From 08657c084f51460954d3d1d3dc8f122c9a4107b4 Mon Sep 17 00:00:00 2001 From: fn Date: Thu, 19 Sep 1996 06:44:48 +0000 Subject: [PATCH] bring up to 8.7.6 --- usr.sbin/sendmail/RELEASE_NOTES | 12 +- usr.sbin/sendmail/src/alias.c | 16 +- usr.sbin/sendmail/src/arpadate.c | 4 +- usr.sbin/sendmail/src/conf.c | 330 ++++++++++++++++++++++++++---- usr.sbin/sendmail/src/convtime.c | 17 +- usr.sbin/sendmail/src/daemon.c | 62 +++--- usr.sbin/sendmail/src/deliver.c | 104 +++++----- usr.sbin/sendmail/src/domain.c | 17 +- usr.sbin/sendmail/src/envelope.c | 19 +- usr.sbin/sendmail/src/err.c | 41 ++-- usr.sbin/sendmail/src/headers.c | 43 ++-- usr.sbin/sendmail/src/main.c | 19 +- usr.sbin/sendmail/src/map.c | 77 ++++--- usr.sbin/sendmail/src/mci.c | 15 +- usr.sbin/sendmail/src/mime.c | 11 +- usr.sbin/sendmail/src/parseaddr.c | 5 +- usr.sbin/sendmail/src/queue.c | 84 +++++--- usr.sbin/sendmail/src/recipient.c | 4 +- usr.sbin/sendmail/src/savemail.c | 91 ++++---- usr.sbin/sendmail/src/sendmail.h | 21 +- usr.sbin/sendmail/src/udb.c | 11 +- usr.sbin/sendmail/src/usersmtp.c | 34 ++- usr.sbin/sendmail/src/util.c | 69 ++++--- usr.sbin/sendmail/src/version.c | 4 +- 24 files changed, 757 insertions(+), 353 deletions(-) diff --git a/usr.sbin/sendmail/RELEASE_NOTES b/usr.sbin/sendmail/RELEASE_NOTES index 7f212ec3e48..a4daceaf313 100644 --- a/usr.sbin/sendmail/RELEASE_NOTES +++ b/usr.sbin/sendmail/RELEASE_NOTES @@ -1,11 +1,21 @@ SENDMAIL RELEASE NOTES - @(#)RELEASE_NOTES 8.7.5.1 (Berkeley) 3/4/96 + @(#)RELEASE_NOTES 8.7.6.4 (Berkeley) 9/16/96 This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. +8.7.6/8.7.3 96/09/17 + SECURITY: It is possible to force getpwuid to fail when writing the + queue file, causing sendmail to fall back to running programs + as the default user. This is not exploitable from off-site. + Workarounds include using a unique user for the DefaultUser + (old u & g options) and using smrsh as the local shell. + SECURITY: fix some buffer overruns; in at least one case this allows + a local user to get root. This is not known to be exploitable + from off-site. The workaround is to disable chfn(1) commands. + 8.7.5/8.7.3 96/03/04 Fix glitch in 8.7.4 when putting certain internal lines; this can in some case cause connections to hang. Patch from Eric diff --git a/usr.sbin/sendmail/src/alias.c b/usr.sbin/sendmail/src/alias.c index 2bc4487d4a3..62b6af96de4 100644 --- a/usr.sbin/sendmail/src/alias.c +++ b/usr.sbin/sendmail/src/alias.c @@ -35,7 +35,7 @@ # include "sendmail.h" #ifndef lint -static char sccsid[] = "@(#)alias.c 8.52 (Berkeley) 10/28/95"; +static char sccsid[] = "@(#)alias.c 8.52.1.3 (Berkeley) 9/16/96"; #endif /* not lint */ @@ -77,7 +77,7 @@ alias(a, sendq, aliaslevel, e) int naliases; char *owner; auto int stat = EX_OK; - char obuf[MAXNAME + 6]; + char obuf[MAXNAME + 7]; extern char *aliaslookup(); if (tTd(27, 1)) @@ -147,7 +147,8 @@ alias(a, sendq, aliaslevel, e) */ (void) strcpy(obuf, "owner-"); - if (strncmp(a->q_user, "owner-", 6) == 0) + if (strncmp(a->q_user, "owner-", 6) == 0 || + strlen(a->q_user) > (SIZE_T) sizeof obuf - 7) (void) strcat(obuf, "owner"); else (void) strcat(obuf, a->q_user); @@ -258,7 +259,7 @@ setalias(spec) return; } } - (void) sprintf(buf, "Alias%d", NAliasFileMaps); + (void) snprintf(buf, sizeof buf, "Alias%d", NAliasFileMaps); s = stab(buf, ST_MAP, ST_ENTER); map = &s->s_map; bzero(map, sizeof *map); @@ -397,9 +398,8 @@ aliaswait(map, ext, isopen) return isopen; } mtime = stb.st_mtime; - (void) strcpy(buf, map->map_file); - if (ext != NULL) - (void) strcat(buf, ext); + snprintf(buf, sizeof buf, "%s%s", + map->map_file, ext == NULL ? "" : ext); if (stat(buf, &stb) < 0 || stb.st_mtime < mtime || attimeout) { /* database is out of date */ @@ -507,8 +507,6 @@ rebuildaliases(map, automatic) return; } - /* avoid denial-of-service attacks */ - resetlimits(); oldsigint = setsignal(SIGINT, SIG_IGN); oldsigquit = setsignal(SIGQUIT, SIG_IGN); #ifdef SIGTSTP diff --git a/usr.sbin/sendmail/src/arpadate.c b/usr.sbin/sendmail/src/arpadate.c index f6764704db0..b207654f313 100644 --- a/usr.sbin/sendmail/src/arpadate.c +++ b/usr.sbin/sendmail/src/arpadate.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)arpadate.c 8.4 (Berkeley) 4/21/95"; +static char sccsid[] = "@(#)arpadate.c 8.4.1.1 (Berkeley) 9/16/96"; #endif /* not lint */ # include "sendmail.h" @@ -208,7 +208,7 @@ arpadate(ud) { *q++ = ' '; *q++ = '('; - while (*tz != '\0') + while (*tz != '\0' && q < &b[sizeof b - 3]) *q++ = *tz++; *q++ = ')'; } diff --git a/usr.sbin/sendmail/src/conf.c b/usr.sbin/sendmail/src/conf.c index 1f426fd74e7..fa4a2897182 100644 --- a/usr.sbin/sendmail/src/conf.c +++ b/usr.sbin/sendmail/src/conf.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)conf.c 8.243 (Berkeley) 11/20/95"; +static char sccsid[] = "@(#)conf.c 8.243.1.9 (Berkeley) 9/17/96"; #endif /* not lint */ # include "sendmail.h" @@ -250,10 +250,9 @@ setdefuser() static char defuserbuf[40]; DefUser = defuserbuf; - if ((defpwent = sm_getpwuid(DefUid)) != NULL) - strcpy(defuserbuf, defpwent->pw_name); - else - strcpy(defuserbuf, "nobody"); + defpwent = sm_getpwuid(DefUid); + snprintf(defuserbuf, sizeof defuserbuf, "%s", + defpwent == NULL ? "nobody" : defpwent->pw_name); } /* ** HOST_MAP_INIT -- initialize host class structures @@ -2385,53 +2384,303 @@ vsprintf(s, fmt, ap) /* ** SNPRINTF, VSNPRINT -- counted versions of printf ** -** These are at best crude emulations. +** These versions have been grabbed off the net. They have been +** cleaned up to compile properly and support for .precision and +** %lx has been added. */ #if !HASSNPRINTF -void +/************************************************************** + * Original: + * Patrick Powell Tue Apr 11 09:48:21 PDT 1995 + * A bombproof version of doprnt (dopr) included. + * Sigh. This sort of thing is always nasty do deal with. Note that + * the version here does not include floating point... + * + * snprintf() is used instead of sprintf() as it does limit checks + * for string length. This covers a nasty loophole. + * + * The other functions are there to prevent NULL pointers from + * causing nast effects. + **************************************************************/ + +/*static char _id[] = "$Id: conf.c,v 1.3 1996/09/19 06:44:53 fn Exp $";*/ +static void dopr(); +static char *end; + +/* VARARGS3 */ +int # ifdef __STDC__ -snprintf(char *buf, size_t bufsize, const char *fmt, ...) +snprintf(char *str, size_t count, const char *fmt, ...) # else -snprintf(buf, bufsize, fmt, va_alist) - char *buf; - size_t bufsize; +snprintf(str, count, fmt, va_alist) + char *str; + size_t count; const char *fmt; va_dcl -# endif +#endif { - VA_LOCAL_DECL + VA_LOCAL_DECL - VA_START(fmt); - vsprintf(buf, fmt, ap); - VA_END; -# if defined(XDEBUG) && defined(LOG) - if (strlen(buf) > bufsize) - syslog(LOG_ALERT, "INTERNAL ERROR: snprintf overflow: %s", - shortenstring(buf, 200)); -# endif + VA_START (fmt); + (void) vsnprintf ( str, count, fmt, ap); + VA_END; + return( strlen( str ) ); } -#ifndef luna2 -void -vsnprintf(buf, bufsize, fmt, ap) - char *buf; - size_t bufsize; - const char *fmt; - va_list ap; +# ifndef luna2 +int +vsnprintf(str, count, fmt, args) + char *str; + size_t count; + const char *fmt; + va_list args; { - vsprintf(buf, fmt, ap); -# if defined(XDEBUG) && defined(LOG) - if (strlen(buf) > bufsize) - syslog(LOG_ALERT, "INTERNAL ERROR: vsnprintf overflow: %s", - shortenstring(buf, 200)); -# endif + str[0] = 0; + end = str+count-1; + dopr( str, fmt, args ); + if( count>0 ){ + end[0] = 0; + } + return(strlen(str)); } -#endif +/* + * dopr(): poor man's version of doprintf + */ + +static void fmtstr __P((char *value, int ljust, int len, int zpad, int maxwidth)); +static void fmtnum __P((long value, int base, int dosign, int ljust, int len, int zpad)); +static void dostr __P(( char * , int )); +static char *output; +static void dopr_outch __P(( int c )); + +static void +dopr( buffer, format, args ) + char *buffer; + char *format; + va_list args; +{ + int ch; + long value; + int longflag = 0; + int pointflag = 0; + int maxwidth = 0; + char *strvalue; + int ljust; + int len; + int zpad; + + output = buffer; + while( (ch = *format++) ){ + switch( ch ){ + case '%': + ljust = len = zpad = maxwidth = 0; + longflag = pointflag = 0; + nextch: + ch = *format++; + switch( ch ){ + case 0: + dostr( "**end of format**" , 0); + return; + case '-': ljust = 1; goto nextch; + case '0': /* set zero padding if len not set */ + if(len==0 && !pointflag) zpad = '0'; + case '1': case '2': case '3': + case '4': case '5': case '6': + case '7': case '8': case '9': + if (pointflag) + maxwidth = maxwidth*10 + ch - '0'; + else + len = len*10 + ch - '0'; + goto nextch; + case '*': + if (pointflag) + maxwidth = va_arg( args, int ); + else + len = va_arg( args, int ); + goto nextch; + case '.': pointflag = 1; goto nextch; + case 'l': longflag = 1; goto nextch; + case 'u': case 'U': + /*fmtnum(value,base,dosign,ljust,len,zpad) */ + if( longflag ){ + value = va_arg( args, long ); + } else { + value = va_arg( args, int ); + } + fmtnum( value, 10,0, ljust, len, zpad ); break; + case 'o': case 'O': + /*fmtnum(value,base,dosign,ljust,len,zpad) */ + if( longflag ){ + value = va_arg( args, long ); + } else { + value = va_arg( args, int ); + } + fmtnum( value, 8,0, ljust, len, zpad ); break; + case 'd': case 'D': + if( longflag ){ + value = va_arg( args, long ); + } else { + value = va_arg( args, int ); + } + fmtnum( value, 10,1, ljust, len, zpad ); break; + case 'x': + if( longflag ){ + value = va_arg( args, long ); + } else { + value = va_arg( args, int ); + } + fmtnum( value, 16,0, ljust, len, zpad ); break; + case 'X': + if( longflag ){ + value = va_arg( args, long ); + } else { + value = va_arg( args, int ); + } + fmtnum( value,-16,0, ljust, len, zpad ); break; + case 's': + strvalue = va_arg( args, char *); + if (maxwidth > 0 || !pointflag) + fmtstr( strvalue,ljust,len,zpad, maxwidth); + break; + case 'c': + ch = va_arg( args, int ); + dopr_outch( ch ); break; + case '%': dopr_outch( ch ); continue; + default: + dostr( "???????" , 0); + } + break; + default: + dopr_outch( ch ); + break; + } + } + *output = 0; +} + +static void +fmtstr( value, ljust, len, zpad, maxwidth ) + char *value; + int ljust, len, zpad, maxwidth; +{ + int padlen, strlen; /* amount to pad */ + + if( value == 0 ){ + value = ""; + } + for( strlen = 0; value[strlen]; ++ strlen ); /* strlen */ + if (strlen > maxwidth && maxwidth) + strlen = maxwidth; + padlen = len - strlen; + if( padlen < 0 ) padlen = 0; + if( ljust ) padlen = -padlen; + while( padlen > 0 ) { + dopr_outch( ' ' ); + --padlen; + } + dostr( value, maxwidth ); + while( padlen < 0 ) { + dopr_outch( ' ' ); + ++padlen; + } +} + +static void +fmtnum( value, base, dosign, ljust, len, zpad ) + long value; + int base, dosign, ljust, len, zpad; +{ + int signvalue = 0; + unsigned long uvalue; + char convert[20]; + int place = 0; + int padlen = 0; /* amount to pad */ + int caps = 0; + + /* DEBUGP(("value 0x%x, base %d, dosign %d, ljust %d, len %d, zpad %d\n", + value, base, dosign, ljust, len, zpad )); */ + uvalue = value; + if( dosign ){ + if( value < 0 ) { + signvalue = '-'; + uvalue = -value; + } + } + if( base < 0 ){ + caps = 1; + base = -base; + } + do{ + convert[place++] = + (caps? "0123456789ABCDEF":"0123456789abcdef") + [uvalue % (unsigned)base ]; + uvalue = (uvalue / (unsigned)base ); + }while(uvalue); + convert[place] = 0; + padlen = len - place; + if( padlen < 0 ) padlen = 0; + if( ljust ) padlen = -padlen; + /* DEBUGP(( "str '%s', place %d, sign %c, padlen %d\n", + convert,place,signvalue,padlen)); */ + if( zpad && padlen > 0 ){ + if( signvalue ){ + dopr_outch( signvalue ); + --padlen; + signvalue = 0; + } + while( padlen > 0 ){ + dopr_outch( zpad ); + --padlen; + } + } + while( padlen > 0 ) { + dopr_outch( ' ' ); + --padlen; + } + if( signvalue ) dopr_outch( signvalue ); + while( place > 0 ) dopr_outch( convert[--place] ); + while( padlen < 0 ){ + dopr_outch( ' ' ); + ++padlen; + } +} + +static void +dostr( str , cut) + char *str; + int cut; +{ + if (cut) { + while(*str && cut-- > 0) dopr_outch(*str++); + } else { + while(*str) dopr_outch(*str++); + } +} + +static void +dopr_outch( c ) + int c; +{ +#if 0 + if( iscntrl(c) && c != '\n' && c != '\t' ){ + c = '@' + (c & 0x1F); + if( end == 0 || output < end ){ + *output++ = '^'; + } + } #endif + if( end == 0 || output < end ){ + *output++ = c; + } +} + +# endif /* !luna2 */ + +#endif /* !HASSNPRINTF */ /* ** USERSHELLOK -- tell if a user's shell is ok for unrestricted use ** @@ -3062,6 +3311,9 @@ chownsafe(fd) # endif # include #endif +#ifndef FD_SETSIZE +# define FD_SETSIZE 256 +#endif void resetlimits() @@ -3072,11 +3324,17 @@ resetlimits() lim.rlim_cur = lim.rlim_max = RLIM_INFINITY; (void) setrlimit(RLIMIT_CPU, &lim); (void) setrlimit(RLIMIT_FSIZE, &lim); +# ifdef RLIMIT_NOFILE + lim.rlim_cur = lim.rlim_max = FD_SETSIZE; + (void) setrlimit(RLIMIT_NOFILE, &lim); +# endif #else # if HASULIMIT (void) ulimit(2, 0x3fffff); + (void) ulimit(4, FD_SETSIZE); # endif #endif + errno = 0; } /* ** GETCFNAME -- return the name of the .cf file. @@ -3509,7 +3767,7 @@ load_if_names() ia = (((struct sockaddr_in *) sa)->sin_addr); /* save IP address in text from */ - (void) sprintf(ip_addr, "[%.*s]", + (void) snprintf(ip_addr, sizeof ip_addr, "[%.*s]", sizeof ip_addr - 3, inet_ntoa(((struct sockaddr_in *) sa)->sin_addr)); if (!wordinclass(ip_addr, 'w')) diff --git a/usr.sbin/sendmail/src/convtime.c b/usr.sbin/sendmail/src/convtime.c index cb5792f6009..adc38f73ed5 100644 --- a/usr.sbin/sendmail/src/convtime.c +++ b/usr.sbin/sendmail/src/convtime.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)convtime.c 8.4 (Berkeley) 5/19/95"; +static char sccsid[] = "@(#)convtime.c 8.4.1.1 (Berkeley) 9/16/96"; #endif /* not lint */ # include "sendmail.h" @@ -163,37 +163,38 @@ pintvl(intvl, brief) { if (dy > 0) { - (void) sprintf(p, "%d+", dy); + (void) snprintf(p, SPACELEFT(buf, p), "%d+", dy); p += strlen(p); } - (void) sprintf(p, "%02d:%02d:%02d", hr, mi, se); + (void) snprintf(p, SPACELEFT(buf, p), "%02d:%02d:%02d", + hr, mi, se); return (buf); } /* use the verbose form */ if (wk > 0) { - (void) sprintf(p, ", %d week%s", wk, PLURAL(wk)); + (void) snprintf(p, SPACELEFT(buf, p), ", %d week%s", wk, PLURAL(wk)); p += strlen(p); } if (dy > 0) { - (void) sprintf(p, ", %d day%s", dy, PLURAL(dy)); + (void) snprintf(p, SPACELEFT(buf, p), ", %d day%s", dy, PLURAL(dy)); p += strlen(p); } if (hr > 0) { - (void) sprintf(p, ", %d hour%s", hr, PLURAL(hr)); + (void) snprintf(p, SPACELEFT(buf, p), ", %d hour%s", hr, PLURAL(hr)); p += strlen(p); } if (mi > 0) { - (void) sprintf(p, ", %d minute%s", mi, PLURAL(mi)); + (void) snprintf(p, SPACELEFT(buf, p), ", %d minute%s", mi, PLURAL(mi)); p += strlen(p); } if (se > 0) { - (void) sprintf(p, ", %d second%s", se, PLURAL(se)); + (void) snprintf(p, SPACELEFT(buf, p), ", %d second%s", se, PLURAL(se)); p += strlen(p); } diff --git a/usr.sbin/sendmail/src/daemon.c b/usr.sbin/sendmail/src/daemon.c index e6ffb52a015..48aafb70e01 100644 --- a/usr.sbin/sendmail/src/daemon.c +++ b/usr.sbin/sendmail/src/daemon.c @@ -37,9 +37,9 @@ #ifndef lint #ifdef DAEMON -static char sccsid[] = "@(#)daemon.c 8.119 (Berkeley) 11/29/95 (with daemon mode)"; +static char sccsid[] = "@(#)daemon.c 8.119.1.2 (Berkeley) 9/16/96 (with daemon mode)"; #else -static char sccsid[] = "@(#)daemon.c 8.119 (Berkeley) 11/29/95 (without daemon mode)"; +static char sccsid[] = "@(#)daemon.c 8.119.1.2 (Berkeley) 9/16/96 (without daemon mode)"; #endif #endif /* not lint */ @@ -1090,7 +1090,8 @@ getauthinfo(fd) if (isatty(fd) || getpeername(fd, &RealHostAddr.sa, &falen) < 0 || falen <= 0 || RealHostAddr.sa.sa_family == 0) { - (void) sprintf(hbuf, "%s@localhost", RealUserName); + (void) snprintf(hbuf, sizeof hbuf, "%s@localhost", + RealUserName); if (tTd(9, 1)) printf("getauthinfo: %s\n", hbuf); return hbuf; @@ -1115,7 +1116,7 @@ getauthinfo(fd) } /* create ident query */ - (void) sprintf(ibuf, "%d,%d\r\n", + (void) snprintf(ibuf, sizeof ibuf, "%d,%d\r\n", ntohs(RealHostAddr.sin.sin_port), ntohs(la.sin.sin_port)); /* create local address */ @@ -1225,8 +1226,8 @@ getauthinfo(fd) /* p now points to the authenticated name -- copy carefully */ cleanstrcpy(hbuf, p, MAXNAME); i = strlen(hbuf); - hbuf[i++] = '@'; - strcpy(&hbuf[i], RealHostName == NULL ? "localhost" : RealHostName); + snprintf(&hbuf[i], sizeof hbuf - i, "@%s", + RealHostName == NULL ? "localhost" : RealHostName); goto postident; closeident: @@ -1240,7 +1241,7 @@ noident: printf("getauthinfo: NULL\n"); return NULL; } - (void) strcpy(hbuf, RealHostName); + snprintf(hbuf, sizeof hbuf, "%s", RealHostName); postident: #if IP_SRCROUTE @@ -1262,6 +1263,7 @@ postident: int ipoptlen, j; u_char *q; u_char *o; + int l; struct in_addr addr; struct ipoption ipopt; @@ -1287,10 +1289,14 @@ postident: case IPOPT_SSRR: case IPOPT_LSRR: p = &hbuf[strlen(hbuf)]; - sprintf(p, " [%s@%.120s", + l = sizeof hbuf - (hbuf - p) - 6; + snprintf(p, SPACELEFT(hbuf, p), " [%s@%.*s", *o == IPOPT_SSRR ? "!" : "", + l > 240 ? 120 : l / 2, inet_ntoa(ipopt.ipopt_dst)); - p += strlen(p); + i = strlen(p); + p += i; + l -= strlen(p); /* o[1] is option length */ j = *++o / sizeof(struct in_addr) - 1; @@ -1300,10 +1306,15 @@ postident: for ( ; j >= 0; j--) { memcpy(&addr, q, sizeof(addr)); - sprintf(p, "%c%.120s", - j ? '@' : ':', - inet_ntoa(addr)); - p += strlen(p); + snprintf(p, SPACELEFT(hbuf, p), + "%c%.*s", + j != 0 ? '@' : ':', + l > 240 ? 120 : + j == 0 ? l : l / 2, + inet_ntoa(addr)); + i = strlen(p); + p += i; + l -= i + 1; q += sizeof(struct in_addr); } o += *o; @@ -1315,7 +1326,7 @@ postident: break; } } - strcat(hbuf,"]"); + snprintf(p, SPACELEFT(hbuf, p), "]"); goto postipsr; } #endif @@ -1324,7 +1335,8 @@ noipsr: if (RealHostName != NULL && RealHostName[0] != '[') { p = &hbuf[strlen(hbuf)]; - (void) sprintf(p, " [%.100s]", anynet_ntoa(&RealHostAddr)); + (void) snprintf(p, SPACELEFT(hbuf, p), " [%.100s]", + anynet_ntoa(&RealHostAddr)); } postipsr: @@ -1423,12 +1435,7 @@ host_map_lookup(map, name, av, statp) printf("host_map_lookup(%s) => ", name); s->s_namecanon.nc_flags |= NCF_VALID; /* will be soon */ if (strlen(name) < sizeof hbuf) - (void) strcpy(hbuf, name); - else - { - bcopy(name, hbuf, sizeof hbuf - 1); - hbuf[sizeof hbuf - 1] = '\0'; - } + snprintf(hbuf, sizeof hbuf, "%s", name); if (getcanonname(hbuf, sizeof hbuf - 1, !HasWildcardMX)) { if (tTd(9, 1)) @@ -1538,9 +1545,10 @@ anynet_ntoa(sap) #if NETUNIX case AF_UNIX: if (sap->sunix.sun_path[0] != '\0') - sprintf(buf, "[UNIX: %.64s]", sap->sunix.sun_path); + snprintf(buf, sizeof buf, "[UNIX: %.64s]", + sap->sunix.sun_path); else - sprintf(buf, "[UNIX: localhost]"); + snprintf(buf, sizeof buf, "[UNIX: localhost]"); return buf; #endif @@ -1551,7 +1559,7 @@ anynet_ntoa(sap) #if NETLINK case AF_LINK: - sprintf(buf, "[LINK: %s]", + snprintf(buf, sizeof buf, "[LINK: %s]", link_ntoa((struct sockaddr_dl *) &sap->sa)); return buf; #endif @@ -1562,12 +1570,12 @@ anynet_ntoa(sap) } /* unknown family -- just dump bytes */ - (void) sprintf(buf, "Family %d: ", sap->sa.sa_family); + (void) snprintf(buf, sizeof buf, "Family %d: ", sap->sa.sa_family); bp = &buf[strlen(buf)]; ap = sap->sa.sa_data; for (l = sizeof sap->sa.sa_data; --l >= 0; ) { - (void) sprintf(bp, "%02x:", *ap++ & 0377); + (void) snprintf(bp, SPACELEFT(buf, bp), "%02x:", *ap++ & 0377); bp += 3; } *--bp = '\0'; @@ -1639,7 +1647,7 @@ hostnamebyanyaddr(sap) /* produce a dotted quad */ static char buf[203]; - (void) sprintf(buf, "[%.200s]", anynet_ntoa(sap)); + (void) snprintf(buf, sizeof buf, "[%.200s]", anynet_ntoa(sap)); return buf; } } diff --git a/usr.sbin/sendmail/src/deliver.c b/usr.sbin/sendmail/src/deliver.c index 2435f047783..cfa2e965d13 100644 --- a/usr.sbin/sendmail/src/deliver.c +++ b/usr.sbin/sendmail/src/deliver.