaved; idp; idp = idp->next)
-- report_build(stdout, " %s", idp->id);
+- - for (idp = ctl->oldsaved; idp; idp = idp->next)
+- - report_build(stdout, " %s", idp->id);
+ for (idp = ctl->oldsaved; idp; idp = idp->next) {
+ char *t = sdump(idp->id, strlen(idp->id));
+ report_build(stdout, " %s", t);
if (uidlcount)
{
report_build(stdout, GT_("Scratch list of UIDs:"));
-- for (idp = scratchlist; idp; idp = idp->next)
-- report_build(stdout, " %s", idp->id);
+- - for (idp = scratchlist; idp; idp = idp->next)
+- - report_build(stdout, " %s", idp->id);
+ for (idp = scratchlist; idp; idp = idp->next) {
+ char *t = sdump(idp->id, strlen(idp->id));
+ report_build(stdout, " %s", t);
report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname);
else
report_build(stdout, GT_("New UID list from %s:"), ctl->server.pollname);
-- for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next)
-- report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
+- - for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next)
+- - report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
+ for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) {
+ char *t = sdump(idp->id, strlen(idp->id));
+ report_build(stdout, " %s = %d", t, idp->val.status.mark);
/* this is now a merged list! the mails which were seen in this
* poll are marked here. */
report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname);
-- for (idp = ctl->oldsaved; idp; idp = idp->next)
-- report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
+- - for (idp = ctl->oldsaved; idp; idp = idp->next)
+- - report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
+ for (idp = ctl->oldsaved; idp; idp = idp->next) {
+ char *t = sdump(idp->id, strlen(idp->id));
+ report_build(stdout, " %s = %d", t, idp->val.status.mark);
if (!idp)
report_build(stdout, GT_(" <empty>"));
report_complete(stdout, "\n");
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEARECAAYFAk9/Yg4ACgkQvmGDOQUufZVpfQCcD3U6m1MbJOFZV4FgI7e042vF
+HcEAn0j6ZFwp9dh2G7PJSkN9CM0XazyJ
+=JUs1
+-----END PGP SIGNATURE-----