summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorfn <fn@cvs.openbsd.org>1996-09-19 06:45:09 +0000
committerfn <fn@cvs.openbsd.org>1996-09-19 06:45:09 +0000
commit836acd6372e410c23f3ed28a59ed17cfa6ed382c (patch)
tree7e94011b0a18d4a2efbc1a475f03256a80ad0ee6
parent9a6d574f58db401cf9c5101d10c5ca03d30fc5bf (diff)
bring up to 8.7.6
-rw-r--r--usr.sbin/sendmail/RELEASE_NOTES12
-rw-r--r--usr.sbin/sendmail/src/alias.c16
-rw-r--r--usr.sbin/sendmail/src/arpadate.c4
-rw-r--r--usr.sbin/sendmail/src/conf.c330
-rw-r--r--usr.sbin/sendmail/src/convtime.c17
-rw-r--r--usr.sbin/sendmail/src/daemon.c62
-rw-r--r--usr.sbin/sendmail/src/deliver.c104
-rw-r--r--usr.sbin/sendmail/src/domain.c17
-rw-r--r--usr.sbin/sendmail/src/envelope.c19
-rw-r--r--usr.sbin/sendmail/src/err.c41
-rw-r--r--usr.sbin/sendmail/src/headers.c43
-rw-r--r--usr.sbin/sendmail/src/main.c19
-rw-r--r--usr.sbin/sendmail/src/map.c77
-rw-r--r--usr.sbin/sendmail/src/mci.c15
-rw-r--r--usr.sbin/sendmail/src/mime.c11
-rw-r--r--usr.sbin/sendmail/src/parseaddr.c5
-rw-r--r--usr.sbin/sendmail/src/queue.c84
-rw-r--r--usr.sbin/sendmail/src/recipient.c4
-rw-r--r--usr.sbin/sendmail/src/savemail.c91
-rw-r--r--usr.sbin/sendmail/src/sendmail.h21
-rw-r--r--usr.sbin/sendmail/src/udb.c11
-rw-r--r--usr.sbin/sendmail/src/usersmtp.c34
-rw-r--r--usr.sbin/sendmail/src/util.c69
-rw-r--r--usr.sbin/sendmail/src/version.c4
24 files changed, 757 insertions, 353 deletions
diff --git a/usr.sbin/sendmail/RELEASE_NOTES b/usr.sbin/sendmail/RELEASE_NOTES
index 7f212ec3e48..a4daceaf313 100644
--- a/usr.sbin/sendmail/RELEASE_NOTES
+++ b/usr.sbin/sendmail/RELEASE_NOTES
@@ -1,11 +1,21 @@
SENDMAIL RELEASE NOTES
- @(#)RELEASE_NOTES 8.7.5.1 (Berkeley) 3/4/96
+ @(#)RELEASE_NOTES 8.7.6.4 (Berkeley) 9/16/96
This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
+8.7.6/8.7.3 96/09/17
+ SECURITY: It is possible to force getpwuid to fail when writing the
+ queue file, causing sendmail to fall back to running programs
+ as the default user. This is not exploitable from off-site.
+ Workarounds include using a unique user for the DefaultUser
+ (old u & g options) and using smrsh as the local shell.
+ SECURITY: fix some buffer overruns; in at least one case this allows
+ a local user to get root. This is not known to be exploitable
+ from off-site. The workaround is to disable chfn(1) commands.
+
8.7.5/8.7.3 96/03/04
Fix glitch in 8.7.4 when putting certain internal lines; this can
in some case cause connections to hang. Patch from Eric
diff --git a/usr.sbin/sendmail/src/alias.c b/usr.sbin/sendmail/src/alias.c
index 2bc4487d4a3..62b6af96de4 100644
--- a/usr.sbin/sendmail/src/alias.c
+++ b/usr.sbin/sendmail/src/alias.c
@@ -35,7 +35,7 @@
# include "sendmail.h"
#ifndef lint
-static char sccsid[] = "@(#)alias.c 8.52 (Berkeley) 10/28/95";
+static char sccsid[] = "@(#)alias.c 8.52.1.3 (Berkeley) 9/16/96";
#endif /* not lint */
@@ -77,7 +77,7 @@ alias(a, sendq, aliaslevel, e)
int naliases;
char *owner;
auto int stat = EX_OK;
- char obuf[MAXNAME + 6];
+ char obuf[MAXNAME + 7];
extern char *aliaslookup();
if (tTd(27, 1))
@@ -147,7 +147,8 @@ alias(a, sendq, aliaslevel, e)
*/
(void) strcpy(obuf, "owner-");
- if (strncmp(a->q_user, "owner-", 6) == 0)
+ if (strncmp(a->q_user, "owner-", 6) == 0 ||
+ strlen(a->q_user) > (SIZE_T) sizeof obuf - 7)
(void) strcat(obuf, "owner");
else
(void) strcat(obuf, a->q_user);
@@ -258,7 +259,7 @@ setalias(spec)
return;
}
}
- (void) sprintf(buf, "Alias%d", NAliasFileMaps);
+ (void) snprintf(buf, sizeof buf, "Alias%d", NAliasFileMaps);
s = stab(buf, ST_MAP, ST_ENTER);
map = &s->s_map;
bzero(map, sizeof *map);
@@ -397,9 +398,8 @@ aliaswait(map, ext, isopen)
return isopen;
}
mtime = stb.st_mtime;
- (void) strcpy(buf, map->map_file);
- if (ext != NULL)
- (void) strcat(buf, ext);
+ snprintf(buf, sizeof buf, "%s%s",
+ map->map_file, ext == NULL ? "" : ext);
if (stat(buf, &stb) < 0 || stb.st_mtime < mtime || attimeout)
{
/* database is out of date */
@@ -507,8 +507,6 @@ rebuildaliases(map, automatic)
return;
}
- /* avoid denial-of-service attacks */
- resetlimits();
oldsigint = setsignal(SIGINT, SIG_IGN);
oldsigquit = setsignal(SIGQUIT, SIG_IGN);
#ifdef SIGTSTP
diff --git a/usr.sbin/sendmail/src/arpadate.c b/usr.sbin/sendmail/src/arpadate.c
index f6764704db0..b207654f313 100644
--- a/usr.sbin/sendmail/src/arpadate.c
+++ b/usr.sbin/sendmail/src/arpadate.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)arpadate.c 8.4 (Berkeley) 4/21/95";
+static char sccsid[] = "@(#)arpadate.c 8.4.1.1 (Berkeley) 9/16/96";
#endif /* not lint */
# include "sendmail.h"
@@ -208,7 +208,7 @@ arpadate(ud)
{
*q++ = ' ';
*q++ = '(';
- while (*tz != '\0')
+ while (*tz != '\0' && q < &b[sizeof b - 3])
*q++ = *tz++;
*q++ = ')';
}
diff --git a/usr.sbin/sendmail/src/conf.c b/usr.sbin/sendmail/src/conf.c
index 1f426fd74e7..fa4a2897182 100644
--- a/usr.sbin/sendmail/src/conf.c
+++ b/usr.sbin/sendmail/src/conf.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)conf.c 8.243 (Berkeley) 11/20/95";
+static char sccsid[] = "@(#)conf.c 8.243.1.9 (Berkeley) 9/17/96";
#endif /* not lint */
# include "sendmail.h"
@@ -250,10 +250,9 @@ setdefuser()
static char defuserbuf[40];
DefUser = defuserbuf;
- if ((defpwent = sm_getpwuid(DefUid)) != NULL)
- strcpy(defuserbuf, defpwent->pw_name);
- else
- strcpy(defuserbuf, "nobody");
+ defpwent = sm_getpwuid(DefUid);
+ snprintf(defuserbuf, sizeof defuserbuf, "%s",
+ defpwent == NULL ? "nobody" : defpwent->pw_name);
}
/*
** HOST_MAP_INIT -- initialize host class structures
@@ -2385,53 +2384,303 @@ vsprintf(s, fmt, ap)
/*
** SNPRINTF, VSNPRINT -- counted versions of printf
**
-** These are at best crude emulations.
+** These versions have been grabbed off the net. They have been
+** cleaned up to compile properly and support for .precision and
+** %lx has been added.
*/
#if !HASSNPRINTF
-void
+/**************************************************************
+ * Original:
+ * Patrick Powell Tue Apr 11 09:48:21 PDT 1995
+ * A bombproof version of doprnt (dopr) included.
+ * Sigh. This sort of thing is always nasty do deal with. Note that
+ * the version here does not include floating point...
+ *
+ * snprintf() is used instead of sprintf() as it does limit checks
+ * for string length. This covers a nasty loophole.
+ *
+ * The other functions are there to prevent NULL pointers from
+ * causing nast effects.
+ **************************************************************/
+
+/*static char _id[] = "$Id: conf.c,v 1.3 1996/09/19 06:44:53 fn Exp $";*/
+static void dopr();
+static char *end;
+
+/* VARARGS3 */
+int
# ifdef __STDC__
-snprintf(char *buf, size_t bufsize, const char *fmt, ...)
+snprintf(char *str, size_t count, const char *fmt, ...)
# else
-snprintf(buf, bufsize, fmt, va_alist)
- char *buf;
- size_t bufsize;
+snprintf(str, count, fmt, va_alist)
+ char *str;
+ size_t count;
const char *fmt;
va_dcl
-# endif
+#endif
{
- VA_LOCAL_DECL
+ VA_LOCAL_DECL
- VA_START(fmt);
- vsprintf(buf, fmt, ap);
- VA_END;
-# if defined(XDEBUG) && defined(LOG)
- if (strlen(buf) > bufsize)
- syslog(LOG_ALERT, "INTERNAL ERROR: snprintf overflow: %s",
- shortenstring(buf, 200));
-# endif
+ VA_START (fmt);
+ (void) vsnprintf ( str, count, fmt, ap);
+ VA_END;
+ return( strlen( str ) );
}
-#ifndef luna2
-void
-vsnprintf(buf, bufsize, fmt, ap)
- char *buf;
- size_t bufsize;
- const char *fmt;
- va_list ap;
+# ifndef luna2
+int
+vsnprintf(str, count, fmt, args)
+ char *str;
+ size_t count;
+ const char *fmt;
+ va_list args;
{
- vsprintf(buf, fmt, ap);
-# if defined(XDEBUG) && defined(LOG)
- if (strlen(buf) > bufsize)
- syslog(LOG_ALERT, "INTERNAL ERROR: vsnprintf overflow: %s",
- shortenstring(buf, 200));
-# endif
+ str[0] = 0;
+ end = str+count-1;
+ dopr( str, fmt, args );
+ if( count>0 ){
+ end[0] = 0;
+ }
+ return(strlen(str));
}
-#endif
+/*
+ * dopr(): poor man's version of doprintf
+ */
+
+static void fmtstr __P((char *value, int ljust, int len, int zpad, int maxwidth));
+static void fmtnum __P((long value, int base, int dosign, int ljust, int len, int zpad));
+static void dostr __P(( char * , int ));
+static char *output;
+static void dopr_outch __P(( int c ));
+
+static void
+dopr( buffer, format, args )
+ char *buffer;
+ char *format;
+ va_list args;
+{
+ int ch;
+ long value;
+ int longflag = 0;
+ int pointflag = 0;
+ int maxwidth = 0;
+ char *strvalue;
+ int ljust;
+ int len;
+ int zpad;
+
+ output = buffer;
+ while( (ch = *format++) ){
+ switch( ch ){
+ case '%':
+ ljust = len = zpad = maxwidth = 0;
+ longflag = pointflag = 0;
+ nextch:
+ ch = *format++;
+ switch( ch ){
+ case 0:
+ dostr( "**end of format**" , 0);
+ return;
+ case '-': ljust = 1; goto nextch;
+ case '0': /* set zero padding if len not set */
+ if(len==0 && !pointflag) zpad = '0';
+ case '1': case '2': case '3':
+ case '4': case '5': case '6':
+ case '7': case '8': case '9':
+ if (pointflag)
+ maxwidth = maxwidth*10 + ch - '0';
+ else
+ len = len*10 + ch - '0';
+ goto nextch;
+ case '*':
+ if (pointflag)
+ maxwidth = va_arg( args, int );
+ else
+ len = va_arg( args, int );
+ goto nextch;
+ case '.': pointflag = 1; goto nextch;
+ case 'l': longflag = 1; goto nextch;
+ case 'u': case 'U':
+ /*fmtnum(value,base,dosign,ljust,len,zpad) */
+ if( longflag ){
+ value = va_arg( args, long );
+ } else {
+ value = va_arg( args, int );
+ }
+ fmtnum( value, 10,0, ljust, len, zpad ); break;
+ case 'o': case 'O':
+ /*fmtnum(value,base,dosign,ljust,len,zpad) */
+ if( longflag ){
+ value = va_arg( args, long );
+ } else {
+ value = va_arg( args, int );
+ }
+ fmtnum( value, 8,0, ljust, len, zpad ); break;
+ case 'd': case 'D':
+ if( longflag ){
+ value = va_arg( args, long );
+ } else {
+ value = va_arg( args, int );
+ }
+ fmtnum( value, 10,1, ljust, len, zpad ); break;
+ case 'x':
+ if( longflag ){
+ value = va_arg( args, long );
+ } else {
+ value = va_arg( args, int );
+ }
+ fmtnum( value, 16,0, ljust, len, zpad ); break;
+ case 'X':
+ if( longflag ){
+ value = va_arg( args, long );
