summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2000-10-09 23:45:02 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2000-10-09 23:45:02 +0000
commitd2fac81bc71709206796116df1187a7dc4292a4d (patch)
tree32d6fc890344e5f54bd143626fc0b947c055b2dc
parent132f98ce7c2e6402f374842f2e716cc4360e5c3d (diff)
Fix non-exploitable buffer oflow in test mode. Also add a line to uncomment
in sendmail/Makefile to cause sendmail to drop privs in test mode. From sendmail+gshapiro@SENDMAIL.ORG
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/Makefile5
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/macro.c9
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/main.c9
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/readcf.c2
-rw-r--r--gnu/usr.sbin/sendmail/sendmail/stab.c1
5 files changed, 22 insertions, 4 deletions
diff --git a/gnu/usr.sbin/sendmail/sendmail/Makefile b/gnu/usr.sbin/sendmail/sendmail/Makefile
index 6a20644422a..9da2b2c7795 100644
--- a/gnu/usr.sbin/sendmail/sendmail/Makefile
+++ b/gnu/usr.sbin/sendmail/sendmail/Makefile
@@ -1,10 +1,13 @@
-# $OpenBSD: Makefile,v 1.8 2000/08/01 12:57:47 millert Exp $
+# $OpenBSD: Makefile,v 1.9 2000/10/09 23:45:00 millert Exp $
PROG= sendmail
WANT_LIBWRAP=1
WANT_LIBSMUTIL=1
+# To casue sendmail to drop privs in test mode (-bt) uncomment the following
+#ENVDEF+= -D_FFR_TESTMODE_DROP_PRIVS
+
SRCS= main.c alias.c arpadate.c bf_torek.c clock.c collect.c \
conf.c control.c convtime.c daemon.c deliver.c domain.c \
envelope.c err.c headers.c macro.c map.c mci.c milter.c \
diff --git a/gnu/usr.sbin/sendmail/sendmail/macro.c b/gnu/usr.sbin/sendmail/sendmail/macro.c
index 157e96b20e9..80cead76ed0 100644
--- a/gnu/usr.sbin/sendmail/sendmail/macro.c
+++ b/gnu/usr.sbin/sendmail/sendmail/macro.c
@@ -377,7 +377,7 @@ macid(p, ep)
*ep = p + 1;
if (tTd(35, 14))
dprintf("%c\n", *p);
- return *p;
+ return ((unsigned int)*p) & 0xff;
}
bp = mbuf;
while (*++p != '\0' && *p != '}' && bp < &mbuf[sizeof mbuf - 1])
@@ -401,7 +401,7 @@ macid(p, ep)
else if (mbuf[1] == '\0')
{
/* ${x} == $x */
- mid = mbuf[0];
+ mid = ((unsigned int)mbuf[0]) & 0xff;
p++;
}
else
@@ -428,6 +428,11 @@ macid(p, ep)
}
if (ep != NULL)
*ep = p;
+ if (mid < 0 || mid > MAXMACROID)
+ {
+ syserr("Unable to assign macro/class ID (mid = 0x%x)", mid);
+ mid = 0;
+ }
if (tTd(35, 14))
dprintf("0x%x\n", mid);
return mid;
diff --git a/gnu/usr.sbin/sendmail/sendmail/main.c b/gnu/usr.sbin/sendmail/sendmail/main.c
index 661220188ce..5b9e73d3b8e 100644
--- a/gnu/usr.sbin/sendmail/sendmail/main.c
+++ b/gnu/usr.sbin/sendmail/sendmail/main.c
@@ -1517,6 +1517,15 @@ main(argc, argv, envp)
{
char buf[MAXLINE];
+#if _FFR_TESTMODE_DROP_PRIVS
+ dp = drop_privileges(TRUE);
+ if (dp != EX_OK)
+ {
+ CurEnv->e_id = NULL;
+ finis(TRUE, dp);
+ }
+#endif /* _FFR_TESTMODE_DROP_PRIVS */
+
if (isatty(fileno(stdin)))
Verbose = 2;
diff --git a/gnu/usr.sbin/sendmail/sendmail/readcf.c b/gnu/usr.sbin/sendmail/sendmail/readcf.c
index 061500bed8c..c0bca9c06c2 100644
--- a/gnu/usr.sbin/sendmail/sendmail/readcf.c
+++ b/gnu/usr.sbin/sendmail/sendmail/readcf.c
@@ -2985,7 +2985,7 @@ setclass(class, str)
dprintf("setclass(%s, %s)\n", macname(class), str);
s = stab(str, ST_CLASS, ST_ENTER);
- setbitn(class, s->s_class);
+ setbitn(((unsigned int)class) & 0xff, s->s_class);
}
}
/*
diff --git a/gnu/usr.sbin/sendmail/sendmail/stab.c b/gnu/usr.sbin/sendmail/sendmail/stab.c
index 8ce82d4312d..717b02a7797 100644
--- a/gnu/usr.sbin/sendmail/sendmail/stab.c
+++ b/gnu/usr.sbin/sendmail/sendmail/stab.c
@@ -306,6 +306,7 @@ copy_class(src, dst)
register STAB **shead;
register STAB *s;
+ dst = ((unsigned int)dst) & 0xff;
for (shead = SymTab; shead < &SymTab[STABSIZE]; shead++)
{
for (s = *shead; s != NULL; s = s->s_next)