[1150] in linux-security and linux-alert archive
Re: [linux-security] Re: sendmail-8.7.5
daemon@ATHENA.MIT.EDU (Matt)
Thu Sep 12 16:01:14 1996
To: linux-security@tarsier.cv.nrao.edu
From: panzer@dhp.com (Matt)
Date: 12 Sep 1996 13:08:03 -0400
Patches for Sendmail-8.7.5 to incorporate the buildfname buflen check
from sendmail-8.8-beta2. Tossed together when I should have been at
work on 12 Sep 1996. -Matt (panzer@dhp.com) http://www.dhp.com/
-------------------------------SNIP-----------------------------------
diff -u --recursive ../../sendmail-8.7.5/src/envelope.c ./envelope.c
--- ../../sendmail-8.7.5/src/envelope.c Sat Nov 11 14:07:50 1995
+++ ./envelope.c Thu Sep 12 12:12:05 1996
@@ -777,7 +777,7 @@
strcmp(pw->pw_name, e->e_from.q_user) == 0 &&
!internal)
{
- buildfname(pw->pw_gecos, e->e_from.q_user, buf);
+ buildfname(pw->pw_gecos, e->e_from.q_user, buf, sizeof buf);
if (buf[0] != '\0')
FullName = newstr(buf);
}
diff -u --recursive ../../sendmail-8.7.5/src/recipient.c ./recipient.c
--- ../../sendmail-8.7.5/src/recipient.c Mon Oct 30 15:44:17 1995
+++ ./recipient.c Thu Sep 12 12:11:11 1996
@@ -535,7 +535,7 @@
a->q_gid = pw->pw_gid;
a->q_ruser = newstr(pw->pw_name);
a->q_flags |= QGOODUID;
- buildfname(pw->pw_gecos, pw->pw_name, nbuf);
+ buildfname(pw->pw_gecos, pw->pw_name, nbuf, sizeof nbuf);
if (nbuf[0] != '\0')
a->q_fullname = newstr(nbuf);
if (!usershellok(pw->pw_name, pw->pw_shell))
@@ -743,7 +743,7 @@
}
# endif
- buildfname(pw->pw_gecos, pw->pw_name, buf);
+ buildfname(pw->pw_gecos, pw->pw_name, buf, sizeof buf);
if (strchr(buf, ' ') != NULL && !strcasecmp(buf, name))
{
if (tTd(29, 4))
diff -u --recursive ../../sendmail-8.7.5/src/util.c ./util.c
--- ../../sendmail-8.7.5/src/util.c Mon Mar 4 12:13:21 1996
+++ ./util.c Thu Sep 12 12:23:12 1996
@@ -383,10 +383,11 @@
*/
void
-buildfname(gecos, login, buf)
+buildfname(gecos, login, buf,buflen)
register char *gecos;
char *login;
char *buf;
+ int buflen;
{
register char *p;
register char *bp = buf;
@@ -404,7 +405,22 @@
else
l++;
}
-
+ if (l > buflen - 1)
+ {
+ /* not a good sign */
+ if (strlen(gecos) > (SIZE_T) buflen - 1)
+ {
+ /* even worse */
+ strncpy(buf, gecos, buflen - 1);
+ buf[buflen - 1] = '\0';
+ }
+ else
+ {
+ strcpy(buf, gecos);
+ }
+ return;
+ }
+
/* now fill in buf */
for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++)
{
--
-Matt (panzer@dhp.com) -- DataHaven Project - http://www.dhp.com/
"That which can never be enforced should not be prohibited."