+ } else {
+ value = va_arg( args, int );
+ }
+ fmtnum( value,-16,0, ljust, len, zpad ); break;
+ case 's':
+ strvalue = va_arg( args, char *);
+ if (maxwidth > 0 || !pointflag)
+ fmtstr( strvalue,ljust,len,zpad, maxwidth);
+ break;
+ case 'c':
+ ch = va_arg( args, int );
+ dopr_outch( ch ); break;
+ case '%': dopr_outch( ch ); continue;
+ default:
+ dostr( "???????" , 0);
+ }
+ break;
+ default:
+ dopr_outch( ch );
+ break;
+ }
+ }
+ *output = 0;
+}
+
+static void
+fmtstr( value, ljust, len, zpad, maxwidth )
+ char *value;
+ int ljust, len, zpad, maxwidth;
+{
+ int padlen, strlen; /* amount to pad */
+
+ if( value == 0 ){
+ value = "<NULL>";
+ }
+ for( strlen = 0; value[strlen]; ++ strlen ); /* strlen */
+ if (strlen > maxwidth && maxwidth)
+ strlen = maxwidth;
+ padlen = len - strlen;
+ if( padlen < 0 ) padlen = 0;
+ if( ljust ) padlen = -padlen;
+ while( padlen > 0 ) {
+ dopr_outch( ' ' );
+ --padlen;
+ }
+ dostr( value, maxwidth );
+ while( padlen < 0 ) {
+ dopr_outch( ' ' );
+ ++padlen;
+ }
+}
+
+static void
+fmtnum( value, base, dosign, ljust, len, zpad )
+ long value;
+ int base, dosign, ljust, len, zpad;
+{
+ int signvalue = 0;
+ unsigned long uvalue;
+ char convert[20];
+ int place = 0;
+ int padlen = 0; /* amount to pad */
+ int caps = 0;
+
+ /* DEBUGP(("value 0x%x, base %d, dosign %d, ljust %d, len %d, zpad %d\n",
+ value, base, dosign, ljust, len, zpad )); */
+ uvalue = value;
+ if( dosign ){
+ if( value < 0 ) {
+ signvalue = '-';
+ uvalue = -value;
+ }
+ }
+ if( base < 0 ){
+ caps = 1;
+ base = -base;
+ }
+ do{
+ convert[place++] =
+ (caps? "0123456789ABCDEF":"0123456789abcdef")
+ [uvalue % (unsigned)base ];
+ uvalue = (uvalue / (unsigned)base );
+ }while(uvalue);
+ convert[place] = 0;
+ padlen = len - place;
+ if( padlen < 0 ) padlen = 0;
+ if( ljust ) padlen = -padlen;
+ /* DEBUGP(( "str '%s', place %d, sign %c, padlen %d\n",
+ convert,place,signvalue,padlen)); */
+ if( zpad && padlen > 0 ){
+ if( signvalue ){
+ dopr_outch( signvalue );
+ --padlen;
+ signvalue = 0;
+ }
+ while( padlen > 0 ){
+ dopr_outch( zpad );
+ --padlen;
+ }
+ }
+ while( padlen > 0 ) {
+ dopr_outch( ' ' );
+ --padlen;
+ }
+ if( signvalue ) dopr_outch( signvalue );
+ while( place > 0 ) dopr_outch( convert[--place] );
+ while( padlen < 0 ){
+ dopr_outch( ' ' );
+ ++padlen;
+ }
+}
+
+static void
+dostr( str , cut)
+ char *str;
+ int cut;
+{
+ if (cut) {
+ while(*str && cut-- > 0) dopr_outch(*str++);
+ } else {
+ while(*str) dopr_outch(*str++);
+ }
+}
+
+static void
+dopr_outch( c )
+ int c;
+{
+#if 0
+ if( iscntrl(c) && c != '\n' && c != '\t' ){
+ c = '@' + (c & 0x1F);
+ if( end == 0 || output < end ){
+ *output++ = '^';
+ }
+ }
#endif
+ if( end == 0 || output < end ){
+ *output++ = c;
+ }
+}
+
+# endif /* !luna2 */
+
+#endif /* !HASSNPRINTF */
/*
** USERSHELLOK -- tell if a user's shell is ok for unrestricted use
**
@@ -3062,6 +3311,9 @@ chownsafe(fd)
# endif
# include <sys/resource.h>
#endif
+#ifndef FD_SETSIZE
+# define FD_SETSIZE 256
+#endif
void
resetlimits()
@@ -3072,11 +3324,17 @@ resetlimits()
lim.rlim_cur = lim.rlim_max = RLIM_INFINITY;
(void) setrlimit(RLIMIT_CPU, &lim);
(void) setrlimit(RLIMIT_FSIZE, &lim);
+# ifdef RLIMIT_NOFILE
+ lim.rlim_cur = lim.rlim_max = FD_SETSIZE;
+ (void) setrlimit(RLIMIT_NOFILE, &lim);
+# endif
#else
# if HASULIMIT
(void) ulimit(2, 0x3fffff);
+ (void) ulimit(4, FD_SETSIZE);
# endif
#endif
+ errno = 0;
}
/*
** GETCFNAME -- return the name of the .cf file.
@@ -3509,7 +3767,7 @@ load_if_names()
ia = (((struct sockaddr_in *) sa)->sin_addr);
/* save IP address in text from */
- (void) sprintf(ip_addr, "[%.*s]",
+ (void) snprintf(ip_addr, sizeof ip_addr, "[%.*s]",
sizeof ip_addr - 3,
inet_ntoa(((struct sockaddr_in *) sa)->sin_addr));
if (!wordinclass(ip_addr, 'w'))
diff --git a/usr.sbin/sendmail/src/convtime.c b/usr.sbin/sendmail/src/convtime.c
index cb5792f6009..adc38f73ed5 100644
--- a/usr.sbin/sendmail/src/convtime.c
+++ b/usr.sbin/sendmail/src/convtime.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)convtime.c 8.4 (Berkeley) 5/19/95";
+static char sccsid[] = "@(#)convtime.c 8.4.1.1 (Berkeley) 9/16/96";
#endif /* not lint */
# include "sendmail.h"
@@ -163,37 +163,38 @@ pintvl(intvl, brief)
{
if (dy > 0)
{
- (void) sprintf(p, "%d+", dy);
+ (void) snprintf(p, SPACELEFT(buf, p), "%d+", dy);
p += strlen(p);
}
- (void) sprintf(p, "%02d:%02d:%02d", hr, mi, se);
+ (void) snprintf(p, SPACELEFT(buf, p), "%02d:%02d:%02d",
+ hr, mi, se);
return (buf);
}
/* use the verbose form */
if (wk > 0)
{
- (void) sprintf(p, ", %d week%s", wk, PLURAL(wk));
+ (void) snprintf(p, SPACELEFT(buf, p), ", %d week%s", wk, PLURAL(wk));
p += strlen(p);
}
if (dy > 0)
{
- (void) sprintf(p, ", %d day%s", dy, PLURAL(dy));
+ (void) snprintf(p, SPACELEFT(buf, p), ", %d day%s", dy, PLURAL(dy));
p += strlen(p);
}
if (hr > 0)
{
- (void) sprintf(p, ", %d hour%s", hr, PLURAL(hr));
+ (void) snprintf(p, SPACELEFT(buf, p), ", %d hour%s", hr, PLURAL(hr));
p += strlen(p);
}
if (mi > 0)
{
- (void) sprintf(p, ", %d minute%s", mi, PLURAL(mi));
+ (void) snprintf(p, SPACELEFT(buf, p), ", %d minute%s", mi, PLURAL(mi));
p += strlen(p);
}
if (se > 0)
{
- (void) sprintf(p, ", %d second%s", se, PLURAL(se));
+ (void) snprintf(p, SPACELEFT(buf, p), ", %d second%s", se, PLURAL(se));
p += strlen(p);
}
diff --git a/usr.sbin/sendmail/src/daemon.c b/usr.sbin/sendmail/src/daemon.c
index e6ffb52a015..48aafb70e01 100644
--- a/usr.sbin/sendmail/src/daemon.c
+++ b/usr.sbin/sendmail/src/daemon.c
@@ -37,9 +37,9 @@
#ifndef lint
#ifdef DAEMON
-static char sccsid[] = "@(#)daemon.c 8.119 (Berkeley) 11/29/95 (with daemon mode)";
+static char sccsid[] = "@(#)daemon.c 8.119.1.2 (Berkeley) 9/16/96 (with daemon mode)";
#else
-static char sccsid[] = "@(#)daemon.c 8.119 (Berkeley) 11/29/95 (without daemon mode)";
+static char sccsid[] = "@(#)daemon.c 8.119.1.2 (Berkeley) 9/16/96 (without daemon mode)";
#endif
#endif /* not lint */
@@ -1090,7 +1090,8 @@ getauthinfo(fd)
if (isatty(fd) || getpeername(fd, &RealHostAddr.sa, &falen) < 0 ||
falen <= 0 || RealHostAddr.sa.sa_family == 0)
{
- (void) sprintf(hbuf, "%s@localhost", RealUserName);
+ (void) snprintf(hbuf, sizeof hbuf, "%s@localhost",
+ RealUserName);
if (tTd(9, 1))
printf("getauthinfo: %s\n", hbuf);
return hbuf;
@@ -1115,7 +1116,7 @@ getauthinfo(fd)
}
/* create ident query */
- (void) sprintf(ibuf, "%d,%d\r\n",
+ (void) snprintf(ibuf, sizeof ibuf, "%d,%d\r\n",
ntohs(RealHostAddr.sin.sin_port), ntohs(la.sin.sin_port));
/* create local address */
@@ -1225,8 +1226,8 @@ getauthinfo(fd)
/* p now points to the authenticated name -- copy carefully */
cleanstrcpy(hbuf, p, MAXNAME);
i = strlen(hbuf);
- hbuf[i++] = '@';
- strcpy(&hbuf[i], RealHostName == NULL ? "localhost" : RealHostName);
+ snprintf(&hbuf[i], sizeof hbuf - i, "@%s",
+ RealHostName == NULL ? "localhost" : RealHostName);
goto postident;
closeident:
@@ -1240,7 +1241,7 @@ noident:
printf("getauthinfo: NULL\n");
return NULL;
}
- (void) strcpy(hbuf, RealHostName);
+ snprintf(hbuf, sizeof hbuf, "%s", RealHostName);
postident:
#if IP_SRCROUTE
@@ -1262,6 +1263,7 @@ postident:
int ipoptlen, j;
u_char *q;
u_char *o;
+ int l;
struct in_addr addr;
struct ipoption ipopt;
@@ -1287,10 +1289,14 @@ postident:
case IPOPT_SSRR:
case IPOPT_LSRR:
p = &hbuf[strlen(hbuf)];
- sprintf(p, " [%s@%.120s",
+ l = sizeof hbuf - (hbuf - p) - 6;
+ snprintf(p, SPACELEFT(hbuf, p), " [%s@%.*s",
*o == IPOPT_SSRR ? "!" : "",
+ l > 240 ? 120 : l / 2,
inet_ntoa(ipopt.ipopt_dst));
- p += strlen(p);
+ i = strlen(p);
+ p += i;
+ l -= strlen(p);
/* o[1] is option length */
j = *++o / sizeof(struct in_addr) - 1;
@@ -1300,10 +1306,15 @@ postident:
for ( ; j >= 0; j--)
{
memcpy(&addr, q, sizeof(addr));
- sprintf(p, "%c%.120s",
- j ? '@' : ':',
- inet_ntoa(addr));
- p += strlen(p);
+ snprintf(p, SPACELEFT(hbuf, p),
+ "%c%.*s",
+ j != 0 ? '@' : ':',
+ l > 240 ? 120 :
+ j == 0 ? l : l / 2,
+ inet_ntoa(addr));
+ i = strlen(p);
+ p += i;
+ l -= i + 1;
q += sizeof(struct in_addr);
}
o += *o;
@@ -1315,7 +1326,7 @@ postident:
break;
}
}
- strcat(hbuf,"]");
+ snprintf(p, SPACELEFT(hbuf, p), "]");
goto postipsr;
}
#endif
@@ -1324,7 +1335,8 @@ noipsr:
if (RealHostName != NULL && RealHostName[0] != '[')
{
p = &hbuf[strlen(hbuf)];
- (void) sprintf(p, " [%.100s]", anynet_ntoa(&RealHostAddr));
+ (void) snprintf(p, SPACELEFT(hbuf, p), " [%.100s]",
+ anynet_ntoa(&RealHostAddr));
}
postipsr:
@@ -1423,12 +1435,7 @@ host_map_lookup(map, name, av, statp)
printf("host_map_lookup(%s) => ", name);
s->s_namecanon.nc_flags |= NCF_VALID; /* will be soon */
if (strlen(name) < sizeof hbuf)
- (void) strcpy(hbuf, name);
- else
- {
- bcopy(name, hbuf, sizeof hbuf - 1);
- hbuf[sizeof hbuf - 1] = '\0';
- }
+ snprintf(hbuf, sizeof hbuf, "%s", name);
if (getcanonname(hbuf, sizeof hbuf - 1, !HasWildcardMX))
{
if (tTd(9, 1))
@@ -1538,9 +1545,10 @@ anynet_ntoa(sap)
#if NETUNIX
case AF_UNIX:
if (sap->sunix.sun_path[0] != '\0')
- sprintf(buf, "[UNIX: %.64s]", sap->sunix.sun_path);
+ snprintf(buf, sizeof buf, "[UNIX: %.64s]",
+ sap->sunix.sun_path);
else
- sprintf(buf, "[UNIX: localhost]");
+ snprintf(buf, sizeof buf, "[UNIX: localhost]");
return buf;
#endif
@@ -1551,7 +1559,7 @@ anynet_ntoa(sap)
#if NETLINK
case AF_LINK:
- sprintf(buf, "[LINK: %s]",
+ snprintf(buf, sizeof buf, "[LINK: %s]",
link_ntoa((struct sockaddr_dl *) &sap->sa));
return buf;
#endif
@@ -1562,12 +1570,12 @@ anynet_ntoa(sap)
}
/* unknown family -- just dump bytes */
- (void) sprintf(buf, "Family %d: ", sap->sa.sa_family);
+ (void) snprintf(buf, sizeof buf, "Family %d: ", sap->sa.sa_family);
bp = &buf[strlen(buf)];
ap = sap->sa.sa_data;
for (l = sizeof sap->sa.sa_data; --l >= 0; )
{
- (void) sprintf(bp, "%02x:", *ap++ & 0377);
+ (void) snprintf(bp, SPACELEFT(buf, bp), "%02x:", *ap++ & 0377);
bp += 3;
}
*--bp = '\0';
@@ -1639,7 +1647,7 @@ hostnamebyanyaddr(sap)
/* produce a dotted quad */
static char buf[203];
- (void) sprintf(buf, "[%.200s]", anynet_ntoa(sap));
+ (void) snprintf(buf, sizeof buf, "[%.200s]", anynet_ntoa(sap));