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)deliver.c 8.185 (Berkeley) 11/18/95"; +static char sccsid[] = "@(#)deliver.c 8.185.1.2 (Berkeley) 9/16/96"; #endif /* not lint */ #include "sendmail.h" @@ -322,8 +322,10 @@ sendall(e, mode) char df1buf[20], df2buf[20]; ee->e_dfp = NULL; - strcpy(df1buf, queuename(e, 'd')); - strcpy(df2buf, queuename(ee, 'd')); + snprintf(df1buf, sizeof df1buf, "%s", + queuename(e, 'd')); + snprintf(df2buf, sizeof df2buf, "%s", + queuename(ee, 'd')); if (link(df1buf, df2buf) < 0) { int saverrno = errno; @@ -569,7 +571,8 @@ sendenvelope(e, mode) #if XDEBUG char wbuf[MAXNAME + 20]; - (void) sprintf(wbuf, "sendall(%.*s)", MAXNAME, q->q_paddr); + (void) snprintf(wbuf, sizeof wbuf, "sendall(%.*s)", + MAXNAME, q->q_paddr); checkfd012(wbuf); #endif if (mode == SM_VERIFY) @@ -776,9 +779,13 @@ deliver(e, firstto) p = e->e_sender; else p = e->e_from.q_paddr; - (void) strcpy(rpathbuf, remotename(p, m, - RF_SENDERADDR|RF_CANONICAL, - &rcode, e)); + p = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e); + if (strlen(p) >= (SIZE_T) sizeof rpathbuf) + { + p = shortenstring(p, 203); + syserr("remotename: huge return %s", p); + } + snprintf(rpathbuf, sizeof rpathbuf, "%s", p); define('g', rpathbuf, e); /* translated return path */ define('h', host, e); /* to host */ Errors = 0; @@ -1087,7 +1094,7 @@ deliver(e, firstto) char wbuf[MAXLINE]; /* make absolutely certain 0, 1, and 2 are in use */ - sprintf(wbuf, "%s... openmailer(%s)", + snprintf(wbuf, sizeof wbuf, "%s... openmailer(%s)", shortenstring(e->e_to, 203), m->m_name); checkfd012(wbuf); } @@ -1735,7 +1742,7 @@ tryhost: char wbuf[MAXLINE]; /* make absolutely certain 0, 1, and 2 are in use */ - sprintf(wbuf, "%s... end of deliver(%s)", + snprintf(wbuf, sizeof wbuf, "%s... end of deliver(%s)", e->e_to == NULL ? "NO-TO-LIST" : shortenstring(e->e_to, 203), m->m_name); @@ -1851,7 +1858,7 @@ markfailure(e, q, mci, rcode) { char buf[30]; - (void) sprintf(buf, "%d", rcode); + (void) snprintf(buf, sizeof buf, "%d", rcode); q->q_rstatus = newstr(buf); } } @@ -1977,20 +1984,24 @@ giveresponse(stat, m, mci, ctladdr, xstart, e) statmsg = "250 Sent"; if (e->e_statmsg != NULL) { - (void) sprintf(buf, "%s (%s)", + (void) snprintf(buf, sizeof buf, "%s (%s)", statmsg, shortenstring(e->e_statmsg, 403)); statmsg = buf; } } else if (i < 0 || i > N_SysEx) { - (void) sprintf(buf, "554 unknown mailer error %d", stat); + (void) snprintf(buf, sizeof buf, "554 unknown mailer error %d", + stat); stat = EX_UNAVAILABLE; statmsg = buf; } else if (stat == EX_TEMPFAIL) { - (void) strcpy(buf, SysExMsg[i] + 1); + char *bp = buf; + + snprintf(bp, SPACELEFT(buf, bp), "%s", SysExMsg[i] + 1); + bp += strlen(bp); #if NAMED_BIND if (h_errno == TRY_AGAIN) statmsg = errstring(h_errno+E_DNSBASE); @@ -2009,17 +2020,15 @@ giveresponse(stat, m, mci, ctladdr, xstart, e) } } if (statmsg != NULL && statmsg[0] != '\0') - { - (void) strcat(buf, ": "); - (void) strcat(buf, statmsg); - } + snprintf(bp, SPACELEFT(buf, bp), ": %s", statmsg); statmsg = buf; } #if NAMED_BIND else if (stat == EX_NOHOST && h_errno != 0) { statmsg = errstring(h_errno + E_DNSBASE); - (void) sprintf(buf, "%s (%s)", SysExMsg[i] + 1, statmsg); + (void) snprintf(buf, sizeof buf, "%s (%s)", + SysExMsg[i] + 1, statmsg); statmsg = buf; } #endif @@ -2028,7 +2037,8 @@ giveresponse(stat, m, mci, ctladdr, xstart, e) statmsg = SysExMsg[i]; if (*statmsg++ == ':') { - (void) sprintf(buf, "%s: %s", statmsg, errstring(errno)); + (void) snprintf(buf, sizeof buf, "%s: %s", + statmsg, errstring(errno)); statmsg = buf; } } @@ -2050,7 +2060,7 @@ giveresponse(stat, m, mci, ctladdr, xstart, e) char mbuf[8]; Errors++; - sprintf(mbuf, "%.3s %%s", statmsg); + snprintf(mbuf, sizeof mbuf, "%.3s %%s", statmsg); usrerr(mbuf, &statmsg[4]); } @@ -2105,8 +2115,6 @@ giveresponse(stat, m, mci, ctladdr, xstart, e) ** none */ -#define SPACELEFT(bp) (sizeof buf - ((bp) - buf)) - void logdelivery(m, mci, stat, ctladdr, xstart, e) MAILER *m; @@ -2127,25 +2135,25 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) bp = buf; if (ctladdr != NULL) { - strcpy(bp, ", ctladdr="); - strcat(bp, shortenstring(ctladdr->q_paddr, 83)); + snprintf(bp, SPACELEFT(buf, bp), ", ctladdr=%s", + shortenstring(ctladdr->q_paddr, 83)); bp += strlen(bp); if (bitset(QGOODUID, ctladdr->q_flags)) { - (void) snprintf(bp, SPACELEFT(bp), " (%d/%d)", + (void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)", ctladdr->q_uid, ctladdr->q_gid); bp += strlen(bp); } } /* delay & xdelay: max 41 bytes */ - snprintf(bp, SPACELEFT(bp), ", delay=%s", + snprintf(bp, SPACELEFT(buf, bp), ", delay=%s", pintvl(curtime() - e->e_ctime, TRUE)); bp += strlen(bp); if (xstart != (time_t) 0) { - snprintf(bp, SPACELEFT(bp), ", xdelay=%s", + snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s", pintvl(curtime() - xstart, TRUE)); bp += strlen(bp); } @@ -2153,7 +2161,7 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) /* mailer: assume about 19 bytes (max 10 byte mailer name) */ if (m != NULL) { - snprintf(bp, SPACELEFT(bp), ", mailer=%s", m->m_name); + snprintf(bp, SPACELEFT(buf, bp), ", mailer=%s", m->m_name); bp += strlen(bp); } @@ -2164,14 +2172,14 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) extern SOCKADDR CurHostAddr; # endif - snprintf(bp, SPACELEFT(bp), ", relay=%s", + snprintf(bp, SPACELEFT(buf, bp), ", relay=%s", shortenstring(mci->mci_host, 40)); bp += strlen(bp); # ifdef DAEMON if (CurHostAddr.sa.sa_family != 0) { - snprintf(bp, SPACELEFT(bp), " [%s]", + snprintf(bp, SPACELEFT(buf, bp), " [%s]", anynet_ntoa(&CurHostAddr)); } # endif @@ -2182,7 +2190,7 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) if (p != NULL && p[0] != '\0') { - snprintf(bp, SPACELEFT(bp), ", relay=%s", + snprintf(bp, SPACELEFT(buf, bp), ", relay=%s", shortenstring(p, 40)); } } @@ -2246,46 +2254,50 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) if (ctladdr != NULL) { bp = buf; - strcpy(buf, "ctladdr="); - bp += strlen(buf); - strcpy(bp, shortenstring(ctladdr->q_paddr, 83)); - bp += strlen(buf); + snprintf(bp, SPACELEFT(buf, bp), "ctladdr=%s", + shortenstring(ctladdr->q_paddr, 83)); + bp += strlen(bp); if (bitset(QGOODUID, ctladdr->q_flags)) { - (void) sprintf(bp, " (%d/%d)", + (void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)", ctladdr->q_uid, ctladdr->q_gid); bp += strlen(bp); } syslog(LOG_INFO, "%s: %s", e->e_id, buf); } bp = buf; - sprintf(bp, "delay=%s", pintvl(curtime() - e->e_ctime, TRUE)); + snprintf(bp, SPACELEFT(buf, bp), "delay=%s", + pintvl(curtime() - e->e_ctime, TRUE)); bp += strlen(bp); if (xstart != (time_t) 0) { - sprintf(bp, ", xdelay=%s", pintvl(curtime() - xstart, TRUE)); + snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s", + pintvl(curtime() - xstart, TRUE)); bp += strlen(bp); } if (m != NULL) { - sprintf(bp, ", mailer=%s", m->m_name); + snprintf(bp, SPACELEFT(buf, bp), ", mailer=%s", m->m_name); bp += strlen(bp); } syslog(LOG_INFO, "%s: %.1000s", e->e_id, buf); buf[0] = '\0'; + bp = buf; if (mci != NULL && mci->mci_host != NULL) { # ifdef DAEMON extern SOCKADDR CurHostAddr; # endif - sprintf(buf, "relay=%.100s", mci->mci_host); + snprintf(bp, SPACELEFT(buf, bp), "relay=%.100s", mci->mci_host); + bp += strlen(bp); # ifdef DAEMON if (CurHostAddr.sa.sa_family != 0) - sprintf(bp, " [%.100s]", anynet_ntoa(&CurHostAddr)); + snprintf(bp, SPACELEFT(buf, bp), " [%.100s]", + anynet_ntoa(&CurHostAddr)); # endif } else if (strcmp(stat, "queued") != 0) @@ -2293,7 +2305,7 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) char *p = macvalue('h', e); if (p != NULL && p[0] != '\0') - sprintf(buf, "relay=%.100s", p); + snprintf(buf, sizeof buf, "relay=%.100s", p); } if (buf[0] != '\0') syslog(LOG_INFO, "%s: %.1000s", e->e_id, buf); @@ -2302,8 +2314,6 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) # endif /* short log buffer */ # endif /* LOG */ } - -#undef SPACELEFT /* ** PUTFROMLINE -- output a UNIX-style from line (or whatever) ** @@ -2351,7 +2361,8 @@ putfromline(mci, e) else { *bang++ = '\0'; - (void) sprintf(xbuf, "From %.800s \201d remote from %.100s\n", + (void) snprintf(xbuf, sizeof xbuf, + "From %.800s \201d remote from %.100s\n", bang, buf); template = xbuf; } @@ -2440,7 +2451,8 @@ putbody(mci, e, separator) if (hvalue("Content-Type", e->e_header) == NULL) { - sprintf(buf, "Content-Type: text/plain; charset=%s", + snprintf(buf, sizeof buf, + "Content-Type: text/plain; charset=%s", defcharset(e)); putline(buf, mci); } diff --git a/usr.sbin/sendmail/src/domain.c b/usr.sbin/sendmail/src/domain.c index ffe1bbf400b..da43406689b 100644 --- a/usr.sbin/sendmail/src/domain.c +++ b/usr.sbin/sendmail/src/domain.c @@ -36,9 +36,9 @@ #ifndef lint #if NAMED_BIND -static char sccsid[] = "@(#)domain.c 8.54 (Berkeley) 9/28/95 (with name server)"; +static char sccsid[] = "@(#)domain.c 8.54.1.2 (Berkeley) 9/16/96 (with name server)"; #else -static char sccsid[] = "@(#)domain.c 8.54 (Berkeley) 9/28/95 (without name server)"; +static char sccsid[] = "@(#)domain.c 8.54.1.2 (Berkeley) 9/16/96 (without name server)"; #endif #endif /* not lint */ @@ -339,7 +339,13 @@ punt: host, MyHostName); return -1; } - strcpy(MXHostBuf, host); + if (strlen(host) >= (SIZE_T) sizeof MXHostBuf) + { + *rcode = EX_CONFIG; + syserr("Host name %s too long", shortenstring(host, 203)); + return -1; + } + snprintf(MXHostBuf, sizeof MXHostBuf, "%s", host); mxhosts[0] = MXHostBuf; if (host[0] == '[') { @@ -733,7 +739,8 @@ cnameloop: { char ebuf[MAXLINE]; - sprintf(ebuf, "Deferred: DNS failure: CNAME loop for %.100s", + snprintf(ebuf, sizeof ebuf, + "Deferred: DNS failure: CNAME loop for %.100s", host); CurEnv->e_message = newstr(ebuf); } @@ -809,7 +816,7 @@ cnameloop: ** Otherwise append the saved domain name. */ - (void) sprintf(nbuf, "%.