[PATCH] fix bug in mailcap nametemplate handling

To: mutt-dev@xxxxxxxx
Subject: [PATCH] fix bug in mailcap nametemplate handling
From: Michael Elkins <me@xxxxxxxxxxx>
Date: Tue, 16 Dec 2003 23:05:34 -0800
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?body=unsubscribe>
Mail-followup-to: mutt-dev@xxxxxxxx
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.5.4i

While investigating another bug, I discovered that in
rfc1524_expand_filename(), the value for the nametemplate paramater was
being used directly in an snprintf() call without checking to make sure
it was valid:

        snprintf (newfile, nflen, nametemplate, "mutt");

If the user had botched their mailcap, say like:

        nametemplate=%d.html

mutt will dump its guts.

The solution is to use the mutt_expand_fmt() function which correctly
handles only replacing the first %s occuring in a string, and literally
copying the rest.

Patch attached.

me

--- rfc1524.c~  2003-09-19 06:03:26.000000000 -0700
+++ rfc1524.c   2003-12-16 22:59:25.000000000 -0800
@@ -469,7 +469,7 @@ int rfc1524_expand_filename (char *namet
   }
   else if (!oldfile)
   {
-    snprintf (newfile, nflen, nametemplate, "mutt");
+    mutt_expand_fmt (newfile, nflen, nametemplate, "mutt");
   }
   else /* oldfile && nametemplate */
   {

Prev by Date: Re: maildir header cache patch
Next by Date: Re: maildir header cache patch
Previous by thread: Re: maildir header cache patch
Next by thread: bug#1739: marked as done (mutt-1.3.28i: Mutt should not abort a message when it's not edited)
Index(es):
- Date
- Thread