ipop2d buffer overflow fix (fwd)

["R. DuFresne" <dufresne sysinfo com>]

[mod: In addition to this, Jon points us to:
  http://www.redhat.com/corp/support/errata/rh52-errata-general.html#imap
for the official fix from Red Hat. -- REW]

---------- Forwarded message ----------
From: dumped <dumped SEKURE ORG>
Subject: ipop2d buffer overflow fix
Resent-Subject: ipop2d buffer overflow fix
Date: Thu, 3 Jun 1999 17:29:05 -0300
Resent-Date: Fri, 4 Jun 1999 00:52:49 -0500 (CDT)
Resent-From: Ron DuFresne <dufresne winternet com>
To: BUGTRAQ netspace org
Resent-To: dufresne <dufresne darkstar sysinfo com>

This patch fixes the buffer overflow previously pointed by Thiago.


diff -Nur imap-4.4.orig/src/ipopd/ipop2d.c imap-4.4/src/ipopd/ipop2d.c
--- imap-4.4.orig/src/ipopd/ipop2d.c	Thu Jun  3 18:35:15 1999
+++ imap-4.4/src/ipopd/ipop2d.c	Thu Jun  3 18:37:02 1999
@@ -10,7 +10,10 @@
  *		Internet: MRC CAC Washington EDU
  *
  * Date:	28 October 1990
- * Last Edited:	13 July 1998
+ * Last Edited:	3 June 1999
+ *
+ * dumped (dumped sekure org) 3/Jun/99 :
+ * fixed a buffer overflow in c_fold()
  *
  * Copyright 1998 by the University of Washington
  *
@@ -306,7 +309,8 @@
 				/* don't permit proxy to leave IMAP */
   if (stream && stream->mailbox && (s = strchr (stream->mailbox,'}'))) {
     strncpy (tmp,stream->mailbox,i = (++s - stream->mailbox));
-    strcpy (tmp+i,t);		/* append mailbox to initial spec */
+    strncpy (tmp+i,t,sizeof(tmp) - strlen(stream->mailbox));	
+	/* append mailbox to initial spec */
     t = tmp;
   }
 				/* open mailbox, note # of messages */