*s%s%.*s", MAXDNAME, host, + (void) snprintf(nbuf, sizeof nbuf, "%.*s%s%.*s", MAXDNAME, host, *mxmatch == '\0' ? "" : ".", MAXDNAME, mxmatch); strncpy(host, nbuf, hbsize); diff --git a/usr.sbin/sendmail/src/envelope.c b/usr.sbin/sendmail/src/envelope.c index 1cd3b56f76d..a22f73caa85 100644 --- a/usr.sbin/sendmail/src/envelope.c +++ b/usr.sbin/sendmail/src/envelope.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)envelope.c 8.76 (Berkeley) 11/11/95"; +static char sccsid[] = "@(#)envelope.c 8.76.1.2 (Berkeley) 9/16/96"; #endif /* not lint */ #include "sendmail.h" @@ -179,7 +179,7 @@ dropenvelope(e) /* nothing to do */ ; else if (curtime() > e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass]) { - (void) sprintf(buf, "Cannot send message for %s", + (void) snprintf(buf, sizeof buf, "Cannot send message for %s", pintvl(TimeOuts.to_q_return[e->e_timeoutclass], FALSE)); if (e->e_message != NULL) free(e->e_message); @@ -223,7 +223,7 @@ dropenvelope(e) (strlen(e->e_from.q_paddr) <= (SIZE_T) 8 || strcasecmp(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8], "-request") != 0)) { - (void) sprintf(buf, + (void) snprintf(buf, sizeof buf, "Warning: could not send message for past %s", pintvl(TimeOuts.to_q_warning[e->e_timeoutclass], FALSE)); if (e->e_message != NULL) @@ -452,11 +452,11 @@ initsys(e) */ /* process id */ - (void) sprintf(pbuf, "%d", getpid()); + (void) snprintf(pbuf, sizeof pbuf, "%d", getpid()); define('p', newstr(pbuf), e); /* hop count */ - (void) sprintf(cbuf, "%d", e->e_hopcount); + (void) snprintf(cbuf, sizeof cbuf, "%d", e->e_hopcount); define('c', newstr(cbuf), e); /* time as integer, unix time, arpa time */ @@ -471,7 +471,7 @@ initsys(e) { if (strrchr(p, '/') != NULL) p = strrchr(p, '/') + 1; - (void) strcpy(ybuf, p); + snprintf(ybuf, sizeof ybuf, "%s", p); define('y', ybuf, e); } } @@ -504,7 +504,7 @@ settime(e) now = curtime(); tm = gmtime(&now); - (void) sprintf(tbuf, "%04d%02d%02d%02d%02d", tm->tm_year + 1900, + (void) snprintf(tbuf, sizeof tbuf, "%04d%02d%02d%02d%02d", tm->tm_year + 1900, tm->tm_mon+1, tm->tm_mday, tm->tm_hour, tm->tm_min); define('t', newstr(tbuf), e); (void) strcpy(dbuf, ctime(&now)); @@ -686,7 +686,7 @@ setsender(from, e, delimptr, internal) if (host == NULL) host = MyHostName; - (void) sprintf(ebuf, "%.*s@%.*s", + (void) snprintf(ebuf, sizeof ebuf, "%.*s@%.*s", MAXNAME, realname, MAXNAME, host); p = ebuf; @@ -777,8 +777,7 @@ setsender(from, e, delimptr, internal) strcmp(pw->pw_name, e->e_from.q_user) == 0 && !internal) { - buildfname(pw->pw_gecos, e->e_from.q_user, - buf, sizeof buf); + buildfname(pw->pw_gecos, e->e_from.q_user, buf, sizeof buf); if (buf[0] != '\0') FullName = newstr(buf); } diff --git a/usr.sbin/sendmail/src/err.c b/usr.sbin/sendmail/src/err.c index 241a4865c8a..c231ef119d4 100644 --- a/usr.sbin/sendmail/src/err.c +++ b/usr.sbin/sendmail/src/err.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)err.c 8.42 (Berkeley) 11/29/95"; +static char sccsid[] = "@(#)err.c 8.42.1.2 (Berkeley) 9/16/96"; #endif /* not lint */ # include "sendmail.h" @@ -137,7 +137,7 @@ syserr(fmt, va_alist) else { uname = ubuf; - sprintf(ubuf, "UID%d", getuid()); + snprintf(ubuf, sizeof ubuf, "UID%d", getuid()); } if (LogLevel > 0) @@ -218,7 +218,7 @@ usrerr(fmt, va_alist) { char buf[MAXLINE]; - sprintf(buf, "Postmaster warning: %.*s", + snprintf(buf, sizeof buf, "Postmaster warning: %.*s", sizeof buf - 22, MsgBuf + 4); CurEnv->e_message = newstr(buf); } @@ -394,7 +394,7 @@ putoutmsg(msg, holdmsg, heldmsg) { /* save for possible future display */ msg[0] = msgcode; - strcpy(HeldMessageBuf, msg); + snprintf(HeldMessageBuf, sizeof HeldMessageBuf, "%s", msg); return; } @@ -511,7 +511,7 @@ fmtmsg(eb, to, num, eno, fmt, ap) del = '-'; else del = ' '; - (void) sprintf(eb, "%3.3s%c", num, del); + (void) snprintf(eb, spaceleft, "%3.3s%c", num, del); eb += 4; spaceleft -= 4; @@ -600,6 +600,7 @@ errstring(errnum) int errnum; { char *dnsmsg; + char *bp; static char buf[MAXLINE]; # ifndef ERRLIST_PREDEFINED extern char *sys_errlist[]; @@ -621,30 +622,33 @@ errstring(errnum) # if defined(DAEMON) && defined(ETIMEDOUT) case ETIMEDOUT: case ECONNRESET: - (void) strcpy(buf, sys_errlist[errnum]); + bp = buf; + snprintf(bp, SPACELEFT(buf, bp), "%s", sys_errlist[errnum]); + bp += strlen(buf); if (SmtpPhase != NULL) { - (void) strcat(buf, " during "); - (void) strcat(buf, SmtpPhase); + snprintf(bp, SPACELEFT(buf, bp), " during %s", + SmtpPhase); + bp += strlen(bp); } if (CurHostName != NULL) { - (void) strcat(buf, " with "); - (void) strcat(buf, CurHostName); + snprintf(bp, SPACELEFT(buf, bp), " with %s", + shortenstring(CurHostName, 203)); } return (buf); case EHOSTDOWN: if (CurHostName == NULL) break; - (void) sprintf(buf, "Host %s is down", + (void) snprintf(buf, sizeof buf, "Host %s is down", shortenstring(CurHostName, 203)); return (buf); case ECONNREFUSED: if (CurHostName == NULL) break; - (void) sprintf(buf, "Connection refused by %s", + (void) snprintf(buf, sizeof buf, "Connection refused by %s", shortenstring(CurHostName, 203)); return (buf); # endif @@ -677,19 +681,22 @@ errstring(errnum) if (dnsmsg != NULL) { - (void) strcpy(buf, "Name server: "); + bp = buf; + strcpy(bp, "Name server: "); + bp += strlen(bp); if (CurHostName != NULL) { - (void) strcat(buf, CurHostName); - (void) strcat(buf, ": "); + snprintf(bp, SPACELEFT(buf, bp), "%s: ", + shortenstring(CurHostName, 203)); + bp += strlen(bp); } - (void) strcat(buf, dnsmsg); + snprintf(bp, SPACELEFT(buf, bp), "%s", dnsmsg); return buf; } if (errnum > 0 && errnum < sys_nerr) return (sys_errlist[errnum]); - (void) sprintf(buf, "Error %d", errnum); + (void) snprintf(buf, sizeof buf, "Error %d", errnum); return (buf); } diff --git a/usr.sbin/sendmail/src/headers.c b/usr.sbin/sendmail/src/headers.c index 748e2343f70..5a375b8eb0a 100644 --- a/usr.sbin/sendmail/src/headers.c +++ b/usr.sbin/sendmail/src/headers.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)headers.c 8.82.1.1 (Berkeley) 2/18/96"; +static char sccsid[] = "@(#)headers.c 8.82.1.2 (Berkeley) 9/16/96"; #endif /* not lint */ # include @@ -678,11 +678,11 @@ logsender(e, msgid) else { name = hbuf; - (void) sprintf(hbuf, "%.80s", RealHostName); + (void) snprintf(hbuf, sizeof hbuf, "%.80s", RealHostName); if (RealHostAddr.sa.sa_family != 0) { p = &hbuf[strlen(hbuf)]; - (void) sprintf(p, " (%.100s)", + (void) snprintf(p, SPACELEFT(hbuf, p), " (%.100s)", anynet_ntoa(&RealHostAddr)); } } @@ -690,23 +690,25 @@ logsender(e, msgid) /* some versions of syslog only take 5 printf args */ # if (SYSLOG_BUFSIZE) >= 256 sbp = sbuf; - sprintf(sbp, "from=%.200s, size=%ld, class=%d, pri=%ld, nrcpts=%d", + snprintf(sbp, SPACELEFT(sbuf, sbp), + "from=%.200s, size=%ld, class=%d, pri=%ld, nrcpts=%d", e->e_from.q_paddr == NULL ? "" : e->e_from.q_paddr, e->e_msgsize, e->e_class, e->e_msgpriority, e->e_nrcpts); sbp += strlen(sbp); if (msgid != NULL) { - sprintf(sbp, ", msgid=%.100s", mbuf); + snprintf(sbp, SPACELEFT(sbuf, sbp), ", msgid=%.100s", mbuf); sbp += strlen(sbp); } if (e->e_bodytype != NULL) { - (void) sprintf(sbp, ", bodytype=%.20s", e->e_bodytype); + (void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", bodytype=%.20s", + e->e_bodytype); sbp += strlen(sbp); } p = macvalue('r', e); if (p != NULL) - (void) sprintf(sbp, ", proto=%.20s", p); + (void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", proto=%.20s", p); syslog(LOG_INFO, "%s: %.850s, relay=%.100s", e->e_id, sbuf, name); @@ -722,17 +724,17 @@ logsender(e, msgid) syslog(LOG_INFO, "%s: msgid=%s", e->e_id, shortenstring(mbuf, 83)); sbp = sbuf; - sprintf(sbp, "%s:", e->e_id); + snprintf(sbp, SPACELEFT(sbuf, sbp), "%s:", e->e_id); sbp += strlen(sbp); if (e->e_bodytype != NULL) { - sprintf(sbp, " bodytype=%.20s,", e->e_bodytype); + snprintf(sbp, SPACELEFT(sbuf, sbp), " bodytype=%.20s,", e->e_bodytype); sbp += strlen(sbp); } p = macvalue('r', e); if (p != NULL) { - sprintf(sbp, " proto=%.20s,", p); + snprintf(sbp, SPACELEFT(sbuf, sbp), " proto=%.20s,", p); sbp += strlen(sbp); } syslog(LOG_INFO, "%.400s relay=%.100s", sbuf, name); @@ -1216,7 +1218,8 @@ putheader(mci, h, e) else { /* no other recipient headers: truncate value */ - (void) sprintf(obuf, "%s:", h->h_field); + (void) snprintf(obuf, sizeof obuf, "%s:", + h->h_field); putline(obuf, mci); } continue; @@ -1241,13 +1244,15 @@ putheader(mci, h, e) register char *obp; vanilla: - (void) sprintf(obuf, "%.200s: ", h->h_field); + obp = obuf; + (void) snprintf(obp, SPACELEFT(obuf, obp), "%.200s: ", + h->h_field); obp = obuf + strlen(obuf); while ((nlp = strchr(p, '\n')) != NULL) { *nlp = '\0'; - sprintf(obp, "%.*s", + snprintf(obp, SPACELEFT(obuf, obp), "%.*s", sizeof obuf - (obp - obuf) - 1, p); *nlp = '\n'; putline(obuf, mci); @@ -1256,7 +1261,8 @@ vanilla: if (*p != ' ' && *p != '\t') *obp++ = ' '; } - sprintf(obp, "%.*s", sizeof obuf - (obp - obuf) - 1, p); + snprintf(obp, SPACELEFT(obuf, obp), "%.