From 3f340dd3df4202ff287b9818d36419d051474fa9 Mon Sep 17 00:00:00 2001 From: deraadt Date: Sat, 4 Mar 2000 01:10:06 +0000 Subject: [PATCH] handle corrupt inetd.conf files better; sdb@ssr.com --- usr.sbin/inetd/inetd.c | 89 ++++++++++++++++++++++++++---------------- 1 file changed, 56 insertions(+), 33 deletions(-) diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index da569e91ee0..0f6acabfa2f 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inetd.c,v 1.60 2000/02/01 03:23:58 deraadt Exp $ */ +/* $OpenBSD: inetd.c,v 1.61 2000/03/04 01:10:06 deraadt Exp $ */ /* $NetBSD: inetd.c,v 1.11 1996/02/22 11:14:41 mycroft Exp $ */ /* * Copyright (c) 1983,1991 The Regents of the University of California. @@ -41,7 +41,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)inetd.c 5.30 (Berkeley) 6/3/91";*/ -static char rcsid[] = "$OpenBSD: inetd.c,v 1.60 2000/02/01 03:23:58 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: inetd.c,v 1.61 2000/03/04 01:10:06 deraadt Exp $"; #endif /* not lint */ /* @@ -332,7 +332,7 @@ main(argc, argv, envp) break; } syslog(LOG_ERR, - "-R %s: bad value for service invocation rate", + "-R %s: bad value for service invocation rate", optarg); break; } @@ -854,7 +854,7 @@ config(sig) cp = cp->se_next; free(tmp); } else { - free (cp); + free(cp); cp = getconfigent(); } if (debug) @@ -1124,7 +1124,7 @@ matchconf (old, new) FILE *fconfig = NULL; char line[1024]; char *defhost; -char *skip __P((char **)); +char *skip __P((char **, int)); char *nextline __P((FILE *)); char *newstr __P((char *)); struct servtab *dupconfig __P((struct servtab *)); @@ -1160,7 +1160,7 @@ getconfigent() { register struct servtab *sep; int argc; - char *cp, *arg; + char *cp, *arg, *s; char *hostdelim; struct servtab *nsep; struct servtab *psep; @@ -1171,7 +1171,10 @@ getconfigent() exit(-1); } + memset(sep, 0, sizeof *sep); more: + freeconfig(sep); + #ifdef MULOG while ((cp = nextline(fconfig)) && *cp == '#') { /* Avoid use of `skip' if there is a danger of it looking @@ -1182,7 +1185,7 @@ more: } while (*cp == ' ' || *cp == '\t'); if (*cp == '\0') continue; - if ((arg = skip(&cp)) == NULL) + if ((arg = skip(&cp, 0)) == NULL) continue; if (strcmp(arg, "DOMAIN")) continue; @@ -1204,10 +1207,13 @@ more: while ((cp = nextline(fconfig)) && *cp == '#') ; #endif - if (cp == NULL) + if (cp == NULL) { + free(sep); return (NULL); + } + memset((char *)sep, 0, sizeof *sep); - arg = skip(&cp); + arg = skip(&cp, 0); if (arg == NULL) { /* A blank line. */ goto more; @@ -1224,10 +1230,10 @@ more: * default host for the following lines. */ if (*arg == '\0') { - arg = skip(&cp); + arg = skip(&cp, 0); if (cp == NULL) { free(defhost); - defhost = sep->se_hostaddr; + defhost = newstr(sep->se_hostaddr); goto more; } } @@ -1235,7 +1241,8 @@ more: sep->se_hostaddr = newstr(defhost); sep->se_service = newstr(arg); - arg = skip(&cp); + if ((arg = skip(&cp, 1)) == NULL) + goto more; if (strcmp(arg, "stream") == 0) sep->se_socktype = SOCK_STREAM; @@ -1250,7 +1257,11 @@ more: else sep->se_socktype = -1; - sep->se_proto = newstr(skip(&cp)); + if ((arg = skip(&cp, 1)) == NULL) + goto more; + + sep->se_proto = newstr(arg); + if (strcmp(sep->se_proto, "unix") == 0) { sep->se_family = AF_UNIX; } else { @@ -1287,19 +1298,21 @@ more: goto badafterall; } } - arg = skip(&cp); + arg = skip(&cp, 1); if (arg == NULL) goto more; - { - char *s = strchr(arg, '.'); - if (s) { - *s++ = '\0'; - sep->se_max = atoi(s); - } else - sep->se_max = toomany; - } + + s = strchr(arg, '.'); + if (s) { + *s++ = '\0'; + sep->se_max = atoi(s); + } else + sep->se_max = toomany; + sep->se_wait = strcmp(arg, "wait") == 0; - sep->se_user = newstr(skip(&cp)); + if ((arg = skip(&cp, 1)) == NULL) + goto more; + sep->se_user = newstr(arg); arg = strchr(sep->se_user, '.'); if (arg == NULL) arg = strchr(sep->se_user, ':'); @@ -1307,9 +1320,12 @@ more: *arg++ = '\0'; sep->se_group = newstr(arg); } - sep->se_server = newstr(skip(&cp)); + if ((arg = skip(&cp, 1)) == NULL) + goto more; + + sep->se_server = newstr(arg); if (strcmp(sep->se_server, "internal") == 0) { - register struct biltin *bi; + struct biltin *bi; for (bi = biltins; bi->bi_service; bi++) if (bi->bi_socktype == sep->se_socktype && @@ -1325,7 +1341,7 @@ more: } else sep->se_bi = NULL; argc = 0; - for (arg = skip(&cp); cp; arg = skip(&cp)) { + for (arg = skip(&cp, 0); cp; arg = skip(&cp, 0)) { #if MULOG char *colon; @@ -1491,15 +1507,20 @@ freeconfig(cp) } char * -skip(cpp) +skip(cpp, report) char **cpp; + int report; { - register char *cp = *cpp; + char *cp = *cpp; char *start; - if (*cpp == NULL) - return (NULL); - +erp: + if (*cpp == NULL) { + if (report) + syslog(LOG_ERR, "syntax error in inetd config file"); + return (NULL); + } + again: while (*cp == ' ' || *cp == '\t') cp++; @@ -1512,14 +1533,16 @@ again: if ((cp = nextline(fconfig))) goto again; *cpp = NULL; - return (NULL); + goto erp; } start = cp; while (*cp && *cp != ' ' && *cp != '\t') cp++; if (*cp != '\0') *cp++ = '\0'; - *cpp = cp; + if ((*cpp = cp) == NULL) + goto erp; + return (start); } -- 2.20.1