return buf;
}
}
diff --git a/usr.sbin/sendmail/src/deliver.c b/usr.sbin/sendmail/src/deliver.c
index 2435f047783..cfa2e965d13 100644
--- a/usr.sbin/sendmail/src/deliver.c
+++ b/usr.sbin/sendmail/src/deliver.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)deliver.c 8.185 (Berkeley) 11/18/95";
+static char sccsid[] = "@(#)deliver.c 8.185.1.2 (Berkeley) 9/16/96";
#endif /* not lint */
#include "sendmail.h"
@@ -322,8 +322,10 @@ sendall(e, mode)
char df1buf[20], df2buf[20];
ee->e_dfp = NULL;
- strcpy(df1buf, queuename(e, 'd'));
- strcpy(df2buf, queuename(ee, 'd'));
+ snprintf(df1buf, sizeof df1buf, "%s",
+ queuename(e, 'd'));
+ snprintf(df2buf, sizeof df2buf, "%s",
+ queuename(ee, 'd'));
if (link(df1buf, df2buf) < 0)
{
int saverrno = errno;
@@ -569,7 +571,8 @@ sendenvelope(e, mode)
#if XDEBUG
char wbuf[MAXNAME + 20];
- (void) sprintf(wbuf, "sendall(%.*s)", MAXNAME, q->q_paddr);
+ (void) snprintf(wbuf, sizeof wbuf, "sendall(%.*s)",
+ MAXNAME, q->q_paddr);
checkfd012(wbuf);
#endif
if (mode == SM_VERIFY)
@@ -776,9 +779,13 @@ deliver(e, firstto)
p = e->e_sender;
else
p = e->e_from.q_paddr;
- (void) strcpy(rpathbuf, remotename(p, m,
- RF_SENDERADDR|RF_CANONICAL,
- &rcode, e));
+ p = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e);
+ if (strlen(p) >= (SIZE_T) sizeof rpathbuf)
+ {
+ p = shortenstring(p, 203);
+ syserr("remotename: huge return %s", p);
+ }
+ snprintf(rpathbuf, sizeof rpathbuf, "%s", p);
define('g', rpathbuf, e); /* translated return path */
define('h', host, e); /* to host */
Errors = 0;
@@ -1087,7 +1094,7 @@ deliver(e, firstto)
char wbuf[MAXLINE];
/* make absolutely certain 0, 1, and 2 are in use */
- sprintf(wbuf, "%s... openmailer(%s)",
+ snprintf(wbuf, sizeof wbuf, "%s... openmailer(%s)",
shortenstring(e->e_to, 203), m->m_name);
checkfd012(wbuf);
}
@@ -1735,7 +1742,7 @@ tryhost:
char wbuf[MAXLINE];
/* make absolutely certain 0, 1, and 2 are in use */
- sprintf(wbuf, "%s... end of deliver(%s)",
+ snprintf(wbuf, sizeof wbuf, "%s... end of deliver(%s)",
e->e_to == NULL ? "NO-TO-LIST"
: shortenstring(e->e_to, 203),
m->m_name);
@@ -1851,7 +1858,7 @@ markfailure(e, q, mci, rcode)
{
char buf[30];
- (void) sprintf(buf, "%d", rcode);
+ (void) snprintf(buf, sizeof buf, "%d", rcode);
q->q_rstatus = newstr(buf);
}
}
@@ -1977,20 +1984,24 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
statmsg = "250 Sent";
if (e->e_statmsg != NULL)
{
- (void) sprintf(buf, "%s (%s)",
+ (void) snprintf(buf, sizeof buf, "%s (%s)",
statmsg, shortenstring(e->e_statmsg, 403));
statmsg = buf;
}
}
else if (i < 0 || i > N_SysEx)
{
- (void) sprintf(buf, "554 unknown mailer error %d", stat);
+ (void) snprintf(buf, sizeof buf, "554 unknown mailer error %d",
+ stat);
stat = EX_UNAVAILABLE;
statmsg = buf;
}
else if (stat == EX_TEMPFAIL)
{
- (void) strcpy(buf, SysExMsg[i] + 1);
+ char *bp = buf;
+
+ snprintf(bp, SPACELEFT(buf, bp), "%s", SysExMsg[i] + 1);
+ bp += strlen(bp);
#if NAMED_BIND
if (h_errno == TRY_AGAIN)
statmsg = errstring(h_errno+E_DNSBASE);
@@ -2009,17 +2020,15 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
}
}
if (statmsg != NULL && statmsg[0] != '\0')
- {
- (void) strcat(buf, ": ");
- (void) strcat(buf, statmsg);
- }
+ snprintf(bp, SPACELEFT(buf, bp), ": %s", statmsg);
statmsg = buf;
}
#if NAMED_BIND
else if (stat == EX_NOHOST && h_errno != 0)
{
statmsg = errstring(h_errno + E_DNSBASE);
- (void) sprintf(buf, "%s (%s)", SysExMsg[i] + 1, statmsg);
+ (void) snprintf(buf, sizeof buf, "%s (%s)",
+ SysExMsg[i] + 1, statmsg);
statmsg = buf;
}
#endif
@@ -2028,7 +2037,8 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
statmsg = SysExMsg[i];
if (*statmsg++ == ':')
{
- (void) sprintf(buf, "%s: %s", statmsg, errstring(errno));
+ (void) snprintf(buf, sizeof buf, "%s: %s",
+ statmsg, errstring(errno));
statmsg = buf;
}
}
@@ -2050,7 +2060,7 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
char mbuf[8];
Errors++;
- sprintf(mbuf, "%.3s %%s", statmsg);
+ snprintf(mbuf, sizeof mbuf, "%.3s %%s", statmsg);
usrerr(mbuf, &statmsg[4]);
}
@@ -2105,8 +2115,6 @@ giveresponse(stat, m, mci, ctladdr, xstart, e)
** none
*/
-#define SPACELEFT(bp) (sizeof buf - ((bp) - buf))
-
void
logdelivery(m, mci, stat, ctladdr, xstart, e)
MAILER *m;
@@ -2127,25 +2135,25 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
bp = buf;
if (ctladdr != NULL)
{
- strcpy(bp, ", ctladdr=");
- strcat(bp, shortenstring(ctladdr->q_paddr, 83));
+ snprintf(bp, SPACELEFT(buf, bp), ", ctladdr=%s",
+ shortenstring(ctladdr->q_paddr, 83));
bp += strlen(bp);
if (bitset(QGOODUID, ctladdr->q_flags))
{
- (void) snprintf(bp, SPACELEFT(bp), " (%d/%d)",
+ (void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)",
ctladdr->q_uid, ctladdr->q_gid);
bp += strlen(bp);
}
}
/* delay & xdelay: max 41 bytes */
- snprintf(bp, SPACELEFT(bp), ", delay=%s",
+ snprintf(bp, SPACELEFT(buf, bp), ", delay=%s",
pintvl(curtime() - e->e_ctime, TRUE));
bp += strlen(bp);
if (xstart != (time_t) 0)
{
- snprintf(bp, SPACELEFT(bp), ", xdelay=%s",
+ snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s",
pintvl(curtime() - xstart, TRUE));
bp += strlen(bp);
}
@@ -2153,7 +2161,7 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
/* mailer: assume about 19 bytes (max 10 byte mailer name) */
if (m != NULL)
{
- snprintf(bp, SPACELEFT(bp), ", mailer=%s", m->m_name);
+ snprintf(bp, SPACELEFT(buf, bp), ", mailer=%s", m->m_name);
bp += strlen(bp);
}
@@ -2164,14 +2172,14 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
extern SOCKADDR CurHostAddr;
# endif
- snprintf(bp, SPACELEFT(bp), ", relay=%s",
+ snprintf(bp, SPACELEFT(buf, bp), ", relay=%s",
shortenstring(mci->mci_host, 40));
bp += strlen(bp);
# ifdef DAEMON
if (CurHostAddr.sa.sa_family != 0)
{
- snprintf(bp, SPACELEFT(bp), " [%s]",
+ snprintf(bp, SPACELEFT(buf, bp), " [%s]",
anynet_ntoa(&CurHostAddr));
}
# endif
@@ -2182,7 +2190,7 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
if (p != NULL && p[0] != '\0')
{
- snprintf(bp, SPACELEFT(bp), ", relay=%s",
+ snprintf(bp, SPACELEFT(buf, bp), ", relay=%s",
shortenstring(p, 40));
}
}
@@ -2246,46 +2254,50 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
if (ctladdr != NULL)
{
bp = buf;
- strcpy(buf, "ctladdr=");
- bp += strlen(buf);
- strcpy(bp, shortenstring(ctladdr->q_paddr, 83));
- bp += strlen(buf);
+ snprintf(bp, SPACELEFT(buf, bp), "ctladdr=%s",
+ shortenstring(ctladdr->q_paddr, 83));
+ bp += strlen(bp);
if (bitset(QGOODUID, ctladdr->q_flags))
{
- (void) sprintf(bp, " (%d/%d)",
+ (void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)",
ctladdr->q_uid, ctladdr->q_gid);
bp += strlen(bp);
}
syslog(LOG_INFO, "%s: %s", e->e_id, buf);
}
bp = buf;
- sprintf(bp, "delay=%s", pintvl(curtime() - e->e_ctime, TRUE));
+ snprintf(bp, SPACELEFT(buf, bp), "delay=%s",
+ pintvl(curtime() - e->e_ctime, TRUE));
bp += strlen(bp);
if (xstart != (time_t) 0)
{
- sprintf(bp, ", xdelay=%s", pintvl(curtime() - xstart, TRUE));
+ snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s",
+ pintvl(curtime() - xstart, TRUE));
bp += strlen(bp);
}
if (m != NULL)
{
- sprintf(bp, ", mailer=%s", m->m_name);
+ snprintf(bp, SPACELEFT(buf, bp), ", mailer=%s", m->m_name);
bp += strlen(bp);
}
syslog(LOG_INFO, "%s: %.1000s", e->e_id, buf);
buf[0] = '\0';
+ bp = buf;
if (mci != NULL && mci->mci_host != NULL)
{
# ifdef DAEMON
extern SOCKADDR CurHostAddr;
# endif
- sprintf(buf, "relay=%.100s", mci->mci_host);
+ snprintf(bp, SPACELEFT(buf, bp), "relay=%.100s", mci->mci_host);
+ bp += strlen(bp);
# ifdef DAEMON
if (CurHostAddr.sa.sa_family != 0)
- sprintf(bp, " [%.100s]", anynet_ntoa(&CurHostAddr));
+ snprintf(bp, SPACELEFT(buf, bp), " [%.100s]",
+ anynet_ntoa(&CurHostAddr));
# endif
}
else if (strcmp(stat, "queued") != 0)
@@ -2293,7 +2305,7 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
char *p = macvalue('h', e);
if (p != NULL && p[0] != '\0')
- sprintf(buf, "relay=%.100s", p);
+ snprintf(buf, sizeof buf, "relay=%.100s", p);
}
if (buf[0] != '\0')
syslog(LOG_INFO, "%s: %.1000s", e->e_id, buf);
@@ -2302,8 +2314,6 @@ logdelivery(m, mci, stat, ctladdr, xstart, e)
# endif /* short log buffer */
# endif /* LOG */
}
-
-#undef SPACELEFT
/*
** PUTFROMLINE -- output a UNIX-style from line (or whatever)
**
@@ -2351,7 +2361,8 @@ putfromline(mci, e)
else
{
*bang++ = '\0';
- (void) sprintf(xbuf, "From %.800s \201d remote from %.100s\n",
+ (void) snprintf(xbuf, sizeof xbuf,
+ "From %.800s \201d remote from %.100s\n",
bang, buf);
template = xbuf;
}
@@ -2440,7 +2451,8 @@ putbody(mci, e, separator)
if (hvalue("Content-Type", e->e_header) == NULL)
{
- sprintf(buf, "Content-Type: text/plain; charset=%s",
+ snprintf(buf, sizeof buf,
+ "Content-Type: text/plain; charset=%s",
defcharset(e));
putline(buf, mci);
}
diff --git a/usr.sbin/sendmail/src/domain.c b/usr.sbin/sendmail/src/domain.c
index ffe1bbf400b..da43406689b 100644
--- a/usr.sbin/sendmail/src/domain.c
+++ b/usr.sbin/sendmail/src/domain.c
@@ -36,9 +36,9 @@
#ifndef lint
#if NAMED_BIND
-static char sccsid[] = "@(#)domain.c 8.54 (Berkeley) 9/28/95 (with name server)";
+static char sccsid[] = "@(#)domain.c 8.54.1.2 (Berkeley) 9/16/96 (with name server)";
#else
-static char sccsid[] = "@(#)domain.c 8.54 (Berkeley) 9/28/95 (without name server)";
+static char sccsid[] = "@(#)domain.c 8.54.1.2 (Berkeley) 9/16/96 (without name server)";
#endif
#endif /* not lint */
@@ -339,7 +339,13 @@ punt:
host, MyHostName);
return -1;
}
- strcpy(MXHostBuf, host);
+ if (strlen(host) >= (SIZE_T) sizeof MXHostBuf)
+ {
+ *rcode = EX_CONFIG;
+ syserr("Host name %s too long", shortenstring(host, 203));
+ return -1;
+ }
+ snprintf(MXHostBuf, sizeof MXHostBuf, "%s", host);
mxhosts[0] = MXHostBuf;
if (host[0] == '[')
{
@@ -733,7 +739,8 @@ cnameloop:
{
char ebuf[MAXLINE];
- sprintf(ebuf, "Deferred: DNS failure: CNAME loop for %.100s",
+ snprintf(ebuf, sizeof ebuf,
+ "Deferred: DNS failure: CNAME loop for %.100s",
host);
CurEnv->e_message = newstr(ebuf);
}
@@ -809,7 +816,7 @@ cnameloop:
