From a5779db8163b99463e25e7c476f9cbba438b65f3 Mon Sep 17 00:00:00 2001
From: Ken Murchison <murch@fastmail.com>
Date: Thu, 11 Apr 2019 17:45:40 -0400
Subject: [PATCH] HTTP: don't overrun buffer when parsing strings with sscanf()

---
 imap/http_caldav.c | 2 +-
 imap/httpd.c       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/imap/http_caldav.c b/imap/http_caldav.c
index ce0b09438..5730fba65 100644
--- a/imap/http_caldav.c
+++ b/imap/http_caldav.c
@@ -2602,7 +2602,7 @@ const char *get_icalcomponent_errstr(icalcomponent *ical)
 		    /* Check if this is an empty property error */
 		    char propname[256];
 		    if (sscanf(errstr,
-			       "No value for %s property", propname) == 1) {
+			       "No value for %255s property", propname) == 1) {
 			/* Empty LOCATION is OK */
 			if (!strcasecmp(propname, "LOCATION")) continue;
 			if (!strcasecmp(propname, "COMMENT")) continue;
diff --git a/imap/httpd.c b/imap/httpd.c
index 57bcb92ed..0cff163fc 100644
--- a/imap/httpd.c
+++ b/imap/httpd.c
@@ -1529,7 +1529,7 @@ EXPORTED time_t calc_compile_time(const char *time, const char *date)
     memset(&tm, 0, sizeof(struct tm));
     tm.tm_isdst = -1;
     sscanf(time, "%02d:%02d:%02d", &tm.tm_hour, &tm.tm_min, &tm.tm_sec);
-    sscanf(date, "%s %2d %4d", month, &tm.tm_mday, &tm.tm_year);
+    sscanf(date, "%3s %2d %4d", month, &tm.tm_mday, &tm.tm_year);
     tm.tm_year -= 1900;
     for (tm.tm_mon = 0; tm.tm_mon < 12; tm.tm_mon++) {
 	if (!strcmp(month, monthname[tm.tm_mon])) break;