*s", + sizeof obuf - (obp - obuf) - 1, p); putline(obuf, mci); } } @@ -1277,7 +1283,8 @@ vanilla: putline("MIME-Version: 1.0", mci); if (hvalue("Content-Type", e->e_header) == NULL) { - sprintf(obuf, "Content-Type: text/plain; charset=%s", + snprintf(obuf, sizeof obuf, + "Content-Type: text/plain; charset=%s", defcharset(e)); putline(obuf, mci); } @@ -1326,7 +1333,7 @@ commaize(h, p, oldstyle, mci, e) printf("commaize(%s: %s)\n", h->h_field, p); obp = obuf; - (void) sprintf(obp, "%.200s: ", h->h_field); + (void) snprintf(obp, SPACELEFT(obuf, obp), "%.200s: ", h->h_field); opos = strlen(h->h_field) + 2; obp += opos; omax = mci->mci_mailer->m_linelimit - 2; @@ -1420,7 +1427,7 @@ commaize(h, p, oldstyle, mci, e) opos += 2; if (opos > omax && !firstone) { - (void) strcpy(obp, ",\n"); + snprintf(obp, SPACELEFT(obuf, obp), ",\n"); putline(obuf, mci); obp = obuf; (void) strcpy(obp, " "); @@ -1430,7 +1437,7 @@ commaize(h, p, oldstyle, mci, e) } else if (!firstone) { - (void) strcpy(obp, ", "); + snprintf(obp, SPACELEFT(obuf, obp), ", "); obp += 2; } diff --git a/usr.sbin/sendmail/src/main.c b/usr.sbin/sendmail/src/main.c index 5e352f2b9fb..e50735deeaa 100644 --- a/usr.sbin/sendmail/src/main.c +++ b/usr.sbin/sendmail/src/main.c @@ -39,7 +39,7 @@ static char copyright[] = #endif /* not lint */ #ifndef lint -static char sccsid[] = "@(#)main.c 8.162 (Berkeley) 11/18/95"; +static char sccsid[] = "@(#)main.c 8.162.1.3 (Berkeley) 9/16/96"; #endif /* not lint */ #define _DEFINE @@ -144,6 +144,7 @@ main(argc, argv, envp) extern void sigusr1(); extern void sighup(); extern void initmacros __P((ENVELOPE *)); + extern void resetlimits __P((void)); /* ** Check to see if we reentered. @@ -224,9 +225,9 @@ main(argc, argv, envp) pw = sm_getpwuid(RealUid); if (pw != NULL) - (void) strcpy(rnamebuf, pw->pw_name); + (void) snprintf(rnamebuf, sizeof rnamebuf, "%s", pw->pw_name); else - (void) sprintf(rnamebuf, "Unknown UID %d", RealUid); + (void) snprintf(rnamebuf, sizeof rnamebuf, "Unknown UID %d", RealUid); RealUserName = rnamebuf; /* save command line arguments */ @@ -431,7 +432,7 @@ main(argc, argv, envp) { char ipbuf[103]; - sprintf(ipbuf, "[%.100s]", + snprintf(ipbuf, sizeof ipbuf, "[%.100s]", inet_ntoa(*((struct in_addr *) hp->h_addr_list[i]))); if (tTd(0, 4)) printf("\ta.k.a.: %s\n", ipbuf); @@ -707,6 +708,9 @@ main(argc, argv, envp) readcf(getcfname(), safecf, CurEnv); vendor_post_defaults(CurEnv); + /* avoid denial-of-service attacks */ + resetlimits(); + /* suppress error printing if errors mailed back or whatever */ if (CurEnv->e_errormode != EM_PRINT) HoldErrs = TRUE; @@ -1569,7 +1573,7 @@ auth_warning(e, msg, va_alist) if (hostbuf[0] == '\0') (void) myhostname(hostbuf, sizeof hostbuf); - (void) sprintf(buf, "%s: ", hostbuf); + (void) snprintf(buf, sizeof buf, "%s: ", hostbuf); p = &buf[strlen(buf)]; VA_START(msg); vsnprintf(p, sizeof buf - (p - buf), msg, ap); @@ -1930,6 +1934,11 @@ testmodeline(line, e) printf("Usage: /canon address\n"); return; } + else if (strlen(p) >= sizeof host) + { + printf("Name too long\n"); + return; + } strcpy(host, p); getcanonname(host, sizeof(host), HasWildcardMX, &rcode); printf("getcanonname(%s) returns %s (%d)\n", diff --git a/usr.sbin/sendmail/src/map.c b/usr.sbin/sendmail/src/map.c index 23060d07e6e..13d38ce97be 100644 --- a/usr.sbin/sendmail/src/map.c +++ b/usr.sbin/sendmail/src/map.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)map.c 8.108 (Berkeley) 11/29/95"; +static char sccsid[] = "@(#)map.c 8.108.1.2 (Berkeley) 9/16/96"; #endif /* not lint */ #include "sendmail.h" @@ -99,7 +99,7 @@ static char sccsid[] = "@(#)map.c 8.108 (Berkeley) 11/29/95"; #define EX_NOTFOUND EX_NOHOST extern bool aliaswait __P((MAP *, char *, int)); -extern bool extract_canonname __P((char *, char *, char[])); +extern bool extract_canonname __P((char *, char *, char[], int)); #if defined(O_EXLOCK) && HASFLOCK # define LOCK_ON_OPEN 1 /* we can open/create a locked file */ @@ -647,6 +647,7 @@ getcanonname(host, hbsize, trymx) ** name -- the name against which to match. ** line -- the /etc/hosts line. ** cbuf -- the location to store the result. +** cbuflen -- the size of cbuf. ** ** Returns: ** TRUE -- if the line matched the desired name. @@ -654,17 +655,20 @@ getcanonname(host, hbsize, trymx) */ bool -extract_canonname(name, line, cbuf) +extract_canonname(name, line, cbuf, cbuflen) char *name; char *line; char cbuf[]; + int cbuflen; { int i; char *p; bool found = FALSE; - extern char *get_column(); + int l; + extern char *get_column __P((char *, int, char, char *, int)); cbuf[0] = '\0'; + l = cbuflen; if (line[0] == '#') return FALSE; @@ -672,12 +676,14 @@ extract_canonname(name, line, cbuf) { char nbuf[MAXNAME + 1]; - p = get_column(line, i, '\0', nbuf); + p = get_column(line, i, '\0', nbuf, sizeof nbuf); if (p == NULL) break; if (cbuf[0] == '\0' || (strchr(cbuf, '.') == NULL && strchr(p, '.') != NULL)) - strcpy(cbuf, p); + { + snprintf(cbuf, cbuflen, "%s", p); + } if (strcasecmp(name, p) == 0) found = TRUE; } @@ -687,7 +693,7 @@ extract_canonname(name, line, cbuf) char *domain = macvalue('m', CurEnv); if (domain != NULL && - strlen(domain) + strlen(cbuf) + 1 < MAXNAME) + strlen(domain) + strlen(cbuf) + 1 < cbuflen) { p = &cbuf[strlen(cbuf)]; *p++ = '.'; @@ -746,8 +752,8 @@ ndbm_map_open(map, mode) char dirfile[MAXNAME + 1]; char pagfile[MAXNAME + 1]; - sprintf(dirfile, "%s.dir", map->map_file); - sprintf(pagfile, "%s.pag", map->map_file); + snprintf(dirfile, sizeof dirfile, "%s.dir", map->map_file); + snprintf(pagfile, sizeof pagfile, "%s.pag", map->map_file); dirfd = open(dirfile, mode|O_CREAT, DBMMODE); pagfd = open(pagfile, mode|O_CREAT, DBMMODE); @@ -924,7 +930,8 @@ ndbm_map_store(map, lhs, rhs) bufsiz = data.dsize + old.dsize + 2; buf = xalloc(bufsiz); } - sprintf(buf, "%s,%s", data.dptr, old.dptr); + snprintf(buf, bufsiz, "%s,%s", + data.dptr, old.dptr); data.dsize = data.dsize + old.dsize + 1; data.dptr = buf; if (tTd(38, 9)) @@ -961,7 +968,7 @@ ndbm_map_close(map) if (strstr(map->map_file, "/yp/") != NULL) { - (void) sprintf(buf, "%010ld", curtime()); + (void) snprintf(buf, sizeof buf, "%010ld", curtime()); ndbm_map_store(map, "YP_LAST_MODIFIED", buf); (void) gethostname(buf, sizeof buf); @@ -1033,7 +1040,7 @@ db_map_open(map, mode, dbtype) struct stat st; char buf[MAXNAME + 1]; - (void) strcpy(buf, map->map_file); + snprintf(buf, sizeof buf - 3, "%s", map->map_file); i = strlen(buf); if (i < 3 || strcmp(&buf[i - 3], ".db") != 0) (void) strcat(buf, ".db"); @@ -1249,7 +1256,8 @@ db_map_store(map, lhs, rhs) bufsiz = data.size + old.size + 2; buf = xalloc(bufsiz); } - sprintf(buf, "%s,%s", data.data, old.data); + snprintf(buf, bufsiz, "%s,%s", + data.data, old.data); data.size = data.size + old.size + 1; data.data = buf; if (tTd(38, 9)) @@ -1508,7 +1516,7 @@ nis_getcanonname(name, hbsize, statp) host_record[vsize] = '\0'; if (tTd(38, 44)) printf("got record `%s'\n", host_record); - if (!extract_canonname(nbuf, host_record, cbuf)) + if (!extract_canonname(nbuf, host_record, cbuf, sizeof cbuf)) { /* this should not happen, but.... */ *statp = EX_NOHOST; @@ -1586,7 +1594,8 @@ nisplus_map_open(map, mode) /* check to see if this map actually exists */ if (PARTIAL_NAME(map->map_file)) - sprintf(qbuf, "%s.%s", map->map_file, map->map_domain); + snprintf(qbuf, sizeof qbuf, "%s.%s", + map->map_file, map->map_domain); else strcpy(qbuf, map->map_file); @@ -1724,11 +1733,12 @@ nisplus_map_lookup(map, name, av, statp) /* construct the query */ if (PARTIAL_NAME(map->map_file)) - sprintf(qbuf, "[%s=%s],%s.%s", map->map_keycolnm, - search_key, map->map_file, map->map_domain); + snprintf(qbuf, sizeof qbuf, "[%s=%s],%s.%s", + map->map_keycolnm, search_key, map->map_file, + map->map_domain); else - sprintf(qbuf, "[%s=%s],%s", map->map_keycolnm, - search_key, map->map_file); + snprintf(qbuf, sizeof qbuf, "[%s=%s],%s", + map->map_keycolnm, search_key, map->map_file); if (tTd(38, 20)) printf("qbuf=%s\n", qbuf); @@ -1816,13 +1826,14 @@ nisplus_getcanonname(name, hbsize, statp) if (p == NULL) { /* single token */ - sprintf(qbuf, "[name=%s],hosts.org_dir", nbuf); + snprintf(qbuf, sizeof qbuf, "[name=%s],hosts.org_dir", nbuf); } else if (p[1] != '\0') { /* multi token -- take only first token in nbuf */ *p = '\0'; - sprintf(qbuf, "[name=%s],hosts.org_dir.%s", nbuf, &p[1]); + snprintf(qbuf, sizeof qbuf, "[name=%s],hosts.org_dir.%s", + nbuf, &p[1]); } else { @@ -1882,7 +1893,7 @@ nisplus_getcanonname(name, hbsize, statp) if (domain[0] == '\0') strcpy(name, vp); else - sprintf(name, "%s.%s", vp, domain); + snprintf(name, hbsize, "%s.%s", vp, domain); *statp = EX_OK; } else @@ -1917,7 +1928,7 @@ nisplus_default_domain() return(default_domain); p = nis_local_directory(); - strcpy(default_domain, p); + snprintf(default_domain, sizeof default_domain, "%s", p); return default_domain; } @@ -2450,8 +2461,7 @@ text_map_lookup(map, name, av, statp) char delim; int key_idx; bool found_it; - extern char *get_column(); - + extern char *get_column __P((char *, int, char, char *, int)); found_it = FALSE; if (tTd(38, 20)) @@ -2483,7 +2493,7 @@ text_map_lookup(map, name, av, statp) p = strchr(linebuf, '\n'); if (p != NULL) *p = '\0'; - p = get_column(linebuf, key_idx, delim, buf); + p = get_column(linebuf, key_idx, delim, buf, sizeof buf); if (p != NULL && strcasecmp(search_key, p) == 0) { found_it = TRUE; @@ -2496,7 +2506,7 @@ text_map_lookup(map, name, av, statp) *statp = EX_NOTFOUND; return NULL; } - vp = get_column(linebuf, map->map_valcolno, delim, buf); + vp = get_column(linebuf, map->map_valcolno, delim, buf, sizeof buf); vsize = strlen(vp); *statp = EX_OK; if (bitset(MF_MATCHONLY, map->map_mflags)) @@ -2523,7 +2533,7 @@ text_getcanonname(name, hbsize, statp) char cbuf[MAXNAME + 1]; char fbuf[MAXNAME + 1]; char nbuf[MAXNAME + 1]; - extern char *get_column(); + extern char *get_column __P((char *, int, char, char *, int)); if (tTd(38, 20)) printf("text_getcanonname(%s)\n", name); @@ -2550,7 +2560,7 @@ text_getcanonname(name, hbsize, statp) if (p != NULL) *p = '\0'; if (linebuf[0] != '\0') - found = extract_canonname(nbuf, linebuf, cbuf); + found = extract_canonname(nbuf, linebuf, cbuf, sizeof cbuf); } fclose(f); if (!found) @@ -2883,12 +2893,12 @@ user_map_lookup(map, key, av, statp) break; case 3: - sprintf(buf, "%d", pw->pw_uid); + snprintf(buf, sizeof buf, "%d", pw->pw_uid); rwval = buf; break; case 4: - sprintf(buf, "%d", pw->pw_gid); + snprintf(buf, sizeof buf, "%d", pw->pw_gid); rwval = buf; break; @@ -2939,7 +2949,7 @@ prog_map_lookup(map, name, av, statp) argv[i++] = map->map_file; if (map->map_rebuild != NULL) { - strcpy(buf, map->map_rebuild); + snprintf(buf, sizeof buf, "%s", map->map_rebuild); for (p = strtok(buf, " \t"); p != NULL; p = strtok(NULL, " \t")) { if (i >= MAXPV - 1) @@ -3138,7 +3148,8 @@ switch_map_open(map, mode) if (maptype[mapno] == NULL) continue; - (void) sprintf(nbuf, "%s.