[1150] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Re: sendmail-8.7.5

daemon@ATHENA.MIT.EDU (Matt)
Thu Sep 12 16:01:14 1996

To: linux-security@tarsier.cv.nrao.edu
From: panzer@dhp.com (Matt)
Date: 12 Sep 1996 13:08:03 -0400

Patches for Sendmail-8.7.5 to incorporate the buildfname buflen check
from sendmail-8.8-beta2.  Tossed together when I should have been at
work on 12 Sep 1996.  -Matt (panzer@dhp.com)  http://www.dhp.com/
-------------------------------SNIP-----------------------------------
diff -u --recursive ../../sendmail-8.7.5/src/envelope.c ./envelope.c
--- ../../sendmail-8.7.5/src/envelope.c	Sat Nov 11 14:07:50 1995
+++ ./envelope.c	Thu Sep 12 12:12:05 1996
@@ -777,7 +777,7 @@
 			    strcmp(pw->pw_name, e->e_from.q_user) == 0 &&
 			    !internal)
 			{
-				buildfname(pw->pw_gecos, e->e_from.q_user, buf);
+				buildfname(pw->pw_gecos, e->e_from.q_user, buf, sizeof buf);
 				if (buf[0] != '\0')
 					FullName = newstr(buf);
 			}
diff -u --recursive ../../sendmail-8.7.5/src/recipient.c ./recipient.c
--- ../../sendmail-8.7.5/src/recipient.c	Mon Oct 30 15:44:17 1995
+++ ./recipient.c	Thu Sep 12 12:11:11 1996
@@ -535,7 +535,7 @@
 			a->q_gid = pw->pw_gid;
 			a->q_ruser = newstr(pw->pw_name);
 			a->q_flags |= QGOODUID;
-			buildfname(pw->pw_gecos, pw->pw_name, nbuf);
+			buildfname(pw->pw_gecos, pw->pw_name, nbuf, sizeof nbuf);
 			if (nbuf[0] != '\0')
 				a->q_fullname = newstr(nbuf);
 			if (!usershellok(pw->pw_name, pw->pw_shell))
@@ -743,7 +743,7 @@
 		}
 # endif
 
-		buildfname(pw->pw_gecos, pw->pw_name, buf);
+		buildfname(pw->pw_gecos, pw->pw_name, buf, sizeof buf);
 		if (strchr(buf, ' ') != NULL && !strcasecmp(buf, name))
 		{
 			if (tTd(29, 4))
diff -u --recursive ../../sendmail-8.7.5/src/util.c ./util.c
--- ../../sendmail-8.7.5/src/util.c	Mon Mar  4 12:13:21 1996
+++ ./util.c	Thu Sep 12 12:23:12 1996
@@ -383,10 +383,11 @@
 */
 
 void
-buildfname(gecos, login, buf)
+buildfname(gecos, login, buf,buflen)
 	register char *gecos;
 	char *login;
 	char *buf;
+        int buflen;
 {
 	register char *p;
 	register char *bp = buf;
@@ -404,7 +405,22 @@
 		else
 			l++;
 	}
-
+        if (l > buflen - 1)
+	  {
+	    /* not a good sign */
+	    if (strlen(gecos) > (SIZE_T) buflen - 1)
+	      {
+		/* even worse */
+		strncpy(buf, gecos, buflen - 1);
+		buf[buflen - 1] = '\0';
+	      }
+	    else
+	      {
+		strcpy(buf, gecos);
+	      }
+	    return;
+	  }
+	
 	/* now fill in buf */
 	for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++)
 	{
-- 
 -Matt (panzer@dhp.com)  --  DataHaven Project - http://www.dhp.com/
  "That which can never be enforced should not be prohibited."

home help back first fref pref prev next nref lref last post