** Otherwise append the saved domain name.
*/
- (void) sprintf(nbuf, "%.*s%s%.*s", MAXDNAME, host,
+ (void) snprintf(nbuf, sizeof nbuf, "%.*s%s%.*s", MAXDNAME, host,
*mxmatch == '\0' ? "" : ".",
MAXDNAME, mxmatch);
strncpy(host, nbuf, hbsize);
diff --git a/usr.sbin/sendmail/src/envelope.c b/usr.sbin/sendmail/src/envelope.c
index 1cd3b56f76d..a22f73caa85 100644
--- a/usr.sbin/sendmail/src/envelope.c
+++ b/usr.sbin/sendmail/src/envelope.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)envelope.c 8.76 (Berkeley) 11/11/95";
+static char sccsid[] = "@(#)envelope.c 8.76.1.2 (Berkeley) 9/16/96";
#endif /* not lint */
#include "sendmail.h"
@@ -179,7 +179,7 @@ dropenvelope(e)
/* nothing to do */ ;
else if (curtime() > e->e_ctime + TimeOuts.to_q_return[e->e_timeoutclass])
{
- (void) sprintf(buf, "Cannot send message for %s",
+ (void) snprintf(buf, sizeof buf, "Cannot send message for %s",
pintvl(TimeOuts.to_q_return[e->e_timeoutclass], FALSE));
if (e->e_message != NULL)
free(e->e_message);
@@ -223,7 +223,7 @@ dropenvelope(e)
(strlen(e->e_from.q_paddr) <= (SIZE_T) 8 ||
strcasecmp(&e->e_from.q_paddr[strlen(e->e_from.q_paddr) - 8], "-request") != 0))
{
- (void) sprintf(buf,
+ (void) snprintf(buf, sizeof buf,
"Warning: could not send message for past %s",
pintvl(TimeOuts.to_q_warning[e->e_timeoutclass], FALSE));
if (e->e_message != NULL)
@@ -452,11 +452,11 @@ initsys(e)
*/
/* process id */
- (void) sprintf(pbuf, "%d", getpid());
+ (void) snprintf(pbuf, sizeof pbuf, "%d", getpid());
define('p', newstr(pbuf), e);
/* hop count */
- (void) sprintf(cbuf, "%d", e->e_hopcount);
+ (void) snprintf(cbuf, sizeof cbuf, "%d", e->e_hopcount);
define('c', newstr(cbuf), e);
/* time as integer, unix time, arpa time */
@@ -471,7 +471,7 @@ initsys(e)
{
if (strrchr(p, '/') != NULL)
p = strrchr(p, '/') + 1;
- (void) strcpy(ybuf, p);
+ snprintf(ybuf, sizeof ybuf, "%s", p);
define('y', ybuf, e);
}
}
@@ -504,7 +504,7 @@ settime(e)
now = curtime();
tm = gmtime(&now);
- (void) sprintf(tbuf, "%04d%02d%02d%02d%02d", tm->tm_year + 1900,
+ (void) snprintf(tbuf, sizeof tbuf, "%04d%02d%02d%02d%02d", tm->tm_year + 1900,
tm->tm_mon+1, tm->tm_mday, tm->tm_hour, tm->tm_min);
define('t', newstr(tbuf), e);
(void) strcpy(dbuf, ctime(&now));
@@ -686,7 +686,7 @@ setsender(from, e, delimptr, internal)
if (host == NULL)
host = MyHostName;
- (void) sprintf(ebuf, "%.*s@%.*s",
+ (void) snprintf(ebuf, sizeof ebuf, "%.*s@%.*s",
MAXNAME, realname,
MAXNAME, host);
p = ebuf;
@@ -777,8 +777,7 @@ setsender(from, e, delimptr, internal)
strcmp(pw->pw_name, e->e_from.q_user) == 0 &&
!internal)
{
- buildfname(pw->pw_gecos, e->e_from.q_user,
- buf, sizeof buf);
+ buildfname(pw->pw_gecos, e->e_from.q_user, buf, sizeof buf);
if (buf[0] != '\0')
FullName = newstr(buf);
}
diff --git a/usr.sbin/sendmail/src/err.c b/usr.sbin/sendmail/src/err.c
index 241a4865c8a..c231ef119d4 100644
--- a/usr.sbin/sendmail/src/err.c
+++ b/usr.sbin/sendmail/src/err.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)err.c 8.42 (Berkeley) 11/29/95";
+static char sccsid[] = "@(#)err.c 8.42.1.2 (Berkeley) 9/16/96";
#endif /* not lint */
# include "sendmail.h"
@@ -137,7 +137,7 @@ syserr(fmt, va_alist)
else
{
uname = ubuf;
- sprintf(ubuf, "UID%d", getuid());
+ snprintf(ubuf, sizeof ubuf, "UID%d", getuid());
}
if (LogLevel > 0)
@@ -218,7 +218,7 @@ usrerr(fmt, va_alist)
{
char buf[MAXLINE];
- sprintf(buf, "Postmaster warning: %.*s",
+ snprintf(buf, sizeof buf, "Postmaster warning: %.*s",
sizeof buf - 22, MsgBuf + 4);
CurEnv->e_message = newstr(buf);
}
@@ -394,7 +394,7 @@ putoutmsg(msg, holdmsg, heldmsg)
{
/* save for possible future display */
msg[0] = msgcode;
- strcpy(HeldMessageBuf, msg);
+ snprintf(HeldMessageBuf, sizeof HeldMessageBuf, "%s", msg);
return;
}
@@ -511,7 +511,7 @@ fmtmsg(eb, to, num, eno, fmt, ap)
del = '-';
else
del = ' ';
- (void) sprintf(eb, "%3.3s%c", num, del);
+ (void) snprintf(eb, spaceleft, "%3.3s%c", num, del);
eb += 4;
spaceleft -= 4;
@@ -600,6 +600,7 @@ errstring(errnum)
int errnum;
{
char *dnsmsg;
+ char *bp;
static char buf[MAXLINE];
# ifndef ERRLIST_PREDEFINED
extern char *sys_errlist[];
@@ -621,30 +622,33 @@ errstring(errnum)
# if defined(DAEMON) && defined(ETIMEDOUT)
case ETIMEDOUT:
case ECONNRESET:
- (void) strcpy(buf, sys_errlist[errnum]);
+ bp = buf;
+ snprintf(bp, SPACELEFT(buf, bp), "%s", sys_errlist[errnum]);
+ bp += strlen(buf);
if (SmtpPhase != NULL)
{
- (void) strcat(buf, " during ");
- (void) strcat(buf, SmtpPhase);
+ snprintf(bp, SPACELEFT(buf, bp), " during %s",
+ SmtpPhase);
+ bp += strlen(bp);
}
if (CurHostName != NULL)
{
- (void) strcat(buf, " with ");
- (void) strcat(buf, CurHostName);
+ snprintf(bp, SPACELEFT(buf, bp), " with %s",
+ shortenstring(CurHostName, 203));
}
return (buf);
case EHOSTDOWN:
if (CurHostName == NULL)
break;
- (void) sprintf(buf, "Host %s is down",
+ (void) snprintf(buf, sizeof buf, "Host %s is down",
shortenstring(CurHostName, 203));
return (buf);
case ECONNREFUSED:
if (CurHostName == NULL)
break;
- (void) sprintf(buf, "Connection refused by %s",
+ (void) snprintf(buf, sizeof buf, "Connection refused by %s",
shortenstring(CurHostName, 203));
return (buf);
# endif
@@ -677,19 +681,22 @@ errstring(errnum)
if (dnsmsg != NULL)
{
- (void) strcpy(buf, "Name server: ");
+ bp = buf;
+ strcpy(bp, "Name server: ");
+ bp += strlen(bp);
if (CurHostName != NULL)
{
- (void) strcat(buf, CurHostName);
- (void) strcat(buf, ": ");
+ snprintf(bp, SPACELEFT(buf, bp), "%s: ",
+ shortenstring(CurHostName, 203));
+ bp += strlen(bp);
}
- (void) strcat(buf, dnsmsg);
+ snprintf(bp, SPACELEFT(buf, bp), "%s", dnsmsg);
return buf;
}
if (errnum > 0 && errnum < sys_nerr)
return (sys_errlist[errnum]);
- (void) sprintf(buf, "Error %d", errnum);
+ (void) snprintf(buf, sizeof buf, "Error %d", errnum);
return (buf);
}
diff --git a/usr.sbin/sendmail/src/headers.c b/usr.sbin/sendmail/src/headers.c
index 748e2343f70..5a375b8eb0a 100644
--- a/usr.sbin/sendmail/src/headers.c
+++ b/usr.sbin/sendmail/src/headers.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)headers.c 8.82.1.1 (Berkeley) 2/18/96";
+static char sccsid[] = "@(#)headers.c 8.82.1.2 (Berkeley) 9/16/96";
#endif /* not lint */
# include <errno.h>
@@ -678,11 +678,11 @@ logsender(e, msgid)
else
{
name = hbuf;
- (void) sprintf(hbuf, "%.80s", RealHostName);
+ (void) snprintf(hbuf, sizeof hbuf, "%.80s", RealHostName);
if (RealHostAddr.sa.sa_family != 0)
{
p = &hbuf[strlen(hbuf)];
- (void) sprintf(p, " (%.100s)",
+ (void) snprintf(p, SPACELEFT(hbuf, p), " (%.100s)",
anynet_ntoa(&RealHostAddr));
}
}
@@ -690,23 +690,25 @@ logsender(e, msgid)
/* some versions of syslog only take 5 printf args */
# if (SYSLOG_BUFSIZE) >= 256
sbp = sbuf;
- sprintf(sbp, "from=%.200s, size=%ld, class=%d, pri=%ld, nrcpts=%d",
+ snprintf(sbp, SPACELEFT(sbuf, sbp),
+ "from=%.200s, size=%ld, class=%d, pri=%ld, nrcpts=%d",
e->e_from.q_paddr == NULL ? "<NONE>" : e->e_from.q_paddr,
e->e_msgsize, e->e_class, e->e_msgpriority, e->e_nrcpts);
sbp += strlen(sbp);
if (msgid != NULL)
{
- sprintf(sbp, ", msgid=%.100s", mbuf);
+ snprintf(sbp, SPACELEFT(sbuf, sbp), ", msgid=%.100s", mbuf);
sbp += strlen(sbp);
}
if (e->e_bodytype != NULL)
{
- (void) sprintf(sbp, ", bodytype=%.20s", e->e_bodytype);
+ (void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", bodytype=%.20s",
+ e->e_bodytype);
sbp += strlen(sbp);
}
p = macvalue('r', e);
if (p != NULL)
- (void) sprintf(sbp, ", proto=%.20s", p);
+ (void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", proto=%.20s", p);
syslog(LOG_INFO, "%s: %.850s, relay=%.100s",
e->e_id, sbuf, name);
@@ -722,17 +724,17 @@ logsender(e, msgid)
syslog(LOG_INFO, "%s: msgid=%s",
e->e_id, shortenstring(mbuf, 83));
sbp = sbuf;
- sprintf(sbp, "%s:", e->e_id);
+ snprintf(sbp, SPACELEFT(sbuf, sbp), "%s:", e->e_id);
sbp += strlen(sbp);
if (e->e_bodytype != NULL)
{
- sprintf(sbp, " bodytype=%.20s,", e->e_bodytype);
+ snprintf(sbp, SPACELEFT(sbuf, sbp), " bodytype=%.20s,", e->e_bodytype);
sbp += strlen(sbp);
}
p = macvalue('r', e);
if (p != NULL)
{
- sprintf(sbp, " proto=%.20s,", p);
+ snprintf(sbp, SPACELEFT(sbuf, sbp), " proto=%.20s,", p);
sbp += strlen(sbp);
}
syslog(LOG_INFO, "%.400s relay=%.100s", sbuf, name);
@@ -1216,7 +1218,8 @@ putheader(mci, h, e)
else
{
/* no other recipient headers: truncate value */
- (void) sprintf(obuf, "%s:", h->h_field);
+ (void) snprintf(obuf, sizeof obuf, "%s:",
+ h->h_field);
putline(obuf, mci);
}
continue;
@@ -1241,13 +1244,15 @@ putheader(mci, h, e)
register char *obp;
vanilla:
- (void) sprintf(obuf, "%.200s: ", h->h_field);
+ obp = obuf;
+ (void) snprintf(obp, SPACELEFT(obuf, obp), "%.200s: ",
+ h->h_field);
obp = obuf + strlen(obuf);
while ((nlp = strchr(p, '\n')) != NULL)
{
*nlp = '\0';
- sprintf(obp, "%.*s",
+ snprintf(obp, SPACELEFT(obuf, obp), "%.*s",
sizeof obuf - (obp - obuf) - 1, p);
*nlp = '\n';
putline(obuf, mci);
@@ -1256,7 +1261,8 @@ vanilla:
if (*p != ' ' && *p != '\t')
*obp++ = ' ';
}
- sprintf(obp, "%.*s", sizeof obuf - (obp - obuf) - 1, p);
+ snprintf(obp, SPACELEFT(obuf, obp), "%.*s",
+ sizeof obuf - (obp - obuf) - 1, p);
putline(obuf, mci);
}
}
@@ -1277,7 +1283,8 @@ vanilla:
putline("MIME-Version: 1.0", mci);
if (hvalue("Content-Type", e->e_header) == NULL)
{
- sprintf(obuf, "Content-Type: text/plain; charset=%s",
+ snprintf(obuf, sizeof obuf,
+ "Content-Type: text/plain; charset=%s",
defcharset(e));
putline(obuf, mci);
}
@@ -1326,7 +1333,7 @@ commaize(h, p, oldstyle, mci, e)
printf("commaize(%s: %s)\n", h->h_field, p);
obp = obuf;
- (void) sprintf(obp, "%.200s: ", h->h_field);
+ (void) snprintf(obp, SPACELEFT(obuf, obp), "%.200s: ", h->h_field);
opos = strlen(h->h_field) + 2;
obp += opos;
omax = mci->mci_mailer->m_linelimit - 2;
@@ -1420,7 +1427,7 @@ commaize(h, p, oldstyle, mci, e)
opos += 2;
if (opos > omax && !firstone)
{
- (void) strcpy(obp, ",\n");
+ snprintf(obp, SPACELEFT(obuf, obp), ",\n");
putline(obuf, mci);
obp = obuf;
(void) strcpy(obp, " ");
@@ -1430,7 +1437,7 @@ commaize(h, p, oldstyle, mci, e)
}
else if (!firstone)
{
- (void) strcpy(obp, ", ");
+ snprintf(obp, SPACELEFT(obuf, obp), ", ");
obp += 2;
}
diff --git a/usr.sbin/sendmail/src/main.c b/usr.sbin/sendmail/src/main.c
index 5e352f2b9fb..e50735deeaa 100644
--- a/usr.sbin/sendmail/src/main.c
+++ b/usr.sbin/sendmail/src/main.c
@@ -39,7 +39,7 @@ static char copyright[] =
#endif /* not lint */
#ifndef lint
-static char sccsid[] = "@(#)main.c 8.162 (Berkeley) 11/18/95";
+static char sccsid[] = "@(#)main.c 8.162.1.3 (Berkeley) 9/16/96";
#endif /* not lint */
#define _DEFINE
@@ -144,6 +144,7 @@ main(argc, argv, envp)
extern void sigusr1();
extern void sighup();
extern void initmacros __P((ENVELOPE *));
+ extern void resetlimits __P((void));