%s", map->map_mname, maptype[mapno]); + (void) snprintf(nbuf, sizeof nbuf, "%s.%s", + map->map_mname, maptype[mapno]); s = stab(nbuf, ST_MAP, ST_FIND); if (s == NULL) { diff --git a/usr.sbin/sendmail/src/mci.c b/usr.sbin/sendmail/src/mci.c index ee0da2d1f32..beff0197735 100644 --- a/usr.sbin/sendmail/src/mci.c +++ b/usr.sbin/sendmail/src/mci.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)mci.c 8.22 (Berkeley) 11/18/95"; +static char sccsid[] = "@(#)mci.c 8.22.1.1 (Berkeley) 9/16/96"; #endif /* not lint */ #include "sendmail.h" @@ -372,24 +372,27 @@ mci_dump(mci, logit) sep = logit ? " " : "\n\t"; p = buf; - sprintf(p, "MCI@%x: ", mci); + snprintf(p, SPACELEFT(buf, p), "MCI@%x: ", mci); p += strlen(p); if (mci == NULL) { - sprintf(p, "NULL"); + snprintf(p, SPACELEFT(buf, p), "NULL"); goto printit; } - sprintf(p, "flags=%x, errno=%d, herrno=%d, exitstat=%d, state=%d, pid=%d,%s", + snprintf(p, SPACELEFT(buf, p), + "flags=%x, errno=%d, herrno=%d, exitstat=%d, state=%d, pid=%d,%s", mci->mci_flags, mci->mci_errno, mci->mci_herrno, mci->mci_exitstat, mci->mci_state, mci->mci_pid, sep); p += strlen(p); - sprintf(p, "maxsize=%ld, phase=%s, mailer=%s,%s", + snprintf(p, SPACELEFT(buf, p), + "maxsize=%ld, phase=%s, mailer=%s,%s", mci->mci_maxsize, mci->mci_phase == NULL ? "NULL" : mci->mci_phase, mci->mci_mailer == NULL ? "NULL" : mci->mci_mailer->m_name, sep); p += strlen(p); - sprintf(p, "host=%s, lastuse=%s", + snprintf(p, SPACELEFT(buf, p), + "host=%s, lastuse=%s", mci->mci_host == NULL ? "NULL" : mci->mci_host, ctime(&mci->mci_lastuse)); printit: diff --git a/usr.sbin/sendmail/src/mime.c b/usr.sbin/sendmail/src/mime.c index acbc04ca617..1c71a84ac6b 100644 --- a/usr.sbin/sendmail/src/mime.c +++ b/usr.sbin/sendmail/src/mime.c @@ -36,7 +36,7 @@ # include #ifndef lint -static char sccsid[] = "@(#)mime.c 8.30 (Berkeley) 10/31/95"; +static char sccsid[] = "@(#)mime.c 8.30.1.1 (Berkeley) 9/16/96"; #endif /* not lint */ /* @@ -222,7 +222,7 @@ mime8to7(mci, header, e, boundaries, flags) ** just copy it through. */ - sprintf(buf, "%.100s/%.100s", type, subtype); + snprintf(buf, sizeof buf, "%.100s/%.100s", type, subtype); if (wordinclass(buf, 'n') || (cte != NULL && !wordinclass(cte, 'e'))) flags |= M87F_NO8BIT; @@ -294,7 +294,7 @@ mime8to7(mci, header, e, boundaries, flags) { auto HDR *hdr = NULL; - sprintf(buf, "--%s", bbuf); + snprintf(buf, sizeof buf, "--%s", bbuf); putline(buf, mci); if (tTd(43, 35)) printf(" ...%s\n", buf); @@ -306,7 +306,7 @@ mime8to7(mci, header, e, boundaries, flags) putline("+++after putheader", mci); bt = mime8to7(mci, hdr, e, boundaries, flags); } - sprintf(buf, "--%s--", bbuf); + snprintf(buf, sizeof buf, "--%s--", bbuf); putline(buf, mci); if (tTd(43, 35)) printf(" ...%s\n", buf); @@ -435,7 +435,8 @@ mime8to7(mci, header, e, boundaries, flags) /* no encoding necessary */ if (cte != NULL) { - sprintf(buf, "Content-Transfer-Encoding: %.200s", cte); + snprintf(buf, sizeof buf, + "Content-Transfer-Encoding: %.200s", cte); putline(buf, mci); if (tTd(43, 36)) printf(" ...%s\n", buf); diff --git a/usr.sbin/sendmail/src/parseaddr.c b/usr.sbin/sendmail/src/parseaddr.c index f1bd16a219e..85f34a726a1 100644 --- a/usr.sbin/sendmail/src/parseaddr.c +++ b/usr.sbin/sendmail/src/parseaddr.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)parseaddr.c 8.87 (Berkeley) 11/29/95"; +static char sccsid[] = "@(#)parseaddr.c 8.87.1.1 (Berkeley) 9/16/96"; #endif /* not lint */ # include "sendmail.h" @@ -1212,7 +1212,8 @@ rewrite(pvp, ruleset, reclevel, e) { char mbuf[300]; - sprintf(mbuf, "%.80s map: lookup (%s): deferred", + snprintf(mbuf, sizeof mbuf, + "%.80s map: lookup (%s): deferred", mapname, shortenstring(buf, 203)); e->e_message = newstr(mbuf); diff --git a/usr.sbin/sendmail/src/queue.c b/usr.sbin/sendmail/src/queue.c index bd89a31806a..eb5176eade9 100644 --- a/usr.sbin/sendmail/src/queue.c +++ b/usr.sbin/sendmail/src/queue.c @@ -36,9 +36,9 @@ #ifndef lint #ifdef QUEUE -static char sccsid[] = "@(#)queue.c 8.98.1.1 (Berkeley) 2/18/96 (with queueing)"; +static char sccsid[] = "@(#)queue.c 8.98.1.3 (Berkeley) 9/16/96 (with queueing)"; #else -static char sccsid[] = "@(#)queue.c 8.98.1.1 (Berkeley) 2/18/96 (without queueing)"; +static char sccsid[] = "@(#)queue.c 8.98.1.3 (Berkeley) 9/16/96 (without queueing)"; #endif #endif /* not lint */ @@ -66,7 +66,7 @@ typedef struct work WORK; WORK *WorkQ; /* queue of things to be done */ -#define QF_VERSION 1 /* version number of this queue format */ +#define QF_VERSION 2 /* version number of this queue format */ #if !defined(NGROUPS_MAX) && defined(NGROUPS) # define NGROUPS_MAX NGROUPS /* POSIX naming convention */ @@ -458,9 +458,11 @@ printctladdr(a, tfp) FILE *tfp; { char *uname; + char *paddr; register struct passwd *pw; register ADDRESS *q; uid_t uid; + gid_t gid; static ADDRESS *lastctladdr; static uid_t lastuid; @@ -477,9 +479,17 @@ printctladdr(a, tfp) /* find the active uid */ q = getctladdr(a); if (q == NULL) + { + uname = NULL; uid = 0; + gid = 0; + } else + { + uname = q->q_ruser != NULL ? q->q_ruser : q->q_user; uid = q->q_uid; + gid = q->q_gid; + } a = a->q_alias; /* check to see if this is the same as last time */ @@ -489,12 +499,12 @@ printctladdr(a, tfp) lastuid = uid; lastctladdr = a; - if (uid == 0 || (pw = sm_getpwuid(uid)) == NULL) - uname = ""; + paddr = denlstring(a->q_paddr, TRUE, FALSE); + if (uid == 0 || uname == NULL || uname[0] == '\0') + fprintf(tfp, "C:%s\n", paddr); else - uname = pw->pw_name; - - fprintf(tfp, "C%s:%s\n", uname, denlstring(a->q_paddr, TRUE, FALSE)); + fprintf(tfp, "C%s:%ld:%ld:%s\n", + uname, (long) uid, (long) gid, paddr); } /* ** RUNQUEUE -- run the jobs in the queue. @@ -1299,7 +1309,7 @@ readqf(e) bool nomore = FALSE; char qf[20]; char buf[MAXLINE]; - extern ADDRESS *setctluser(); + extern ADDRESS *setctluser __P((char *, int)); extern void loseqfile(); /* @@ -1421,7 +1431,7 @@ readqf(e) break; case 'C': /* specify controlling user */ - ctladdr = setctluser(&bp[1]); + ctladdr = setctluser(&bp[1], qfver); break; case 'Q': /* original recipient */ @@ -1876,7 +1886,7 @@ queuename(e, type) c1 = 'A'; c2 = 'A' - 1; } - (void) sprintf(qf, "qf%cAA%05d", c0, pid); + (void) snprintf(qf, sizeof qf, "qf%cAA%05d", c0, pid); while (c1 < '~' || c2 < 'Z') { @@ -1933,7 +1943,7 @@ queuename(e, type) if (type == '\0') return (NULL); - (void) sprintf(buf, "%cf%s", type, e->e_id); + (void) snprintf(buf, sizeof buf, "%cf%s", type, e->e_id); if (tTd(7, 2)) printf("queuename: %s\n", buf); return (buf); @@ -1984,6 +1994,7 @@ unlockqueue(e) ** ** Parameters: ** user -- the user name of the controlling user. +** qfver -- the version stamp of this qf file. ** ** Returns: ** An address descriptor for the controlling user. @@ -1993,8 +2004,9 @@ unlockqueue(e) */ ADDRESS * -setctluser(user) +setctluser(user, qfver) char *user; + int qfver; { register ADDRESS *a; struct passwd *pw; @@ -2014,26 +2026,40 @@ setctluser(user) a = (ADDRESS *) xalloc(sizeof *a); bzero((char *) a, sizeof *a); - p = strchr(user, ':'); - if (p != NULL) - *p++ = '\0'; - if (*user != '\0' && (pw = sm_getpwnam(user)) != NULL) + if (*user == '\0') { - if (strcmp(pw->pw_dir, "/") == 0) - a->q_home = ""; - else - a->q_home = newstr(pw->pw_dir); - a->q_uid = pw->pw_uid; - a->q_gid = pw->pw_gid; - a->q_flags |= QGOODUID; + p = NULL; + a->q_user = newstr(DefUser); } - - if (*user != '\0') - a->q_user = newstr(user); - else if (p != NULL) + else if (*user == ':') + { + p = &user[1]; a->q_user = newstr(p); + } else - a->q_user = newstr(DefUser); + { + p = strtok(user, ":"); + a->q_user = newstr(user); + if (qfver >= 2) + { + if ((p = strtok(NULL, ":")) != NULL) + a->q_uid = atoi(p); + if ((p = strtok(NULL, ":")) != NULL) + a->q_gid = atoi(p); + if ((p = strtok(NULL, ":")) != NULL) + a->q_flags |= QGOODUID; + } + else if ((pw = sm_getpwnam(user)) != NULL) + { + if (strcmp(pw->pw_dir, "/") == 0) + a->q_home = ""; + else + a->q_home = newstr(pw->pw_dir); + a->q_uid = pw->pw_uid; + a->q_gid = pw->pw_gid; + a->q_flags |= QGOODUID; + } + } a->q_flags |= QPRIMARY; /* flag as a "ctladdr" */ a->q_mailer = LocalMailer; diff --git a/usr.sbin/sendmail/src/recipient.c b/usr.sbin/sendmail/src/recipient.c index 90e3e5a4353..4675247e11c 100644 --- a/usr.sbin/sendmail/src/recipient.c +++ b/usr.sbin/sendmail/src/recipient.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)recipient.c 8.108 (Berkeley) 10/30/95"; +static char sccsid[] = "@(#)recipient.c 8.108.1.1 (Berkeley) 9/12/96"; #endif /* not lint */ # include "sendmail.h" @@ -499,7 +499,7 @@ recipient(a, sendq, aliaslevel, e) /* warning -- finduser may trash buf */ pw = finduser(buf, &fuzzy); - if (pw == NULL) + if (pw == NULL || strlen(pw->pw_name) > MAXNAME) { a->q_flags |= QBADADDR; a->q_status = "5.1.1"; diff --git a/usr.sbin/sendmail/src/savemail.c b/usr.sbin/sendmail/src/savemail.c index 78c9149980b..b7098789581 100644 --- a/usr.sbin/sendmail/src/savemail.c +++ b/usr.sbin/sendmail/src/savemail.