diff -urN cyrus-imapd-2.1.10/sieve/addr.y cyrus-imapd-2.1.10-modified/sieve/addr.y --- cyrus-imapd-2.1.10/sieve/addr.y 2002-12-03 17:08:02.000000000 -0600 +++ cyrus-imapd-2.1.10-modified/sieve/addr.y 2002-12-03 17:06:38.000000000 -0600 @@ -82,8 +82,9 @@ /* copy address error message into buffer provided by sieve parser */ int yyerror(char *s) { -extern char addrerr[]; +extern char addrerr[512]; - strcpy(addrerr, s); + strncpy(addrerr, s, sizeof(addrerr)-1); + addrerr[sizeof(addrerr)-1] = '\0'; return 0; } diff -urN cyrus-imapd-2.1.10/sieve/sieve.y cyrus-imapd-2.1.10-modified/sieve/sieve.y --- cyrus-imapd-2.1.10/sieve/sieve.y 2002-12-03 17:08:02.000000000 -0600 +++ cyrus-imapd-2.1.10-modified/sieve/sieve.y 2002-12-03 17:06:38.000000000 -0600 @@ -810,7 +810,7 @@ addrptr = s; addrerr[0] = '\0'; /* paranoia */ if (addrparse()) { - sprintf(errbuf, "address '%s': %s", s, addrerr); + snprintf(errbuf, sizeof(errbuf), "address '%s': %s", s, addrerr); yyerror(errbuf); return 0; } @@ -835,7 +835,7 @@ ; controls, SP, and ; ":". */ if (!((*h >= 33 && *h <= 57) || (*h >= 59 && *h <= 126))) { - sprintf(errbuf, "header '%s': not a valid header", hdr); + snprintf(errbuf, sizeof(errbuf), "header '%s': not a valid header", hdr); yyerror(errbuf); return 0; } @@ -853,14 +853,14 @@ if (strcmp(f, "\\seen") && strcmp(f, "\\answered") && strcmp(f, "\\flagged") && strcmp(f, "\\draft") && strcmp(f, "\\deleted")) { - sprintf(errbuf, "flag '%s': not a system flag", f); + snprintf(errbuf, sizeof(errbuf), "flag '%s': not a system flag", f); yyerror(errbuf); return 0; } return 1; } if (!imparse_isatom(f)) { - sprintf(errbuf, "flag '%s': not a valid keyword", f); + snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid keyword", f); yyerror(errbuf); return 0; }