/*
** Check to see if we reentered.
@@ -224,9 +225,9 @@ main(argc, argv, envp)
pw = sm_getpwuid(RealUid);
if (pw != NULL)
- (void) strcpy(rnamebuf, pw->pw_name);
+ (void) snprintf(rnamebuf, sizeof rnamebuf, "%s", pw->pw_name);
else
- (void) sprintf(rnamebuf, "Unknown UID %d", RealUid);
+ (void) snprintf(rnamebuf, sizeof rnamebuf, "Unknown UID %d", RealUid);
RealUserName = rnamebuf;
/* save command line arguments */
@@ -431,7 +432,7 @@ main(argc, argv, envp)
{
char ipbuf[103];
- sprintf(ipbuf, "[%.100s]",
+ snprintf(ipbuf, sizeof ipbuf, "[%.100s]",
inet_ntoa(*((struct in_addr *) hp->h_addr_list[i])));
if (tTd(0, 4))
printf("\ta.k.a.: %s\n", ipbuf);
@@ -707,6 +708,9 @@ main(argc, argv, envp)
readcf(getcfname(), safecf, CurEnv);
vendor_post_defaults(CurEnv);
+ /* avoid denial-of-service attacks */
+ resetlimits();
+
/* suppress error printing if errors mailed back or whatever */
if (CurEnv->e_errormode != EM_PRINT)
HoldErrs = TRUE;
@@ -1569,7 +1573,7 @@ auth_warning(e, msg, va_alist)
if (hostbuf[0] == '\0')
(void) myhostname(hostbuf, sizeof hostbuf);
- (void) sprintf(buf, "%s: ", hostbuf);
+ (void) snprintf(buf, sizeof buf, "%s: ", hostbuf);
p = &buf[strlen(buf)];
VA_START(msg);
vsnprintf(p, sizeof buf - (p - buf), msg, ap);
@@ -1930,6 +1934,11 @@ testmodeline(line, e)
printf("Usage: /canon address\n");
return;
}
+ else if (strlen(p) >= sizeof host)
+ {
+ printf("Name too long\n");
+ return;
+ }
strcpy(host, p);
getcanonname(host, sizeof(host), HasWildcardMX, &rcode);
printf("getcanonname(%s) returns %s (%d)\n",
diff --git a/usr.sbin/sendmail/src/map.c b/usr.sbin/sendmail/src/map.c
index 23060d07e6e..13d38ce97be 100644
--- a/usr.sbin/sendmail/src/map.c
+++ b/usr.sbin/sendmail/src/map.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)map.c 8.108 (Berkeley) 11/29/95";
+static char sccsid[] = "@(#)map.c 8.108.1.2 (Berkeley) 9/16/96";
#endif /* not lint */
#include "sendmail.h"
@@ -99,7 +99,7 @@ static char sccsid[] = "@(#)map.c 8.108 (Berkeley) 11/29/95";
#define EX_NOTFOUND EX_NOHOST
extern bool aliaswait __P((MAP *, char *, int));
-extern bool extract_canonname __P((char *, char *, char[]));
+extern bool extract_canonname __P((char *, char *, char[], int));
#if defined(O_EXLOCK) && HASFLOCK
# define LOCK_ON_OPEN 1 /* we can open/create a locked file */
@@ -647,6 +647,7 @@ getcanonname(host, hbsize, trymx)
** name -- the name against which to match.
** line -- the /etc/hosts line.
** cbuf -- the location to store the result.
+** cbuflen -- the size of cbuf.
**
** Returns:
** TRUE -- if the line matched the desired name.
@@ -654,17 +655,20 @@ getcanonname(host, hbsize, trymx)
*/
bool
-extract_canonname(name, line, cbuf)
+extract_canonname(name, line, cbuf, cbuflen)
char *name;
char *line;
char cbuf[];
+ int cbuflen;
{
int i;
char *p;
bool found = FALSE;
- extern char *get_column();
+ int l;
+ extern char *get_column __P((char *, int, char, char *, int));
cbuf[0] = '\0';
+ l = cbuflen;
if (line[0] == '#')
return FALSE;
@@ -672,12 +676,14 @@ extract_canonname(name, line, cbuf)
{
char nbuf[MAXNAME + 1];
- p = get_column(line, i, '\0', nbuf);
+ p = get_column(line, i, '\0', nbuf, sizeof nbuf);
if (p == NULL)
break;
if (cbuf[0] == '\0' ||
(strchr(cbuf, '.') == NULL && strchr(p, '.') != NULL))
- strcpy(cbuf, p);
+ {
+ snprintf(cbuf, cbuflen, "%s", p);
+ }
if (strcasecmp(name, p) == 0)
found = TRUE;
}
@@ -687,7 +693,7 @@ extract_canonname(name, line, cbuf)
char *domain = macvalue('m', CurEnv);
if (domain != NULL &&
- strlen(domain) + strlen(cbuf) + 1 < MAXNAME)
+ strlen(domain) + strlen(cbuf) + 1 < cbuflen)
{
p = &cbuf[strlen(cbuf)];
*p++ = '.';
@@ -746,8 +752,8 @@ ndbm_map_open(map, mode)
char dirfile[MAXNAME + 1];
char pagfile[MAXNAME + 1];
- sprintf(dirfile, "%s.dir", map->map_file);
- sprintf(pagfile, "%s.pag", map->map_file);
+ snprintf(dirfile, sizeof dirfile, "%s.dir", map->map_file);
+ snprintf(pagfile, sizeof pagfile, "%s.pag", map->map_file);
dirfd = open(dirfile, mode|O_CREAT, DBMMODE);
pagfd = open(pagfile, mode|O_CREAT, DBMMODE);
@@ -924,7 +930,8 @@ ndbm_map_store(map, lhs, rhs)
bufsiz = data.dsize + old.dsize + 2;
buf = xalloc(bufsiz);
}
- sprintf(buf, "%s,%s", data.dptr, old.dptr);
+ snprintf(buf, bufsiz, "%s,%s",
+ data.dptr, old.dptr);
data.dsize = data.dsize + old.dsize + 1;
data.dptr = buf;
if (tTd(38, 9))
@@ -961,7 +968,7 @@ ndbm_map_close(map)
if (strstr(map->map_file, "/yp/") != NULL)
{
- (void) sprintf(buf, "%010ld", curtime());
+ (void) snprintf(buf, sizeof buf, "%010ld", curtime());
ndbm_map_store(map, "YP_LAST_MODIFIED", buf);
(void) gethostname(buf, sizeof buf);
@@ -1033,7 +1040,7 @@ db_map_open(map, mode, dbtype)
struct stat st;
char buf[MAXNAME + 1];
- (void) strcpy(buf, map->map_file);
+ snprintf(buf, sizeof buf - 3, "%s", map->map_file);
i = strlen(buf);
if (i < 3 || strcmp(&buf[i - 3], ".db") != 0)
(void) strcat(buf, ".db");
@@ -1249,7 +1256,8 @@ db_map_store(map, lhs, rhs)
bufsiz = data.size + old.size + 2;
buf = xalloc(bufsiz);
}
- sprintf(buf, "%s,%s", data.data, old.data);
+ snprintf(buf, bufsiz, "%s,%s",
+ data.data, old.data);
data.size = data.size + old.size + 1;
data.data = buf;
if (tTd(38, 9))
@@ -1508,7 +1516,7 @@ nis_getcanonname(name, hbsize, statp)
host_record[vsize] = '\0';
if (tTd(38, 44))
printf("got record `%s'\n", host_record);
- if (!extract_canonname(nbuf, host_record, cbuf))
+ if (!extract_canonname(nbuf, host_record, cbuf, sizeof cbuf))
{
/* this should not happen, but.... */
*statp = EX_NOHOST;
@@ -1586,7 +1594,8 @@ nisplus_map_open(map, mode)
/* check to see if this map actually exists */
if (PARTIAL_NAME(map->map_file))
- sprintf(qbuf, "%s.%s", map->map_file, map->map_domain);
+ snprintf(qbuf, sizeof qbuf, "%s.%s",
+ map->map_file, map->map_domain);
else
strcpy(qbuf, map->map_file);
@@ -1724,11 +1733,12 @@ nisplus_map_lookup(map, name, av, statp)
/* construct the query */
if (PARTIAL_NAME(map->map_file))
- sprintf(qbuf, "[%s=%s],%s.%s", map->map_keycolnm,
- search_key, map->map_file, map->map_domain);
+ snprintf(qbuf, sizeof qbuf, "[%s=%s],%s.%s",
+ map->map_keycolnm, search_key, map->map_file,
+ map->map_domain);
else
- sprintf(qbuf, "[%s=%s],%s", map->map_keycolnm,
- search_key, map->map_file);
+ snprintf(qbuf, sizeof qbuf, "[%s=%s],%s",
+ map->map_keycolnm, search_key, map->map_file);
if (tTd(38, 20))
printf("qbuf=%s\n", qbuf);
@@ -1816,13 +1826,14 @@ nisplus_getcanonname(name, hbsize, statp)
if (p == NULL)
{
/* single token */
- sprintf(qbuf, "[name=%s],hosts.org_dir", nbuf);
+ snprintf(qbuf, sizeof qbuf, "[name=%s],hosts.org_dir", nbuf);
}
else if (p[1] != '\0')
{
/* multi token -- take only first token in nbuf */
*p = '\0';
- sprintf(qbuf, "[name=%s],hosts.org_dir.%s", nbuf, &p[1]);
+ snprintf(qbuf, sizeof qbuf, "[name=%s],hosts.org_dir.%s",
+ nbuf, &p[1]);
}
else
{
@@ -1882,7 +1893,7 @@ nisplus_getcanonname(name, hbsize, statp)
if (domain[0] == '\0')
strcpy(name, vp);
else
- sprintf(name, "%s.%s", vp, domain);
+ snprintf(name, hbsize, "%s.%s", vp, domain);
*statp = EX_OK;
}
else
@@ -1917,7 +1928,7 @@ nisplus_default_domain()
return(default_domain);
p = nis_local_directory();
- strcpy(default_domain, p);
+ snprintf(default_domain, sizeof default_domain, "%s", p);
return default_domain;
}
@@ -2450,8 +2461,7 @@ text_map_lookup(map, name, av, statp)
char delim;
int key_idx;
bool found_it;
- extern char *get_column();
-
+ extern char *get_column __P((char *, int, char, char *, int));
found_it = FALSE;
if (tTd(38, 20))
@@ -2483,7 +2493,7 @@ text_map_lookup(map, name, av, statp)
p = strchr(linebuf, '\n');
if (p != NULL)
*p = '\0';
- p = get_column(linebuf, key_idx, delim, buf);
+ p = get_column(linebuf, key_idx, delim, buf, sizeof buf);
if (p != NULL && strcasecmp(search_key, p) == 0)
{
found_it = TRUE;
@@ -2496,7 +2506,7 @@ text_map_lookup(map, name, av, statp)
*statp = EX_NOTFOUND;
return NULL;
}
- vp = get_column(linebuf, map->map_valcolno, delim, buf);
+ vp = get_column(linebuf, map->map_valcolno, delim, buf, sizeof buf);
vsize = strlen(vp);
*statp = EX_OK;
if (bitset(MF_MATCHONLY, map->map_mflags))
@@ -2523,7 +2533,7 @@ text_getcanonname(name, hbsize, statp)
char cbuf[MAXNAME + 1];
char fbuf[MAXNAME + 1];
char nbuf[MAXNAME + 1];
- extern char *get_column();
+ extern char *get_column __P((char *, int, char, char *, int));
if (tTd(38, 20))
printf("text_getcanonname(%s)\n", name);
@@ -2550,7 +2560,7 @@ text_getcanonname(name, hbsize, statp)
if (p != NULL)
*p = '\0';
if (linebuf[0] != '\0')
- found = extract_canonname(nbuf, linebuf, cbuf);
+ found = extract_canonname(nbuf, linebuf, cbuf, sizeof cbuf);
}
fclose(f);
if (!found)
@@ -2883,12 +2893,12 @@ user_map_lookup(map, key, av, statp)
break;
case 3:
- sprintf(buf, "%d", pw->pw_uid);
+ snprintf(buf, sizeof buf, "%d", pw->pw_uid);
rwval = buf;
break;
case 4:
- sprintf(buf, "%d", pw->pw_gid);
+ snprintf(buf, sizeof buf, "%d", pw->pw_gid);
rwval = buf;
break;
@@ -2939,7 +2949,7 @@ prog_map_lookup(map, name, av, statp)
argv[i++] = map->map_file;
if (map->map_rebuild != NULL)
{
- strcpy(buf, map->map_rebuild);
+ snprintf(buf, sizeof buf, "%s", map->map_rebuild);
for (p = strtok(buf, " \t"); p != NULL; p = strtok(NULL, " \t"))
{
if (i >= MAXPV - 1)
@@ -3138,7 +3148,8 @@ switch_map_open(map, mode)
if (maptype[mapno] == NULL)
continue;
- (void) sprintf(nbuf, "%s.%s", map->map_mname, maptype[mapno]);
+ (void) snprintf(nbuf, sizeof nbuf, "%s.%s",
+ map->map_mname, maptype[mapno]);
s = stab(nbuf, ST_MAP, ST_FIND);
if (s == NULL)
{
diff --git a/usr.sbin/sendmail/src/mci.c b/usr.sbin/sendmail/src/mci.c
index ee0da2d1f32..beff0197735 100644
--- a/usr.sbin/sendmail/src/mci.c
+++ b/usr.sbin/sendmail/src/mci.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)mci.c 8.22 (Berkeley) 11/18/95";
+static char sccsid[] = "@(#)mci.c 8.22.1.1 (Berkeley) 9/16/96";
#endif /* not lint */
#include "sendmail.h"
@@ -372,24 +372,27 @@ mci_dump(mci, logit)
sep = logit ? " " : "\n\t";
p = buf;
- sprintf(p, "MCI@%x: ", mci);
+ snprintf(p, SPACELEFT(buf, p), "MCI@%x: ", mci);
p += strlen(p);
if (mci == NULL)
{
- sprintf(p, "NULL");
+ snprintf(p, SPACELEFT(buf, p), "NULL");
goto printit;
}
- sprintf(p, "flags=%x, errno=%d, herrno=%d, exitstat=%d, state=%d, pid=%d,%s",
+ snprintf(p, SPACELEFT(buf, p),
+ "flags=%x, errno=%d, herrno=%d, exitstat=%d, state=%d, pid=%d,%s",
mci->mci_flags, mci->mci_errno, mci->mci_herrno,
mci->mci_exitstat, mci->mci_state, mci->mci_pid, sep);
p += strlen(p);
- sprintf(p, "maxsize=%ld, phase=%s, mailer=%s,%s",
+ snprintf(p, SPACELEFT(buf, p),
+ "maxsize=%ld, phase=%s, mailer=%s,%s",
mci->mci_maxsize,
mci->mci_phase == NULL ? "NULL" : mci->mci_phase,
mci->mci_mailer == NULL ? "NULL" : mci->mci_mailer->m_name,
sep);
p += strlen(p);
- sprintf(p, "host=%s, lastuse=%s",
+ snprintf(p, SPACELEFT(buf, p),
+ "host=%s, lastuse=%s",
mci->mci_host == NULL ? "NULL" : mci->mci_host,
ctime(&mci->mci_lastuse));
printit:
diff --git a/usr.sbin/sendmail/src/mime.c b/usr.sbin/sendmail/src/mime.c
index acbc04ca617..1c71a84ac6b 100644
--- a/usr.sbin/sendmail/src/mime.c
+++ b/usr.sbin/sendmail/src/mime.c
@@ -36,7 +36,7 @@
# include <string.h>
#ifndef lint
-static char sccsid[] = "@(#)mime.c 8.30 (Berkeley) 10/31/95";
+static char sccsid[] = "@(#)mime.c 8.30.1.1 (Berkeley) 9/16/96";
#endif /* not lint */
/*
@@ -222,7 +222,7 @@ mime8to7(mci, header, e, boundaries, flags)