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)savemail.c 8.87 (Berkeley) 10/28/95"; +static char sccsid[] = "@(#)savemail.c 8.87.1.2 (Berkeley) 9/16/96"; #endif /* not lint */ # include "sendmail.h" @@ -376,8 +376,7 @@ savemail(e, sendbody) break; } - strcpy(buf, _PATH_VARTMP); - strcat(buf, "dead.letter"); + snprintf(buf, sizeof buf, "%sdead.letter", _PATH_VARTMP); sfflags = SFF_NOSLINK|SFF_CREAT|SFF_REGONLY|SFF_ROOTOK|SFF_OPENASROOT; if (!writable(buf, NULL, sfflags) || @@ -555,10 +554,10 @@ returntosender(msg, returnq, sendbody, e) { addheader("MIME-Version", "1.0", &ee->e_header); - (void) sprintf(buf, "%s.%ld/%.100s", + (void) snprintf(buf, sizeof buf, "%s.%ld/%.100s", ee->e_id, curtime(), MyHostName); ee->e_msgboundary = newstr(buf); - (void) sprintf(buf, + (void) snprintf(buf, sizeof buf, #if DSN "multipart/report; report-type=delivery-status;\n\tboundary=\"%s\"", #else @@ -592,11 +591,12 @@ returntosender(msg, returnq, sendbody, e) } else { - sprintf(buf, "Returned mail: %.*s", sizeof buf - 20, msg); + snprintf(buf, sizeof buf, "Returned mail: %.*s", + sizeof buf - 20, msg); addheader("Subject", buf, &ee->e_header); p = "failure"; } - (void) sprintf(buf, "auto-generated (%s)", p); + (void) snprintf(buf, sizeof buf, "auto-generated (%s)", p); addheader("Auto-Submitted", buf, &ee->e_header); /* fake up an address header for the from person */ @@ -690,7 +690,7 @@ errbody(mci, e, separator) { putline("This is a MIME-encapsulated message", mci); putline("", mci); - (void) sprintf(buf, "--%s", e->e_msgboundary); + (void) snprintf(buf, sizeof buf, "--%s", e->e_msgboundary); putline(buf, mci); putline("", mci); } @@ -715,7 +715,7 @@ errbody(mci, e, separator) mci); putline("", mci); } - sprintf(buf, "The original message was received at %s", + snprintf(buf, sizeof buf, "The original message was received at %s", arpadate(ctime(&e->e_parent->e_ctime))); putline(buf, mci); expand("from \201_", buf, sizeof buf, e->e_parent); @@ -790,11 +790,12 @@ errbody(mci, e, separator) printheader = FALSE; } - sprintf(buf, "%s (%s)", shortenstring(q->q_paddr, 203), p); + snprintf(buf, sizeof buf, "%s (%s)", + shortenstring(q->q_paddr, 203), p); putline(buf, mci); if (q->q_alias != NULL) { - sprintf(buf, " (expanded from: %s)", + snprintf(buf, sizeof buf, " (expanded from: %s)", shortenstring(q->q_alias->q_paddr, 203)); putline(buf, mci); } @@ -837,7 +838,7 @@ errbody(mci, e, separator) if (e->e_msgboundary != NULL) { putline("", mci); - (void) sprintf(buf, "--%s", e->e_msgboundary); + (void) snprintf(buf, sizeof buf, "--%s", e->e_msgboundary); putline(buf, mci); putline("Content-Type: message/delivery-status", mci); putline("", mci); @@ -849,13 +850,13 @@ errbody(mci, e, separator) /* original envelope id from MAIL FROM: line */ if (e->e_parent->e_envid != NULL) { - (void) sprintf(buf, "Original-Envelope-Id: %.800s", + (void) snprintf(buf, sizeof buf, "Original-Envelope-Id: %.800s", xuntextify(e->e_parent->e_envid)); putline(buf, mci); } /* Reporting-MTA: is us (required) */ - (void) sprintf(buf, "Reporting-MTA: dns; %.800s", MyHostName); + (void) snprintf(buf, sizeof buf, "Reporting-MTA: dns; %.800s", MyHostName); putline(buf, mci); /* DSN-Gateway: not relevant since we are not translating */ @@ -867,13 +868,13 @@ errbody(mci, e, separator) if (e->e_parent->e_from.q_mailer == NULL || (p = e->e_parent->e_from.q_mailer->m_mtatype) == NULL) p = "dns"; - (void) sprintf(buf, "Received-From-MTA: %s; %.800s", + (void) snprintf(buf, sizeof buf, "Received-From-MTA: %s; %.800s", p, RealHostName); putline(buf, mci); } /* Arrival-Date: -- when it arrived here */ - (void) sprintf(buf, "Arrival-Date: %s", + (void) snprintf(buf, sizeof buf, "Arrival-Date: %s", arpadate(ctime(&e->e_parent->e_ctime))); putline(buf, mci); @@ -911,7 +912,7 @@ errbody(mci, e, separator) /* Original-Recipient: -- passed from on high */ if (q->q_orcpt != NULL) { - (void) sprintf(buf, "Original-Recipient: %.800s", + (void) snprintf(buf, sizeof buf, "Original-Recipient: %.800s", q->q_orcpt); putline(buf, mci); } @@ -924,12 +925,14 @@ errbody(mci, e, separator) continue; if (strchr(r->q_user, '@') == NULL) { - (void) sprintf(buf, "Final-Recipient: %s; %.700s@%.100s", + (void) snprintf(buf, sizeof buf, + "Final-Recipient: %s; %.700s@%.100s", p, r->q_user, MyHostName); } else { - (void) sprintf(buf, "Final-Recipient: %s; %.800s", + (void) snprintf(buf, sizeof buf, + "Final-Recipient: %s; %.800s", p, r->q_user); } putline(buf, mci); @@ -939,31 +942,33 @@ errbody(mci, e, separator) { if (strchr(q->q_user, '@') == NULL) { - (void) sprintf(buf, "X-Actual-Recipient: %s; %.700s@%.100s", + (void) snprintf(buf, sizeof buf, + "X-Actual-Recipient: %s; %.700s@%.100s", p, q->q_user, MyHostName); } else { - (void) sprintf(buf, "X-Actual-Recipient: %s; %.800s", + (void) snprintf(buf, sizeof buf, + "X-Actual-Recipient: %s; %.800s", p, q->q_user); } putline(buf, mci); } /* Action: -- what happened? */ - sprintf(buf, "Action: %s", action); + snprintf(buf, sizeof buf, "Action: %s", action); putline(buf, mci); /* Status: -- what _really_ happened? */ - strcpy(buf, "Status: "); if (q->q_status != NULL) - strcat(buf, q->q_status); + p = q->q_status; else if (bitset(QBADADDR, q->q_flags)) - strcat(buf, "5.0.0"); + p = "5.0.0"; else if (bitset(QQUEUEUP, q->q_flags)) - strcat(buf, "4.0.0"); + p = "4.0.0"; else - strcat(buf, "2.0.0"); + p = "2.0.0"; + snprintf(buf, sizeof buf, "Status: %s", p); putline(buf, mci); /* Remote-MTA: -- who was I talking to? */ @@ -972,7 +977,8 @@ errbody(mci, e, separator) if (q->q_mailer == NULL || (p = q->q_mailer->m_mtatype) == NULL) p = "dns"; - (void) sprintf(buf, "Remote-MTA: %s; %.800s", + (void) snprintf(buf, sizeof buf, + "Remote-MTA: %s; %.800s", p, q->q_statmta); p = &buf[strlen(buf) - 1]; if (*p == '.') @@ -986,7 +992,8 @@ errbody(mci, e, separator) p = q->q_mailer->m_diagtype; if (p == NULL) p = "smtp"; - (void) sprintf(buf, "Diagnostic-Code: %s; %.800s", + (void) snprintf(buf, sizeof buf, + "Diagnostic-Code: %s; %.800s", p, q->q_rstatus); putline(buf, mci); } @@ -994,7 +1001,8 @@ errbody(mci, e, separator) /* Last-Attempt-Date: -- fine granularity */ if (q->q_statdate == (time_t) 0L) q->q_statdate = curtime(); - (void) sprintf(buf, "Last-Attempt-Date: %s", + (void) snprintf(buf, sizeof buf, + "Last-Attempt-Date: %s", arpadate(ctime(&q->q_statdate))); putline(buf, mci); @@ -1006,7 +1014,8 @@ errbody(mci, e, separator) xdate = e->e_parent->e_ctime + TimeOuts.to_q_return[e->e_parent->e_timeoutclass]; - sprintf(buf, "Will-Retry-Until: %s", + snprintf(buf, sizeof buf, + "Will-Retry-Until: %s", arpadate(ctime(&xdate))); putline(buf, mci); } @@ -1034,10 +1043,11 @@ errbody(mci, e, separator) } else { - (void) sprintf(buf, "--%s", e->e_msgboundary); + (void) snprintf(buf, sizeof buf, "--%s", + e->e_msgboundary); putline(buf, mci); - (void) sprintf(buf, "Content-Type: %s", + (void) snprintf(buf, sizeof buf, "Content-Type: %s", sendbody ? "message/rfc822" : "text/rfc822-headers"); putline(buf, mci); @@ -1049,7 +1059,7 @@ errbody(mci, e, separator) p = "8bit"; if (p != NULL) { - (void) sprintf(buf, "Content-Transfer-Encoding: %s", + (void) snprintf(buf, sizeof buf, "Content-Transfer-Encoding: %s", p); putline(buf, mci); } @@ -1072,7 +1082,7 @@ errbody(mci, e, separator) if (e->e_msgboundary != NULL) { putline("", mci); - (void) sprintf(buf, "--%s--", e->e_msgboundary); + (void) snprintf(buf, sizeof buf, "--%s--", e->e_msgboundary); putline(buf, mci); } putline("", mci); @@ -1351,6 +1361,7 @@ pruneroute(addr) char *start, *at, *comma; char c; int rcode; + int i; char hostbuf[BUFSIZ]; char *mxhosts[MAXMXHOSTS + 1]; @@ -1363,8 +1374,11 @@ pruneroute(addr) return FALSE; /* slice off the angle brackets */ + i = strlen(at + 1); + if (i >= (SIZE_T) sizeof hostbuf) + return FALSE; strcpy(hostbuf, at + 1); - hostbuf[strlen(hostbuf) - 1] = '\0'; + hostbuf[i - 1] = '\0'; while (start) { @@ -1376,10 +1390,11 @@ pruneroute(addr) c = *start; *start = '\0'; comma = strrchr(addr, ','); - if (comma && comma[1] == '@') + if (comma != NULL && comma[1] == '@' && + strlen(comma + 2) < (SIZE_T) sizeof hostbuf) strcpy(hostbuf, comma + 2); else - comma = 0; + comma = NULL; *start = c; start = comma; } diff --git a/usr.sbin/sendmail/src/sendmail.h b/usr.sbin/sendmail/src/sendmail.h index 9de20ca4b23..0f171587356 100644 --- a/usr.sbin/sendmail/src/sendmail.h +++ b/usr.sbin/sendmail/src/sendmail.h @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * @(#)sendmail.h 8.159 (Berkeley) 11/18/95 + * @(#)sendmail.h 8.159.1.3 (Berkeley) 9/16/96 */ /* @@ -41,7 +41,7 @@ # ifdef _DEFINE # define EXTERN # ifndef lint -static char SmailSccsId[] = "@(#)sendmail.h 8.159 11/18/95"; +static char SmailSccsId[] = "@(#)sendmail.h 8.159.1.3 9/16/96"; # endif # else /* _DEFINE */ # define EXTERN extern @@ -121,6 +121,14 @@ typedef int BITMAP[BITMAPBYTES / sizeof (int)]; /* clear an entire bit map */ #define clrbitmap(map) bzero((char *) map, BITMAPBYTES) + + +/* +** Utility macros +*/ + +/* return number of bytes left in a buffer */ +#define SPACELEFT(buf, ptr) (sizeof buf - ((ptr) - buf)) /* ** Address structure. ** Addresses are stored internally in this structure. @@ -1199,6 +1207,7 @@ extern void setclass __P((int, char *)); extern void inittimeouts __P((char *)); extern void logdelivery __P((MAILER *, MCI *, const char *, ADDRESS *, time_t, ENVELOPE *)); extern void giveresponse __P((int, MAILER *, MCI *, ADDRESS *, time_t, ENVELOPE *)); +extern void buildfname __P((char *, char *, char *, int)); extern const char *errstring __P((int)); extern sigfunc_t setsignal __P((int, sigfunc_t)); @@ -1228,10 +1237,10 @@ extern void nmessage(); #if !HASSNPRINTF # ifdef __STDC__ -extern void snprintf(char *, size_t, const char *, ...); -extern void vsnprintf(char *, size_t, const char *, va_list); +extern int snprintf(char *, size_t, const char *, ...); +extern int vsnprintf(char *, size_t, const char *, va_list); # else -extern void snprintf(); -extern void vsnprintf(); +extern int snprintf(); +extern int vsnprintf(); # endif #endif diff --git