User: vins
Date: 05/02/14 04:40:46
Modified: xemacs/lib-src ChangeLog movemail.c
Log:
Security fixes for CAN-2005-0100.
Revision Changes Path
1.185 +6 -0 XEmacs/xemacs/lib-src/ChangeLog
Index: ChangeLog
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/lib-src/ChangeLog,v
retrieving revision 1.184
retrieving revision 1.185
diff -u -r1.184 -r1.185
--- ChangeLog 2005/02/03 18:09:26 1.184
+++ ChangeLog 2005/02/14 03:40:45 1.185
@@ -1,3 +1,9 @@
+2005-01-29 Vin Shelton <acs(a)xemacs.org>
+
+ * movemail.c (popmail): Pass error string as format parameter
+ instead of as part of format string. Security fixes for
+ CAN-2005-0100.
+
2005-02-03 Jerry James <james(a)xemacs.org>
* etags.c: Update to author version 17.11.
1.21 +5 -5 XEmacs/xemacs/lib-src/movemail.c
Index: movemail.c
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/lib-src/movemail.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- movemail.c 2002/03/13 08:51:59 1.20
+++ movemail.c 2005/02/14 03:40:45 1.21
@@ -746,14 +746,14 @@
server = pop_open (0, user, password, POP_NO_GETPASS);
if (! server)
{
- error (pop_error, NULL, NULL);
+ error ("%s", pop_error, NULL);
return (1);
}
VERBOSE(("stat'ing messages\n"));
if (pop_stat (server, &nmsgs, &nbytes))
{
- error (pop_error, NULL, NULL);
+ error ("%s", pop_error, NULL);
return (1);
}
@@ -801,7 +801,7 @@
mbx_delimit_begin (mbf);
if (pop_retr (server, i, mbx_write, mbf) != POP_RETRIEVED)
{
- error (Errmsg, NULL, NULL);
+ error ("%s", Errmsg, NULL);
close (mbfi);
return (1);
}
@@ -849,7 +849,7 @@
VERBOSE(("deleting message %d \n", i));
if (pop_delete (server, i))
{
- error (pop_error, NULL, NULL);
+ error ("%s", pop_error, NULL);
pop_close (server);
return (1);
}
@@ -860,7 +860,7 @@
VERBOSE(("closing server \n"));
if (pop_quit (server))
{
- error (pop_error, NULL, NULL);
+ error ("%s", pop_error, NULL);
return (1);
}