** just copy it through.
*/
- sprintf(buf, "%.100s/%.100s", type, subtype);
+ snprintf(buf, sizeof buf, "%.100s/%.100s", type, subtype);
if (wordinclass(buf, 'n') || (cte != NULL && !wordinclass(cte, 'e')))
flags |= M87F_NO8BIT;
@@ -294,7 +294,7 @@ mime8to7(mci, header, e, boundaries, flags)
{
auto HDR *hdr = NULL;
- sprintf(buf, "--%s", bbuf);
+ snprintf(buf, sizeof buf, "--%s", bbuf);
putline(buf, mci);
if (tTd(43, 35))
printf(" ...%s\n", buf);
@@ -306,7 +306,7 @@ mime8to7(mci, header, e, boundaries, flags)
putline("+++after putheader", mci);
bt = mime8to7(mci, hdr, e, boundaries, flags);
}
- sprintf(buf, "--%s--", bbuf);
+ snprintf(buf, sizeof buf, "--%s--", bbuf);
putline(buf, mci);
if (tTd(43, 35))
printf(" ...%s\n", buf);
@@ -435,7 +435,8 @@ mime8to7(mci, header, e, boundaries, flags)
/* no encoding necessary */
if (cte != NULL)
{
- sprintf(buf, "Content-Transfer-Encoding: %.200s", cte);
+ snprintf(buf, sizeof buf,
+ "Content-Transfer-Encoding: %.200s", cte);
putline(buf, mci);
if (tTd(43, 36))
printf(" ...%s\n", buf);
diff --git a/usr.sbin/sendmail/src/parseaddr.c b/usr.sbin/sendmail/src/parseaddr.c
index f1bd16a219e..85f34a726a1 100644
--- a/usr.sbin/sendmail/src/parseaddr.c
+++ b/usr.sbin/sendmail/src/parseaddr.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)parseaddr.c 8.87 (Berkeley) 11/29/95";
+static char sccsid[] = "@(#)parseaddr.c 8.87.1.1 (Berkeley) 9/16/96";
#endif /* not lint */
# include "sendmail.h"
@@ -1212,7 +1212,8 @@ rewrite(pvp, ruleset, reclevel, e)
{
char mbuf[300];
- sprintf(mbuf, "%.80s map: lookup (%s): deferred",
+ snprintf(mbuf, sizeof mbuf,
+ "%.80s map: lookup (%s): deferred",
mapname,
shortenstring(buf, 203));
e->e_message = newstr(mbuf);
diff --git a/usr.sbin/sendmail/src/queue.c b/usr.sbin/sendmail/src/queue.c
index bd89a31806a..eb5176eade9 100644
--- a/usr.sbin/sendmail/src/queue.c
+++ b/usr.sbin/sendmail/src/queue.c
@@ -36,9 +36,9 @@
#ifndef lint
#ifdef QUEUE
-static char sccsid[] = "@(#)queue.c 8.98.1.1 (Berkeley) 2/18/96 (with queueing)";
+static char sccsid[] = "@(#)queue.c 8.98.1.3 (Berkeley) 9/16/96 (with queueing)";
#else
-static char sccsid[] = "@(#)queue.c 8.98.1.1 (Berkeley) 2/18/96 (without queueing)";
+static char sccsid[] = "@(#)queue.c 8.98.1.3 (Berkeley) 9/16/96 (without queueing)";
#endif
#endif /* not lint */
@@ -66,7 +66,7 @@ typedef struct work WORK;
WORK *WorkQ; /* queue of things to be done */
-#define QF_VERSION 1 /* version number of this queue format */
+#define QF_VERSION 2 /* version number of this queue format */
#if !defined(NGROUPS_MAX) && defined(NGROUPS)
# define NGROUPS_MAX NGROUPS /* POSIX naming convention */
@@ -458,9 +458,11 @@ printctladdr(a, tfp)
FILE *tfp;
{
char *uname;
+ char *paddr;
register struct passwd *pw;
register ADDRESS *q;
uid_t uid;
+ gid_t gid;
static ADDRESS *lastctladdr;
static uid_t lastuid;
@@ -477,9 +479,17 @@ printctladdr(a, tfp)
/* find the active uid */
q = getctladdr(a);
if (q == NULL)
+ {
+ uname = NULL;
uid = 0;
+ gid = 0;
+ }
else
+ {
+ uname = q->q_ruser != NULL ? q->q_ruser : q->q_user;
uid = q->q_uid;
+ gid = q->q_gid;
+ }
a = a->q_alias;
/* check to see if this is the same as last time */
@@ -489,12 +499,12 @@ printctladdr(a, tfp)
lastuid = uid;
lastctladdr = a;
- if (uid == 0 || (pw = sm_getpwuid(uid)) == NULL)
- uname = "";
+ paddr = denlstring(a->q_paddr, TRUE, FALSE);
+ if (uid == 0 || uname == NULL || uname[0] == '\0')
+ fprintf(tfp, "C:%s\n", paddr);
else
- uname = pw->pw_name;
-
- fprintf(tfp, "C%s:%s\n", uname, denlstring(a->q_paddr, TRUE, FALSE));
+ fprintf(tfp, "C%s:%ld:%ld:%s\n",
+ uname, (long) uid, (long) gid, paddr);
}
/*
** RUNQUEUE -- run the jobs in the queue.
@@ -1299,7 +1309,7 @@ readqf(e)
bool nomore = FALSE;
char qf[20];
char buf[MAXLINE];
- extern ADDRESS *setctluser();
+ extern ADDRESS *setctluser __P((char *, int));
extern void loseqfile();
/*
@@ -1421,7 +1431,7 @@ readqf(e)
break;
case 'C': /* specify controlling user */
- ctladdr = setctluser(&bp[1]);
+ ctladdr = setctluser(&bp[1], qfver);
break;
case 'Q': /* original recipient */
@@ -1876,7 +1886,7 @@ queuename(e, type)
c1 = 'A';
c2 = 'A' - 1;
}
- (void) sprintf(qf, "qf%cAA%05d", c0, pid);
+ (void) snprintf(qf, sizeof qf, "qf%cAA%05d", c0, pid);
while (c1 < '~' || c2 < 'Z')
{
@@ -1933,7 +1943,7 @@ queuename(e, type)
if (type == '\0')
return (NULL);
- (void) sprintf(buf, "%cf%s", type, e->e_id);
+ (void) snprintf(buf, sizeof buf, "%cf%s", type, e->e_id);
if (tTd(7, 2))
printf("queuename: %s\n", buf);
return (buf);
@@ -1984,6 +1994,7 @@ unlockqueue(e)
**
** Parameters:
** user -- the user name of the controlling user.
+** qfver -- the version stamp of this qf file.
