diff options
-rw-r--r-- | mail/ChangeLog | 7 | ||||
-rw-r--r-- | mail/em-format.c | 10 |
2 files changed, 12 insertions, 5 deletions
diff --git a/mail/ChangeLog b/mail/ChangeLog index 32ebad578f..c20c4b84da 100644 --- a/mail/ChangeLog +++ b/mail/ChangeLog @@ -1,3 +1,10 @@ +2008-03-06 Tobias Mueller <muelli@auftrags-killer.org> + + ** Fix for bug #520745 + + * mail/em-format.c: Fix format-string vulnerability + Patch by Tor Lillqvist <tml@iki.fi> + 2008-03-03 Matthew Barnes <mbarnes@redhat.com> * em-folder-tree.c (emft_drop_async__done): diff --git a/mail/em-format.c b/mail/em-format.c index 275211c2eb..2bdea062ed 100644 --- a/mail/em-format.c +++ b/mail/em-format.c @@ -1193,7 +1193,7 @@ emf_application_xpkcs7mime(EMFormat *emf, CamelStream *stream, CamelMimePart *pa opart = camel_mime_part_new(); valid = camel_cipher_decrypt(context, part, opart, ex); if (valid == NULL) { - em_format_format_error(emf, stream, ex->desc?ex->desc:_("Could not parse S/MIME message: Unknown error")); + em_format_format_error(emf, stream, "%s", ex->desc?ex->desc:_("Could not parse S/MIME message: Unknown error")); em_format_part_as(emf, stream, part, NULL); } else { if (emfc == NULL) @@ -1350,7 +1350,7 @@ emf_multipart_encrypted(EMFormat *emf, CamelStream *stream, CamelMimePart *part, if (valid == NULL) { em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP/MIME message"):_("Could not parse PGP/MIME message: Unknown error")); if (ex->desc) - em_format_format_error(emf, stream, ex->desc); + em_format_format_error(emf, stream, "%s", ex->desc); em_format_part_as(emf, stream, part, "multipart/mixed"); } else { if (emfc == NULL) @@ -1515,7 +1515,7 @@ emf_multipart_signed(EMFormat *emf, CamelStream *stream, CamelMimePart *part, co if (valid == NULL) { em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature")); if (ex->desc) - em_format_format_error(emf, stream, ex->desc); + em_format_format_error(emf, stream, "%s", ex->desc); em_format_part_as(emf, stream, part, "multipart/mixed"); } else { if (emfc == NULL) @@ -1586,7 +1586,7 @@ emf_inlinepgp_signed(EMFormat *emf, CamelStream *stream, CamelMimePart *ipart, E if (!valid) { em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature")); if (ex->desc) - em_format_format_error(emf, stream, ex->desc); + em_format_format_error(emf, stream, "%s", ex->desc); em_format_format_source(emf, stream, ipart); /* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */ camel_exception_free(ex); @@ -1658,7 +1658,7 @@ emf_inlinepgp_encrypted(EMFormat *emf, CamelStream *stream, CamelMimePart *ipart if (!valid) { em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP message"):_("Could not parse PGP message: Unknown error")); if (ex->desc) - em_format_format_error(emf, stream, ex->desc); + em_format_format_error(emf, stream, "%s", ex->desc); em_format_format_source(emf, stream, ipart); /* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */ camel_exception_free(ex); |