Defuzzified format-security patch

Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
2017-08-21 18:23:21 +02:00 · 2017-08-21 18:23:21 +02:00 · 13fd65f44f
commit 13fd65f44f
parent 4b1875e906
1 changed files with 11 additions and 15 deletions
--- a/sendmail-8.15.2-format-security.patch
+++ b/sendmail-8.15.2-format-security.patch
@ -1,13 +1,5 @@
-Author: Andreas Beckmann <anbe@debian.org>
-Description: fix FTBFS with -Werror=format-security
- If a message string from an (untrusted) external source may start with a
- smtp status code ("123 4.5.6 Foobar"), we cannot sanitize this via
- ("%s", string) since the status code is expected as part of the format
- string. Therefore verify that the message string contains no formatting
- codes before passing it as the format string. Add a dummy argument to
- suppress the "format not a string literal and no format arguments" error
- in this case.
-
+diff --git a/sendmail/envelope.c b/sendmail/envelope.c
+index bae6b00..beb91a1 100644
 --- a/sendmail/envelope.c
 +++ b/sendmail/envelope.c
@@ -323,7 +323,7 @@ dropenvelope(e, fulldrop, split)
@ -28,9 +20,11 @@ Description: fix FTBFS with -Werror=format-security
 				e->e_flags |= EF_WARNING;
 			}
 			if (msg_timeout == MSG_WARN_BY)
+diff --git a/sendmail/parseaddr.c b/sendmail/parseaddr.c
+index 2adb39c..ba99414 100644
 --- a/sendmail/parseaddr.c
 +++ b/sendmail/parseaddr.c
-@@ -218,7 +218,7 @@ parseaddr(addr, a, flags, delim, delimpt
+@@ -218,7 +218,7 @@ parseaddr(addr, a, flags, delim, delimptr, e, isrcpt)
 			msg = "Deferring message until queue run";
 		if (tTd(20, 1))
 			sm_dprintf("parseaddr: queueing message\n");
@ -39,6 +33,8 @@ Description: fix FTBFS with -Werror=format-security
 		if (e->e_message == NULL && e->e_sendmode != SM_DEFER)
 			e->e_message = sm_rpool_strdup_x(e->e_rpool, msg);
 		a->q_state = QS_QUEUEUP;
+diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c
+index ba636a8..46c5356 100644
 --- a/sendmail/srvrsmtp.c
 +++ b/sendmail/srvrsmtp.c
@@ -122,6 +122,26 @@ extern ENVELOPE	BlankEnvelope;
@ -68,7 +64,7 @@ Description: fix FTBFS with -Werror=format-security
 /*
 **  PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT)
 **
-@@ -578,13 +598,13 @@ static bool	smtp_data __P((SMTP_T *, ENV
+@@ -578,13 +598,13 @@ static bool	smtp_data __P((SMTP_T *, ENVELOPE *));
 				bool tsave = QuickAbort;		\
 									\
 				QuickAbort = false;			\
@ -102,7 +98,7 @@ Description: fix FTBFS with -Werror=format-security
 					else
 						usrerr("550 5.0.0 %s",
 						       nullserver);
-@@ -2452,7 +2472,7 @@ smtp(nullserver, d_flags, e)
+@@ -2449,7 +2469,7 @@ smtp(nullserver, d_flags, e)
 					tempfail = true;
 					smtp.sm_milterize = false;
 					if (response != NULL)
@ -111,7 +107,7 @@ Description: fix FTBFS with -Werror=format-security
 					else
 						message("421 4.7.0 %s closing connection",
 							MyHostName);
-@@ -3659,7 +3679,7 @@ smtp_data(smtp, e)
+@@ -3656,7 +3676,7 @@ smtp_data(smtp, e)
 				(void) extenhsc(response + 4, ' ', e->e_enhsc);
 #endif /* _FFR_MILTER_ENHSC */
 
@ -120,7 +116,7 @@ Description: fix FTBFS with -Werror=format-security
 			if (strncmp(response, "421 ", 4) == 0
 			    || strncmp(response, "421-", 4) == 0)
 			{
-@@ -3779,7 +3799,7 @@ smtp_data(smtp, e)
+@@ -3776,7 +3796,7 @@ smtp_data(smtp, e)
 			if (ISSMTPCODE(response))
 				(void) extenhsc(response + 4, ' ', e->e_enhsc);
 #endif /* _FFR_MILTER_ENHSC */