<<< Date Index >>>     <<< Thread Index >>>

[PATCH] fix bug in mailcap nametemplate handling



While investigating another bug, I discovered that in
rfc1524_expand_filename(), the value for the nametemplate paramater was
being used directly in an snprintf() call without checking to make sure
it was valid:

        snprintf (newfile, nflen, nametemplate, "mutt");

If the user had botched their mailcap, say like:

        nametemplate=%d.html

mutt will dump its guts.

The solution is to use the mutt_expand_fmt() function which correctly
handles only replacing the first %s occuring in a string, and literally
copying the rest.

Patch attached.

me
--- rfc1524.c~  2003-09-19 06:03:26.000000000 -0700
+++ rfc1524.c   2003-12-16 22:59:25.000000000 -0800
@@ -469,7 +469,7 @@ int rfc1524_expand_filename (char *namet
   }
   else if (!oldfile)
   {
-    snprintf (newfile, nflen, nametemplate, "mutt");
+    mutt_expand_fmt (newfile, nflen, nametemplate, "mutt");
   }
   else /* oldfile && nametemplate */
   {