From a5779db8163b99463e25e7c476f9cbba438b65f3 Mon Sep 17 00:00:00 2001 From: Ken Murchison <murch@fastmail.com> Date: Thu, 11 Apr 2019 17:45:40 -0400 Subject: [PATCH] HTTP: don't overrun buffer when parsing strings with sscanf() --- imap/http_caldav.c | 2 +- imap/httpd.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/imap/http_caldav.c b/imap/http_caldav.c index ce0b09438..5730fba65 100644 --- a/imap/http_caldav.c +++ b/imap/http_caldav.c @@ -2602,7 +2602,7 @@ const char *get_icalcomponent_errstr(icalcomponent *ical) /* Check if this is an empty property error */ char propname[256]; if (sscanf(errstr, - "No value for %s property", propname) == 1) { + "No value for %255s property", propname) == 1) { /* Empty LOCATION is OK */ if (!strcasecmp(propname, "LOCATION")) continue; if (!strcasecmp(propname, "COMMENT")) continue; diff --git a/imap/httpd.c b/imap/httpd.c index 57bcb92ed..0cff163fc 100644 --- a/imap/httpd.c +++ b/imap/httpd.c @@ -1529,7 +1529,7 @@ EXPORTED time_t calc_compile_time(const char *time, const char *date) memset(&tm, 0, sizeof(struct tm)); tm.tm_isdst = -1; sscanf(time, "%02d:%02d:%02d", &tm.tm_hour, &tm.tm_min, &tm.tm_sec); - sscanf(date, "%s %2d %4d", month, &tm.tm_mday, &tm.tm_year); + sscanf(date, "%3s %2d %4d", month, &tm.tm_mday, &tm.tm_year); tm.tm_year -= 1900; for (tm.tm_mon = 0; tm.tm_mon < 12; tm.tm_mon++) { if (!strcmp(month, monthname[tm.tm_mon])) break;