**
** Returns:
** An address descriptor for the controlling user.
@@ -1993,8 +2004,9 @@ unlockqueue(e)
*/
ADDRESS *
-setctluser(user)
+setctluser(user, qfver)
char *user;
+ int qfver;
{
register ADDRESS *a;
struct passwd *pw;
@@ -2014,26 +2026,40 @@ setctluser(user)
a = (ADDRESS *) xalloc(sizeof *a);
bzero((char *) a, sizeof *a);
- p = strchr(user, ':');
- if (p != NULL)
- *p++ = '\0';
- if (*user != '\0' && (pw = sm_getpwnam(user)) != NULL)
+ if (*user == '\0')
{
- if (strcmp(pw->pw_dir, "/") == 0)
- a->q_home = "";
- else
- a->q_home = newstr(pw->pw_dir);
- a->q_uid = pw->pw_uid;
- a->q_gid = pw->pw_gid;
- a->q_flags |= QGOODUID;
+ p = NULL;
+ a->q_user = newstr(DefUser);
}
-
- if (*user != '\0')
- a->q_user = newstr(user);
- else if (p != NULL)
+ else if (*user == ':')
+ {
+ p = &user[1];
a->q_user = newstr(p);
+ }
else
- a->q_user = newstr(DefUser);
+ {
+ p = strtok(user, ":");
+ a->q_user = newstr(user);
+ if (qfver >= 2)
+ {
+ if ((p = strtok(NULL, ":")) != NULL)
+ a->q_uid = atoi(p);
+ if ((p = strtok(NULL, ":")) != NULL)
+ a->q_gid = atoi(p);
+ if ((p = strtok(NULL, ":")) != NULL)
+ a->q_flags |= QGOODUID;
+ }
+ else if ((pw = sm_getpwnam(user)) != NULL)
+ {
+ if (strcmp(pw->pw_dir, "/") == 0)
+ a->q_home = "";
+ else
+ a->q_home = newstr(pw->pw_dir);
+ a->q_uid = pw->pw_uid;
+ a->q_gid = pw->pw_gid;
+ a->q_flags |= QGOODUID;
+ }
+ }
a->q_flags |= QPRIMARY; /* flag as a "ctladdr" */
a->q_mailer = LocalMailer;
diff --git a/usr.sbin/sendmail/src/recipient.c b/usr.sbin/sendmail/src/recipient.c
index 90e3e5a4353..4675247e11c 100644
--- a/usr.sbin/sendmail/src/recipient.c
+++ b/usr.sbin/sendmail/src/recipient.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)recipient.c 8.108 (Berkeley) 10/30/95";
+static char sccsid[] = "@(#)recipient.c 8.108.1.1 (Berkeley) 9/12/96";
#endif /* not lint */
# include "sendmail.h"
@@ -499,7 +499,7 @@ recipient(a, sendq, aliaslevel, e)
/* warning -- finduser may trash buf */
pw = finduser(buf, &fuzzy);
- if (pw == NULL)
+ if (pw == NULL || strlen(pw->pw_name) > MAXNAME)
{
a->q_flags |= QBADADDR;
a->q_status = "5.1.1";
diff --git a/usr.sbin/sendmail/src/savemail.c b/usr.sbin/sendmail/src/savemail.c
index 78c9149980b..b7098789581 100644
--- a/usr.sbin/sendmail/src/savemail.c
+++ b/usr.sbin/sendmail/src/savemail.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)savemail.c 8.87 (Berkeley) 10/28/95";
+static char sccsid[] = "@(#)savemail.c 8.87.1.2 (Berkeley) 9/16/96";
#endif /* not lint */
# include "sendmail.h"
@@ -376,8 +376,7 @@ savemail(e, sendbody)
break;
}
- strcpy(buf, _PATH_VARTMP);
- strcat(buf, "dead.letter");
+ snprintf(buf, sizeof buf, "%sdead.letter", _PATH_VARTMP);
sfflags = SFF_NOSLINK|SFF_CREAT|SFF_REGONLY|SFF_ROOTOK|SFF_OPENASROOT;
if (!writable(buf, NULL, sfflags) ||
@@ -555,10 +554,10 @@ returntosender(msg, returnq, sendbody, e)
{
addheader("MIME-Version", "1.0", &ee->e_header);
- (void) sprintf(buf, "%s.%ld/%.100s",
+ (void) snprintf(buf, sizeof buf, "%s.%ld/%.100s",
ee->e_id, curtime(), MyHostName);
ee->e_msgboundary = newstr(buf);
- (void) sprintf(buf,
+ (void) snprintf(buf, sizeof buf,
#if DSN
"multipart/report; report-type=delivery-status;\n\tboundary=\"%s\"",
#else
@@ -592,11 +591,12 @@ returntosender(msg, returnq, sendbody, e)
}
else
{
- sprintf(buf, "Returned mail: %.*s", sizeof buf - 20, msg);
+ snprintf(buf, sizeof buf, "Returned mail: %.*s",
+ sizeof buf - 20, msg);
addheader("Subject", buf, &ee->e_header);
p = "failure";
}
- (void) sprintf(buf, "auto-generated (%s)", p);
+ (void) snprintf(buf, sizeof buf, "auto-generated (%s)", p);
addheader("Auto-Submitted", buf, &ee->e_header);
/* fake up an address header for the from person */
@@ -690,7 +690,7 @@ errbody(mci, e, separator)
{
putline("This is a MIME-encapsulated message", mci);
putline("", mci);
- (void) sprintf(buf, "--%s", e->e_msgboundary);
+ (void) snprintf(buf, sizeof buf, "--%s", e->e_msgboundary);
putline(buf, mci);
putline("", mci);
}
@@ -715,7 +715,7 @@ errbody(mci, e, separator)
mci);
putline("", mci);
}
- sprintf(buf, "The original message was received at %s",
+ snprintf(buf, sizeof buf, "The original message was received at %s",
arpadate(ctime(&e->e_parent->e_ctime)));
putline(buf, mci);
expand("from \201_", buf, sizeof buf, e->e_parent);
@@ -790,11 +790,12 @@ errbody(mci, e, separator)
printheader = FALSE;
}
- sprintf(buf, "%s (%s)", shortenstring(q->q_paddr, 203), p);
+ snprintf(buf, sizeof buf, "%s (%s)",
+ shortenstring(q->q_paddr, 203), p);
putline(buf, mci);
if (q->q_alias != NULL)
{
- sprintf(buf, " (expanded from: %s)",
+ snprintf(buf, sizeof buf, " (expanded from: %s)",
shortenstring(q->q_alias->q_paddr, 203));
putline(buf, mci);
}
@@ -837,7 +838,7 @@ errbody(mci, e, separator)
if (e->e_msgboundary != NULL)
{
putline("", mci);
- (void) sprintf(buf, "--%s", e->e_msgboundary);
+ (void) snprintf(buf, sizeof buf, "--%s", e->e_msgboundary);
putline(buf, mci);
putline("Content-Type: message/delivery-status", mci);
putline("", mci);
@@ -849,13 +850,13 @@ errbody(mci, e, separator)
/* original envelope id from MAIL FROM: line */
if (e->e_parent->e_envid != NULL)
{
- (void) sprintf(buf, "Original-Envelope-Id: %.800s",
+ (void) snprintf(buf, sizeof buf, "Original-Envelope-Id: %.800s",
xuntextify(e->e_parent->e_envid));
putline(buf, mci);
}
/* Reporting-MTA: is us (required) */
- (void) sprintf(buf, "Reporting-MTA: dns; %.800s", MyHostName);
+ (void) snprintf(buf, sizeof buf, "Reporting-MTA: dns; %.800s", MyHostName);
putline(buf, mci);
/* DSN-Gateway: not relevant since we are not translating */
@@ -867,13 +868,13 @@ errbody(mci, e, separator)
if (e->e_parent->e_from.q_mailer == NULL ||
(p = e->e_parent->e_from.q_mailer->m_mtatype) == NULL)
p = "dns";
- (void) sprintf(buf, "Received-From-MTA: %s; %.800s",
+ (void) snprintf(buf, sizeof buf, "Received-From-MTA: %s; %.800s",
p, RealHostName);
putline(buf, mci);
}
/* Arrival-Date: -- when it arrived here */
- (void) sprintf(buf, "Arrival-Date: %s",
+ (void) snprintf(buf, sizeof buf, "Arrival-Date: %s",
arpadate(ctime(&e->e_parent->e_ctime)));
putline(buf, mci);
@@ -911,7 +912,7 @@ errbody(mci, e, separator)
/* Original-Recipient: -- passed from on high */
if (q->q_orcpt != NULL)
{
- (void) sprintf(buf, "Original-Recipient: %.800s",
+ (void) snprintf(buf, sizeof buf, "Original-Recipient: %.800s",
q->q_orcpt);
putline(buf, mci);
}
@@ -924,12 +925,14 @@ errbody(mci, e, separator)
continue;
if (strchr(r->q_user, '@') == NULL)
{
- (void) sprintf(buf, "Final-Recipient: %s; %.700s@%.100s",
+ (void) snprintf(buf, sizeof buf,
+ "Final-Recipient: %s; %.700s@%.100s",
p, r->q_user, MyHostName);
}
else
{
- (void) sprintf(buf, "Final-Recipient: %s; %.800s",
+ (void) snprintf(buf, sizeof buf,
+ "Final-Recipient: %s; %.800s",
p, r->q_user);
}
putline(buf, mci);
@@ -939,31 +942,33 @@ errbody(mci, e, separator)
{
if (strchr(q->q_user, '@') == NULL)
{
- (void) sprintf(buf, "X-Actual-Recipient: %s; %.700s@%.100s",
+ (void) snprintf(buf, sizeof buf,
+ "X-Actual-Recipient: %s; %.700s@%.100s",
p, q->q_user, MyHostName);
}
else
{
- (void) sprintf(buf, "X-Actual-Recipient: %s; %.800s",
+ (void) snprintf(buf, sizeof buf,
+ "X-Actual-Recipient: %s; %.800s",
p, q->q_user);
}
putline(buf, mci);
}
/* Action: -- what happened? */
- sprintf(buf, "Action: %s", action);
+ snprintf(buf, sizeof buf, "Action: %s", action);
putline(buf, mci);
/* Status: -- what _really_ happened? */
- strcpy(buf, "Status: ");
if (q->q_status != NULL)
- strcat(buf, q->q_status);
+ p = q->q_status;
else if (bitset(QBADADDR, q->q_flags))
- strcat(buf, "5.0.0");
+ p = "5.0.0";
else if (bitset(QQUEUEUP, q->q_flags))
- strcat(buf, "4.0.0");
+ p = "4.0.0";
else
- strcat(buf, "2.0.0");
+ p = "2.0.0";
+ snprintf(buf, sizeof buf, "Status: %s", p);
putline(buf, mci);
/* Remote-MTA: -- who was I talking to? */
@@ -972,7 +977,8 @@ errbody(mci, e, separator)
if (q->q_mailer == NULL ||
(p = q->q_mailer->m_mtatype) == NULL)
p = "dns";
- (void) sprintf(buf, "Remote-MTA: %s; %.800s",
+ (void) snprintf(buf, sizeof buf,
+ "Remote-MTA: %s; %.800s",
p, q->q_statmta);
p = &buf[strlen(buf) - 1];
if (*p == '.')
@@ -986,7 +992,8 @@ errbody(mci, e, separator)
p = q->q_mailer->m_diagtype;
if (p == NULL)
p = "smtp";
- (void) sprintf(buf, "Diagnostic-Code: %s; %.800s",
+ (void) snprintf(buf, sizeof buf,
+ "Diagnostic-Code: %s; %.800s",
p, q->q_rstatus);
putline(buf, mci);
}
@@ -994,7 +1001,8 @@ errbody(mci, e, separator)
/* Last-Attempt-Date: -- fine granularity */
if (q->q_statdate == (time_t) 0L)
q->q_statdate = curtime();
- (void) sprintf(buf, "Last-Attempt-Date: %s",
+ (void) snprintf(buf, sizeof buf,
+ "Last-Attempt-Date: %s",
arpadate(ctime(&q->q_statdate)));
putline(buf, mci);
@@ -1006,7 +1014,8 @@ errbody(mci, e, separator)
xdate = e->e_parent->e_ctime +
TimeOuts.to_q_return[e->e_parent->e_timeoutclass];
- sprintf(buf, "Will-Retry-Until: %s",
+ snprintf(buf, sizeof buf,
+ "Will-Retry-Until: %s",
arpadate(ctime(&xdate)));
putline(buf, mci);
}
@@ -1034,10 +1043,11 @@ errbody(mci, e, separator)
}
else
{
- (void) sprintf(buf, "--%s", e->e_msgboundary);
+ (void) snprintf(buf, sizeof buf, "--%s",
+ e->e_msgboundary);
putline(buf, mci);
- (void) sprintf(buf, "Content-Type: %s",
+ (void) snprintf(buf, sizeof buf, "Content-Type: %s",
sendbody ? "message/rfc822"
: "text/rfc822-headers");
putline(buf, mci);
@@ -1049,7 +1059,7 @@ errbody(mci, e, separator)
p = "8bit";
if (p != NULL)
{
- (void) sprintf(buf, "Content-Transfer-Encoding: %s",
+ (void) snprintf(buf, sizeof buf, "Content-Transfer-Encoding: %s",
p);
putline(buf, mci);
}
@@ -1072,7 +1082,7 @@ errbody(mci, e, separator)
if (e->e_msgboundary != NULL)
{
putline("", mci);
- (void) sprintf(buf, "--%s--", e->e_msgboundary);
+ (void) snprintf(buf, sizeof buf, "--%s--", e->e_msgboundary);
putline(buf, mci);
}
putline("", mci);
@@ -1351,6 +1361,7 @@ pruneroute(addr)
char *start, *at, *comma;
char c;
int rcode;
+ int i;
char hostbuf[BUFSIZ];
char *mxhosts[MAXMXHOSTS + 1];
@@ -1363,8 +1374,11 @@ pruneroute(addr)
return FALSE;
/* slice off the angle brackets */
+ i = strlen(at + 1);
+ if (i >= (SIZE_T) sizeof hostbuf)
+ return FALSE;
strcpy(hostbuf, at + 1);
- hostbuf[strlen(hostbuf) - 1] = '\0';
+ hostbuf[i - 1] = '\0';
while (start)
{
@@ -1376,10 +1390,11 @@ pruneroute(addr)
c = *start;
*start = '\0';
comma = strrchr(addr, ',');
- if (comma && comma[1] == '@')
+ if (comma != NULL && comma[1] == '@' &&
+ strlen(comma + 2) < (SIZE_T) sizeof hostbuf)
strcpy(hostbuf, comma + 2);
else
- comma = 0;
+ comma = NULL;
*start = c;
start = comma;
}
diff --git a/usr.sbin/sendmail/src/sendmail.h b/usr.sbin/sendmail/src/sendmail.h
index 9de20ca4b23..0f171587356 100644
--- a/usr.sbin/sendmail/src/sendmail.h
+++ b/usr.sbin/sendmail/src/sendmail.h
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * @(#)sendmail.h 8.159 (Berkeley) 11/18/95
+ * @(#)sendmail.h 8.159.1.3 (Berkeley) 9/16/96
*/
/*
@@ -41,7 +41,7 @@
# ifdef _DEFINE
# define EXTERN
# ifndef lint
-static char SmailSccsId[] = "@(#)sendmail.h 8.159 11/18/95";
+static char SmailSccsId[] = "@(#)sendmail.h 8.159.1.3 9/16/96";
# endif
# else /* _DEFINE */
# define EXTERN extern
@@ -121,6 +121,14 @@ typedef int BITMAP[BITMAPBYTES / sizeof (int)];
/* clear an entire bit map */
#define clrbitmap(map) bzero((char *) map, BITMAPBYTES)
+
+
+/*
+** Utility macros
+*/
+
+/* return number of bytes left in a buffer */
+#define SPACELEFT(buf, ptr) (sizeof buf - ((ptr) - buf))