a/usr.sbin/sendmail/src/udb.c b/usr.sbin/sendmail/src/udb.c index 1bcf68c3424..15327554c66 100644 --- a/usr.sbin/sendmail/src/udb.c +++ b/usr.sbin/sendmail/src/udb.c @@ -36,9 +36,9 @@ #ifndef lint #if USERDB -static char sccsid [] = "@(#)udb.c 8.33 (Berkeley) 11/29/95 (with USERDB)"; +static char sccsid [] = "@(#)udb.c 8.33.1.2 (Berkeley) 9/16/96 (with USERDB)"; #else -static char sccsid [] = "@(#)udb.c 8.33 (Berkeley) 11/29/95 (without USERDB)"; +static char sccsid [] = "@(#)udb.c 8.33.1.2 (Berkeley) 9/16/96 (without USERDB)"; #endif #endif @@ -359,7 +359,7 @@ udbexpand(a, sendq, aliaslevel, e) a->q_user, hes_error()); continue; } - sprintf(info.data, "%s@%s", + snprintf(pobuf, sizeof pobuf, "%s@%s", hp->po_name, hp->po_host); info.size = strlen(info.data); #else @@ -438,7 +438,8 @@ udbexpand(a, sendq, aliaslevel, e) user = buf; else user = xalloc(i + 1); - (void) sprintf(user, "%s@%s", a->q_user, up->udb_fwdhost); + (void) snprintf(user, i, "%s@%s", + a->q_user, up->udb_fwdhost); message("expanded to %s", user); a->q_flags &= ~QSELFREF; naddrs = sendtolist(user, a, sendq, aliaslevel + 1, e); @@ -1044,6 +1045,8 @@ hes_udb_get(key, info) char *p, **hp; char kbuf[MAXKEY + 1]; + if (strlen(key->data) >= (SIZE_T) sizeof kbuf) + return 0; strcpy(kbuf, key->data); name = kbuf; type = strrchr(name, ':'); diff --git a/usr.sbin/sendmail/src/usersmtp.c b/usr.sbin/sendmail/src/usersmtp.c index d33bd5ed3d8..c858658107d 100644 --- a/usr.sbin/sendmail/src/usersmtp.c +++ b/usr.sbin/sendmail/src/usersmtp.c @@ -36,9 +36,9 @@ #ifndef lint #ifdef SMTP -static char sccsid[] = "@(#)usersmtp.c 8.65 (Berkeley) 9/28/95 (with SMTP)"; +static char sccsid[] = "@(#)usersmtp.c 8.65.1.2 (Berkeley) 9/16/96 (with SMTP)"; #else -static char sccsid[] = "@(#)usersmtp.c 8.65 (Berkeley) 9/28/95 (without SMTP)"; +static char sccsid[] = "@(#)usersmtp.c 8.65.1.2 (Berkeley) 9/16/96 (without SMTP)"; #endif #endif /* not lint */ @@ -332,6 +332,7 @@ smtpmailfrom(m, mci, e) ENVELOPE *e; { int r; + int l; char *bufp; char *bodytype; char buf[MAXNAME + 1]; @@ -342,9 +343,10 @@ smtpmailfrom(m, mci, e) /* set up appropriate options to include */ if (bitset(MCIF_SIZE, mci->mci_flags) && e->e_msgsize > 0) - sprintf(optbuf, " SIZE=%ld", e->e_msgsize); + snprintf(optbuf, sizeof optbuf, " SIZE=%ld", e->e_msgsize); else strcpy(optbuf, ""); + l = sizeof optbuf - strlen(optbuf) - 1; bodytype = e->e_bodytype; if (bitset(MCIF_8BITMIME, mci->mci_flags)) @@ -359,6 +361,7 @@ smtpmailfrom(m, mci, e) { strcat(optbuf, " BODY="); strcat(optbuf, bodytype); + l -= strlen(optbuf); } } else if (bitnset(M_8BITS, m->m_flags) || @@ -387,20 +390,22 @@ smtpmailfrom(m, mci, e) if (bitset(MCIF_DSN, mci->mci_flags)) { - if (e->e_envid != NULL) + if (e->e_envid != NULL && strlen(e->e_envid) < (SIZE_T) l) { strcat(optbuf, " ENVID="); strcat(optbuf, e->e_envid); + l -= strlen(optbuf); } /* RET= parameter */ - if (bitset(EF_RET_PARAM, e->e_flags)) + if (bitset(EF_RET_PARAM, e->e_flags) && l >= 9) { strcat(optbuf, " RET="); if (bitset(EF_NO_BODY_RETN, e->e_flags)) strcat(optbuf, "HDRS"); else strcat(optbuf, "FULL"); + l -= 9; } } @@ -516,10 +521,12 @@ smtprcpt(to, m, mci, e) ENVELOPE *e; { register int r; + int l; char optbuf[MAXLINE]; extern char *smtptodsn(); strcpy(optbuf, ""); + l = sizeof optbuf - 1; if (bitset(MCIF_DSN, mci->mci_flags)) { /* NOTIFY= parameter */ @@ -550,13 +557,15 @@ smtprcpt(to, m, mci, e) } if (firstone) strcat(optbuf, "NEVER"); + l -= strlen(optbuf); } /* ORCPT= parameter */ - if (to->q_orcpt != NULL) + if (to->q_orcpt != NULL && strlen(to->q_orcpt) + 7 < l) { strcat(optbuf, " ORCPT="); strcat(optbuf, to->q_orcpt); + l -= strlen(optbuf); } } @@ -921,14 +930,19 @@ reply(m, mci, e, timeout, pfunc) { char wbuf[MAXLINE]; char *p = wbuf; + int wbufleft = sizeof wbuf; if (e->e_to != NULL) { - sprintf(p, "%s... ", + int plen; + + snprintf(p, wbufleft, "%s... ", shortenstring(e->e_to, 203)); - p += strlen(p); + plen = strlen(p); + p += plen; + wbufleft -= plen; } - sprintf(p, "reply(%.100s) during %s", + snprintf(p, wbufleft, "reply(%.100s) during %s", mci->mci_host, SmtpPhase); checkfd012(wbuf); } @@ -992,7 +1006,7 @@ reply(m, mci, e, timeout, pfunc) /* save temporary failure messages for posterity */ if (SmtpReplyBuffer[0] == '4' && SmtpError[0] == '\0') - (void) strcpy(SmtpError, SmtpReplyBuffer); + snprintf(SmtpError, sizeof SmtpError, "%s", SmtpReplyBuffer); /* reply code 421 is "Service Shutting Down" */ if (r == SMTPCLOSING && mci->mci_state != MCIS_SSD) diff --git a/usr.sbin/sendmail/src/util.c b/usr.sbin/sendmail/src/util.c index 152f3243e53..13a9f50ea65 100644 --- a/usr.sbin/sendmail/src/util.c +++ b/usr.sbin/sendmail/src/util.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)util.c 8.84.1.2 (Berkeley) 3/4/96"; +static char sccsid[] = "@(#)util.c 8.84.1.4 (Berkeley) 9/16/96"; #endif /* not lint */ # include "sendmail.h" @@ -374,6 +374,7 @@ makelower(p) ** p -- name to build. ** login -- the login name of this user (for &). ** buf -- place to put the result. +** buflen -- length of buf. ** ** Returns: ** none. @@ -383,11 +384,11 @@ makelower(p) */ void -buildfname(gecos, login, buf, bufsiz) +buildfname(gecos, login, buf, buflen) register char *gecos; char *login; char *buf; - int bufsiz; + int buflen; { register char *p; register char *bp = buf; @@ -396,13 +397,13 @@ buildfname(gecos, login, buf, bufsiz) gecos++; for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%' - && ((bp - buf) <= (bufsiz - 1)); p++) + && ((bp - buf) <= (buflen - 1)); p++) { if (*p == '&') { - (void) strncpy(bp, login, (bufsiz - (bp - buf) - 1)); - buf[bufsiz - 1] = '\0'; + snprintf(bp, SPACELEFT(buf, bp), "%s", login); *bp = toupper(*bp); + bp += strlen(bp); while (*bp != '\0') bp++; } @@ -1521,14 +1522,15 @@ dumpfd(fd, printclosed, logit) extern char *hostnamebyanyaddr(); p = buf; - sprintf(p, "%3d: ", fd); + snprintf(p, SPACELEFT(buf, p), "%3d: ", fd); p += strlen(p); if (fstat(fd, &st) < 0) { if (printclosed || errno != EBADF) { - sprintf(p, "CANNOT STAT (%s)", errstring(errno)); + snprintf(p, SPACELEFT(buf, p), "CANNOT STAT (%s)", + errstring(errno)); goto printit; } return; @@ -1537,73 +1539,75 @@ dumpfd(fd, printclosed, logit) slen = fcntl(fd, F_GETFL, NULL); if (slen != -1) { - sprintf(p, "fl=0x%x, ", slen); + snprintf(p, SPACELEFT(buf, p), "fl=0x%x, ", slen); p += strlen(p); } - sprintf(p, "mode=%o: ", st.st_mode); + snprintf(p, SPACELEFT(buf, p), "mode=%o: ", st.st_mode); p += strlen(p); switch (st.st_mode & S_IFMT) { #ifdef S_IFSOCK case S_IFSOCK: - sprintf(p, "SOCK "); + snprintf(p, SPACELEFT(buf, p), "SOCK "); p += strlen(p); slen = sizeof sa; if (getsockname(fd, &sa.sa, &slen) < 0) - sprintf(p, "(%s)", errstring(errno)); + snprintf(p, SPACELEFT(buf, p), "(%s)", errstring(errno)); else { hp = hostnamebyanyaddr(&sa); if (sa.sa.sa_family == AF_INET) - sprintf(p, "%s/%d", hp, ntohs(sa.sin.sin_port)); + snprintf(p, SPACELEFT(buf, p), "%s/%d", + hp, ntohs(sa.sin.sin_port)); else - sprintf(p, "%s", hp); + snprintf(p, SPACELEFT(buf, p), "%s", hp); } p += strlen(p); - sprintf(p, "->"); + snprintf(p, SPACELEFT(buf, p), "->"); p += strlen(p); slen = sizeof sa; if (getpeername(fd, &sa.sa, &slen) < 0) - sprintf(p, "(%s)", errstring(errno)); + snprintf(p, SPACELEFT(buf, p), "(%s)", errstring(errno)); else { hp = hostnamebyanyaddr(&sa); if (sa.sa.sa_family == AF_INET) - sprintf(p, "%s/%d", hp, ntohs(sa.sin.sin_port)); + snprintf(p, SPACELEFT(buf, p), "%s/%d", + hp, ntohs(sa.sin.sin_port)); else - sprintf(p, "%s", hp); + snprintf(p, SPACELEFT(buf, p), "%s", hp); } break; #endif case S_IFCHR: - sprintf(p, "CHR: "); + snprintf(p, SPACELEFT(buf, p), "CHR: "); p += strlen(p); goto defprint; case S_IFBLK: - sprintf(p, "BLK: "); + snprintf(p, SPACELEFT(buf, p), "BLK: "); p += strlen(p); goto defprint; #if defined(S_IFIFO) && (!defined(S_IFSOCK) || S_IFIFO != S_IFSOCK) case S_IFIFO: - sprintf(p, "FIFO: "); + snprintf(p, SPACELEFT(buf, p), "FIFO: "); p += strlen(p); goto defprint; #endif #ifdef S_IFDIR case S_IFDIR: - sprintf(p, "DIR: "); + snprintf(p, SPACELEFT(buf, p), "DIR: "); p += strlen(p); goto defprint; #endif #ifdef S_IFLNK case S_IFLNK: - sprintf(p, "LNK: "); + snprintf(p, SPACELEFT(buf, p), "LNK: "); p += strlen(p); goto defprint; #endif @@ -1614,7 +1618,7 @@ defprint: fmtstr = "dev=%d/%d, ino=%d, nlink=%d, u/gid=%d/%d, size=%qd"; else fmtstr = "dev=%d/%d, ino=%d, nlink=%d, u/gid=%d/%d, size=%ld"; - sprintf(p, fmtstr, + snprintf(p, SPACELEFT(buf, p), fmtstr, major(st.st_dev), minor(st.st_dev), st.st_ino, st.st_nlink, st.st_uid, st.st_gid, st.st_size); break; @@ -1847,6 +1851,7 @@ prog_open(argv, pfd, e) ** delim -- the delimiter between columns. If null, ** use white space. ** buf -- the output buffer. +** buflen -- the length of buf. ** ** Returns: ** buf if successful. @@ -1854,11 +1859,12 @@ prog_open(argv, pfd, e) */ char * -get_column(line, col, delim, buf) +get_column(line, col, delim, buf, buflen) char line[]; int col; char delim; char buf[]; + int buflen; { char *p; char *begin, *end; @@ -1901,14 +1907,13 @@ get_column(line, col, delim, buf) end = strpbrk(begin, delimbuf); if (end == NULL) - { - strcpy(buf, begin); - } + i = strlen(buf); else - { - strncpy(buf, begin, end - begin); - buf[end - begin] = '\0'; - } + i = end - begin; + if (i >= buflen) + i = buflen - 1; + strncpy(buf, begin, i); + buf[i] = '\0'; return buf; } /* diff --git a/usr.sbin/sendmail/src/version.c b/usr.sbin/sendmail/src/version.c index 3c6f7d18fa7..6197db912f9 100644 --- a/usr.sbin/sendmail/src/version.c +++ b/usr.sbin/sendmail/src/version.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)version.c 8.7.5.1 (Berkeley) 3/4/96"; +static char sccsid[] = "@(#)version.c 8.7.6.4 (Berkeley) 9/17/96"; #endif /* not lint */ -char Version[] = "8.7.5"; +char Version[] = "8.7.6"; -- 2.20.1