imap-send: avoid buffer overflow

diff --git a/imap-send.c b/imap-send.c
index 9adf4b981953080676aa24907fead1038b920e60..4c1e8971137d41960f3b8eced63d96f41dc603a1 100644 (file)
--- a/imap-send.c
+++ b/imap-send.c
@@ -1193,13 +1193,13 @@ static struct store *imap_open_store(struct imap_server_conf *srvc)
        if (!preauth) {
 #ifndef NO_OPENSSL
                if (!srvc->use_ssl && CAP(STARTTLS)) {
-                       if (imap_exec(ctx, 0, "STARTTLS") != RESP_OK)
+                       if (imap_exec(ctx, NULL, "STARTTLS") != RESP_OK)
                                goto bail;
                        if (ssl_socket_connect(&imap->buf.sock, 1,
                                               srvc->ssl_verify))
                                goto bail;
                        /* capabilities may have changed, so get the new capabilities */
-                       if (imap_exec(ctx, 0, "CAPABILITY") != RESP_OK)
+                       if (imap_exec(ctx, NULL, "CAPABILITY") != RESP_OK)
                                goto bail;
                }
 #endif
@@ -1209,9 +1209,10 @@ static struct store *imap_open_store(struct imap_server_conf *srvc)
                        goto bail;
                }
                if (!srvc->pass) {
-                       char prompt[80];
-                       sprintf(prompt, "Password (%s@%s): ", srvc->user, srvc->host);
-                       arg = git_getpass(prompt);
+                       struct strbuf prompt = STRBUF_INIT;
+                       strbuf_addf(&prompt, "Password (%s@%s): ", srvc->user, srvc->host);
+                       arg = git_getpass(prompt.buf);
+                       strbuf_release(&prompt);
                        if (!arg) {
                                perror("getpass");
                                exit(1);