/*
** Address structure.
** Addresses are stored internally in this structure.
@@ -1199,6 +1207,7 @@ extern void setclass __P((int, char *));
extern void inittimeouts __P((char *));
extern void logdelivery __P((MAILER *, MCI *, const char *, ADDRESS *, time_t, ENVELOPE *));
extern void giveresponse __P((int, MAILER *, MCI *, ADDRESS *, time_t, ENVELOPE *));
+extern void buildfname __P((char *, char *, char *, int));
extern const char *errstring __P((int));
extern sigfunc_t setsignal __P((int, sigfunc_t));
@@ -1228,10 +1237,10 @@ extern void nmessage();
#if !HASSNPRINTF
# ifdef __STDC__
-extern void snprintf(char *, size_t, const char *, ...);
-extern void vsnprintf(char *, size_t, const char *, va_list);
+extern int snprintf(char *, size_t, const char *, ...);
+extern int vsnprintf(char *, size_t, const char *, va_list);
# else
-extern void snprintf();
-extern void vsnprintf();
+extern int snprintf();
+extern int vsnprintf();
# endif
#endif
diff --git a/usr.sbin/sendmail/src/udb.c b/usr.sbin/sendmail/src/udb.c
index 1bcf68c3424..15327554c66 100644
--- a/usr.sbin/sendmail/src/udb.c
+++ b/usr.sbin/sendmail/src/udb.c
@@ -36,9 +36,9 @@
#ifndef lint
#if USERDB
-static char sccsid [] = "@(#)udb.c 8.33 (Berkeley) 11/29/95 (with USERDB)";
+static char sccsid [] = "@(#)udb.c 8.33.1.2 (Berkeley) 9/16/96 (with USERDB)";
#else
-static char sccsid [] = "@(#)udb.c 8.33 (Berkeley) 11/29/95 (without USERDB)";
+static char sccsid [] = "@(#)udb.c 8.33.1.2 (Berkeley) 9/16/96 (without USERDB)";
#endif
#endif
@@ -359,7 +359,7 @@ udbexpand(a, sendq, aliaslevel, e)
a->q_user, hes_error());
continue;
}
- sprintf(info.data, "%s@%s",
+ snprintf(pobuf, sizeof pobuf, "%s@%s",
hp->po_name, hp->po_host);
info.size = strlen(info.data);
#else
@@ -438,7 +438,8 @@ udbexpand(a, sendq, aliaslevel, e)
user = buf;
else
user = xalloc(i + 1);
- (void) sprintf(user, "%s@%s", a->q_user, up->udb_fwdhost);
+ (void) snprintf(user, i, "%s@%s",
+ a->q_user, up->udb_fwdhost);
message("expanded to %s", user);
a->q_flags &= ~QSELFREF;
naddrs = sendtolist(user, a, sendq, aliaslevel + 1, e);
@@ -1044,6 +1045,8 @@ hes_udb_get(key, info)
char *p, **hp;
char kbuf[MAXKEY + 1];
+ if (strlen(key->data) >= (SIZE_T) sizeof kbuf)
+ return 0;
strcpy(kbuf, key->data);
name = kbuf;
type = strrchr(name, ':');
diff --git a/usr.sbin/sendmail/src/usersmtp.c b/usr.sbin/sendmail/src/usersmtp.c
index d33bd5ed3d8..c858658107d 100644
--- a/usr.sbin/sendmail/src/usersmtp.c
+++ b/usr.sbin/sendmail/src/usersmtp.c
@@ -36,9 +36,9 @@
#ifndef lint
#ifdef SMTP
-static char sccsid[] = "@(#)usersmtp.c 8.65 (Berkeley) 9/28/95 (with SMTP)";
+static char sccsid[] = "@(#)usersmtp.c 8.65.1.2 (Berkeley) 9/16/96 (with SMTP)";
#else
-static char sccsid[] = "@(#)usersmtp.c 8.65 (Berkeley) 9/28/95 (without SMTP)";
+static char sccsid[] = "@(#)usersmtp.c 8.65.1.2 (Berkeley) 9/16/96 (without SMTP)";
#endif
#endif /* not lint */
@@ -332,6 +332,7 @@ smtpmailfrom(m, mci, e)
ENVELOPE *e;
{
int r;
+ int l;
char *bufp;
char *bodytype;
char buf[MAXNAME + 1];
@@ -342,9 +343,10 @@ smtpmailfrom(m, mci, e)
/* set up appropriate options to include */
if (bitset(MCIF_SIZE, mci->mci_flags) && e->e_msgsize > 0)
- sprintf(optbuf, " SIZE=%ld", e->e_msgsize);
+ snprintf(optbuf, sizeof optbuf, " SIZE=%ld", e->e_msgsize);
else
strcpy(optbuf, "");
+ l = sizeof optbuf - strlen(optbuf) - 1;
bodytype = e->e_bodytype;
if (bitset(MCIF_8BITMIME, mci->mci_flags))
@@ -359,6 +361,7 @@ smtpmailfrom(m, mci, e)
{
strcat(optbuf, " BODY=");
strcat(optbuf, bodytype);
+ l -= strlen(optbuf);
}
}
else if (bitnset(M_8BITS, m->m_flags) ||
@@ -387,20 +390,22 @@ smtpmailfrom(m, mci, e)
if (bitset(MCIF_DSN, mci->mci_flags))
{
- if (e->e_envid != NULL)
+ if (e->e_envid != NULL && strlen(e->e_envid) < (SIZE_T) l)
{
strcat(optbuf, " ENVID=");
strcat(optbuf, e->e_envid);
+ l -= strlen(optbuf);
}
/* RET= parameter */
- if (bitset(EF_RET_PARAM, e->e_flags))
+ if (bitset(EF_RET_PARAM, e->e_flags) && l >= 9)
{
strcat(optbuf, " RET=");
if (bitset(EF_NO_BODY_RETN, e->e_flags))
strcat(optbuf, "HDRS");
else
strcat(optbuf, "FULL");
+ l -= 9;
}
}
@@ -516,10 +521,12 @@ smtprcpt(to, m, mci, e)
ENVELOPE *e;
{
register int r;
+ int l;
char optbuf[MAXLINE];
extern char *smtptodsn();
strcpy(optbuf, "");
+ l = sizeof optbuf - 1;
if (bitset(MCIF_DSN, mci->mci_flags))
{
/* NOTIFY= parameter */
@@ -550,13 +557,15 @@ smtprcpt(to, m, mci, e)
}
if (firstone)
strcat(optbuf, "NEVER");
+ l -= strlen(optbuf);
}
/* ORCPT= parameter */
- if (to->q_orcpt != NULL)
+ if (to->q_orcpt != NULL && strlen(to->q_orcpt) + 7 < l)
{
strcat(optbuf, " ORCPT=");
strcat(optbuf, to->q_orcpt);
+ l -= strlen(optbuf);
}
}
@@ -921,14 +930,19 @@ reply(m, mci, e, timeout, pfunc)
{
char wbuf[MAXLINE];
char *p = wbuf;
+ int wbufleft = sizeof wbuf;
if (e->e_to != NULL)
{
- sprintf(p, "%s... ",
+ int plen;
+
+ snprintf(p, wbufleft, "%s... ",
shortenstring(e->e_to, 203));
- p += strlen(p);
+ plen = strlen(p);
+ p += plen;
+ wbufleft -= plen;
}
- sprintf(p, "reply(%.100s) during %s",
+ snprintf(p, wbufleft, "reply(%.100s) during %s",
mci->mci_host, SmtpPhase);
checkfd012(wbuf);
}
@@ -992,7 +1006,7 @@ reply(m, mci, e, timeout, pfunc)
/* save temporary failure messages for posterity */
if (SmtpReplyBuffer[0] == '4' && SmtpError[0] == '\0')
- (void) strcpy(SmtpError, SmtpReplyBuffer);
+ snprintf(SmtpError, sizeof SmtpError, "%s", SmtpReplyBuffer);
/* reply code 421 is "Service Shutting Down" */
if (r == SMTPCLOSING && mci->mci_state != MCIS_SSD)
diff --git a/usr.sbin/sendmail/src/util.c b/usr.sbin/sendmail/src/util.c
index 152f3243e53..13a9f50ea65 100644
--- a/usr.sbin/sendmail/src/util.c
+++ b/usr.sbin/sendmail/src/util.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)util.c 8.84.1.2 (Berkeley) 3/4/96";
+static char sccsid[] = "@(#)util.c 8.84.1.4 (Berkeley) 9/16/96";
#endif /* not lint */
# include "sendmail.h"
@@ -374,6 +374,7 @@ makelower(p)
** p -- name to build.
** login -- the login name of this user (for &).
** buf -- place to put the result.
+** buflen -- length of buf.
**
** Returns:
** none.
@@ -383,11 +384,11 @@ makelower(p)
*/
void
-buildfname(gecos, login, buf, bufsiz)
+buildfname(gecos, login, buf, buflen)
register char *gecos;
char *login;
char *buf;
- int bufsiz;
+ int buflen;
{
register char *p;
register char *bp = buf;
@@ -396,13 +397,13 @@ buildfname(gecos, login, buf, bufsiz)
gecos++;
for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'
- && ((bp - buf) <= (bufsiz - 1)); p++)
+ && ((bp - buf) <= (buflen - 1)); p++)
{
if (*p == '&')
{
- (void) strncpy(bp, login, (bufsiz - (bp - buf) - 1));
- buf[bufsiz - 1] = '\0';
+ snprintf(bp, SPACELEFT(buf, bp), "%s", login);
*bp = toupper(*bp);
+ bp += strlen(bp);
while (*bp != '\0')
bp++;
}
@@ -1521,14 +1522,15 @@ dumpfd(fd, printclosed, logit)
extern char *hostnamebyanyaddr();
p = buf;
- sprintf(p, "%3d: ", fd);
+ snprintf(p, SPACELEFT(buf, p), "%3d: ", fd);
p += strlen(p);
if (fstat(fd, &st) < 0)
{
if (printclosed || errno != EBADF)
{
- sprintf(p, "CANNOT STAT (%s)", errstring(errno));
+ snprintf(p, SPACELEFT(buf, p), "CANNOT STAT (%s)",
+ errstring(errno));
goto printit;
}
return;
@@ -1537,73 +1539,75 @@ dumpfd(fd, printclosed, logit)
slen = fcntl(fd, F_GETFL, NULL);
if (slen != -1)
{
- sprintf(p, "fl=0x%x, ", slen);
+ snprintf(p, SPACELEFT(buf, p), "fl=0x%x, ", slen);
p += strlen(p);
}
- sprintf(p, "mode=%o: ", st.st_mode);
+ snprintf(p, SPACELEFT(buf, p), "mode=%o: ", st.st_mode);
p += strlen(p);
switch (st.st_mode & S_IFMT)
{
#ifdef S_IFSOCK
case S_IFSOCK:
- sprintf(p, "SOCK ");
+ snprintf(p, SPACELEFT(buf, p), "SOCK ");
p += strlen(p);
slen = sizeof sa;
if (getsockname(fd, &sa.sa, &slen) < 0)
- sprintf(p, "(%s)", errstring(errno));
+ snprintf(p, SPACELEFT(buf, p), "(%s)", errstring(errno));
else
{
hp = hostnamebyanyaddr(&sa);
if (sa.sa.sa_family == AF_INET)
- sprintf(p, "%s/%d", hp, ntohs(sa.sin.sin_port));
+ snprintf(p, SPACELEFT(buf, p), "%s/%d",
+ hp, ntohs(sa.sin.sin_port));
else
- sprintf(p, "%s", hp);
+ snprintf(p, SPACELEFT(buf, p), "%s", hp);
}
p += strlen(p);
- sprintf(p, "->");
+ snprintf(p, SPACELEFT(buf, p), "->");
p += strlen(p);
slen = sizeof sa;
if (getpeername(fd, &sa.sa, &slen) < 0)
- sprintf(p, "(%s)", errstring(errno));
+ snprintf(p, SPACELEFT(buf, p), "(%s)", errstring(errno));
else
{
hp = hostnamebyanyaddr(&sa);
if (sa.sa.sa_family == AF_INET)
- sprintf(p, "%s/%d", hp, ntohs(sa.sin.sin_port));
+ snprintf(p, SPACELEFT(buf, p), "%s/%d",
+ hp, ntohs(sa.sin.sin_port));
else
- sprintf(p, "%s", hp);
+ snprintf(p, SPACELEFT(buf, p), "%s", hp);
}
break;
#endif
case S_IFCHR:
- sprintf(p, "CHR: ");
+ snprintf(p, SPACELEFT(buf, p), "CHR: ");
p += strlen(p);
goto defprint;
case S_IFBLK:
- sprintf(p, "BLK: ");
+ snprintf(p, SPACELEFT(buf, p), "BLK: ");
p += strlen(p);
goto defprint;
#if defined(S_IFIFO) && (!defined(S_IFSOCK) || S_IFIFO != S_IFSOCK)
case S_IFIFO:
- sprintf(p, "FIFO: ");
+ snprintf(p, SPACELEFT(buf, p), "FIFO: ");
p += strlen(p);
goto defprint;
#endif
#ifdef S_IFDIR
case S_IFDIR:
- sprintf(p, "DIR: ");
+ snprintf(p, SPACELEFT(buf, p), "DIR: ");
p += strlen(p);
goto defprint;
#endif
#ifdef S_IFLNK
case S_IFLNK:
- sprintf(p, "LNK: ");
+ snprintf(p, SPACELEFT(buf, p), "LNK: ");
p += strlen(p);
goto defprint;
#endif
@@ -1614,7 +1618,7 @@ defprint:
fmtstr = "dev=%d/%d, ino=%d, nlink=%d, u/gid=%d/%d, size=%qd";
else
fmtstr = "dev=%d/%d, ino=%d, nlink=%d, u/gid=%d/%d, size=%ld";
- sprintf(p, fmtstr,
+ snprintf(p, SPACELEFT(buf, p), fmtstr,
major(st.st_dev), minor(st.st_dev), st.st_ino,
st.st_nlink, st.st_uid, st.st_gid, st.st_size);
break;
@@ -1847,6 +1851,7 @@ prog_open(argv, pfd, e)
** delim -- the delimiter between columns. If null,
** use white space.
** buf -- the output buffer.
+** buflen -- the length of buf.
**
** Returns:
** buf if successful.
@@ -1854,11 +1859,12 @@ prog_open(argv, pfd, e)
*/
char *
-get_column(line, col, delim, buf)
+get_column(line, col, delim, buf, buflen)
char line[];
int col;
char delim;
char buf[];
+ int buflen;
{
char *p;
char *begin, *end;
@@ -1901,14 +1907,13 @@ get_column(line, col, delim, buf)
end = strpbrk(begin, delimbuf);
if (end == NULL)
- {
- strcpy(buf, begin);
- }
+ i = strlen(buf);
else
- {
- strncpy(buf, begin, end - begin);
- buf[end - begin] = '\0';
- }
+ i = end - begin;
+ if (i >= buflen)
+ i = buflen - 1;
+ strncpy(buf, begin, i);
+ buf[i] = '\0';
return buf;
}
/*
diff --git a/usr.sbin/sendmail/src/version.c b/usr.sbin/sendmail/src/version.c
index 3c6f7d18fa7..6197db912f9 100644
--- a/usr.sbin/sendmail/src/version.c
+++ b/usr.sbin/sendmail/src/version.c
@@ -33,7 +33,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)version.c 8.7.5.1 (Berkeley) 3/4/96";
+static char sccsid[] = "@(#)version.c 8.7.6.4 (Berkeley) 9/17/96";
#endif /* not lint */
-char Version[] = "8.7.5";
+char Version[] = "8.7.6";