diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2004-02-26 08:18:57 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2004-02-26 08:18:57 +0000 |
commit | 7f28246c4f0d3653895dab150883eae74ff5b4b5 (patch) | |
tree | 5215693d78f2192a0f2afe13a78ed51a16ebbf6a | |
parent | 3e2f267d7a634f03b8f16b9601f1d3042f227545 (diff) |
paranoia; beck ok
-rw-r--r-- | libexec/spamd-setup/spamd-setup.c | 13 | ||||
-rw-r--r-- | libexec/spamd/grey.c | 29 | ||||
-rw-r--r-- | libexec/spamd/grey.h | 4 | ||||
-rw-r--r-- | libexec/spamd/sdl.c | 3 | ||||
-rw-r--r-- | libexec/spamd/sdl.h | 22 | ||||
-rw-r--r-- | libexec/spamd/spamd.c | 17 | ||||
-rw-r--r-- | libexec/spamlogd/spamlogd.c | 9 | ||||
-rw-r--r-- | usr.sbin/spamdb/spamdb.c | 11 |
8 files changed, 73 insertions, 35 deletions
diff --git a/libexec/spamd-setup/spamd-setup.c b/libexec/spamd-setup/spamd-setup.c index 924f869625e..3ead7eb5523 100644 --- a/libexec/spamd-setup/spamd-setup.c +++ b/libexec/spamd-setup/spamd-setup.c @@ -1,4 +1,5 @@ -/* $OpenBSD: spamd-setup.c,v 1.16 2004/01/21 08:07:41 deraadt Exp $ */ +/* $OpenBSD: spamd-setup.c,v 1.17 2004/02/26 08:18:56 deraadt Exp $ */ + /* * Copyright (c) 2003 Bob Beck. All rights reserved. * @@ -265,6 +266,8 @@ open_child(char *file, char **argv) return(-1); switch (pid = fork()) { case -1: + close(pdes[0]); + close(pdes[1]); return(-1); case 0: /* child */ @@ -276,6 +279,7 @@ open_child(char *file, char **argv) execvp(file, argv); _exit(1); } + /* parent */ close(pdes[1]); return(pdes[0]); @@ -641,6 +645,8 @@ configure_pf(struct cidr **blacklists) return(-1); switch (pid = fork()) { case -1: + close(pdes[0]); + close(pdes[1]); return(-1); case 0: /* child */ @@ -652,11 +658,14 @@ configure_pf(struct cidr **blacklists) execvp(PATH_PFCTL, argv); _exit(1); } + /* parent */ close(pdes[0]); pf = fdopen(pdes[1], "w"); - if (pf == NULL) + if (pf == NULL) { + close(pdes[1]); return(-1); + } } while (*blacklists != NULL) { struct cidr *b = *blacklists; diff --git a/libexec/spamd/grey.c b/libexec/spamd/grey.c index 3313b6b181c..03f65b8df02 100644 --- a/libexec/spamd/grey.c +++ b/libexec/spamd/grey.c @@ -1,3 +1,5 @@ +/* $OpenBSD: grey.c,v 1.3 2004/02/26 08:18:56 deraadt Exp $ */ + /* * Copyright (c) 2004 Bob Beck. All rights reserved. * @@ -80,11 +82,14 @@ address_valid_v6(const char *a) return (1); } +static char *pargv[11]= { + "pfctl", "-p", "/dev/pf", "-q", "-t", + "spamd-white", "-T", "replace", "-f" "-", NULL +}; + int configure_pf(char **addrs, int count) { - static char *argv[11]= {"pfctl", "-p", "/dev/pf", "-q", "-t", - "spamd-white", "-T", "replace", "-f" "-", NULL}; FILE *pf = NULL; int i, pdes[2]; pid_t pid; @@ -96,7 +101,7 @@ configure_pf(char **addrs, int count) return(-1); if (asprintf(&fdpath, "/dev/fd/%d", pfdev) == -1) return(-1); - argv[2] = fdpath; + pargv[2] = fdpath; if (pipe(pdes) != 0) { syslog_r(LOG_INFO, &sdata, "pipe failed (%m)"); free(fdpath); @@ -106,6 +111,8 @@ configure_pf(char **addrs, int count) case -1: syslog_r(LOG_INFO, &sdata, "fork failed (%m)"); free(fdpath); + close(pdes[0]); + close(pdes[1]); return(-1); case 0: /* child */ @@ -114,7 +121,7 @@ configure_pf(char **addrs, int count) dup2(pdes[0], STDIN_FILENO); close(pdes[0]); } - execvp(PATH_PFCTL, argv); + execvp(PATH_PFCTL, pargv); syslog_r(LOG_ERR, &sdata, "can't exec %s:%m", PATH_PFCTL); _exit(1); } @@ -127,7 +134,7 @@ configure_pf(char **addrs, int count) syslog_r(LOG_INFO, &sdata, "fdopen failed (%m)"); return(-1); } - for (i = 0; i < count; i++) + for (i = 0; i < count; i++) if (addrs[i] != NULL) { fprintf(pf, "%s/32\n", addrs[i]); free(addrs[i]); @@ -249,10 +256,12 @@ greyscan(char *dbname) configure_pf(whitelist, whitecount); db->sync(db, 0); db->close(db); + db = NULL; return(0); bad: db->sync(db, 0); db->close(db); + db = NULL; return(-1); } @@ -261,9 +270,11 @@ greyupdate(char *dbname, char *ip, char *from, char *to) { char *key = NULL; struct gdata gd; - time_t now = time(NULL); + time_t now; int r; + now = time(NULL); + /* open with lock, find record, update, close, unlock */ memset(&btreeinfo, 0, sizeof(btreeinfo)); db = dbopen(dbname, O_EXLOCK|O_RDWR, 0600, DB_BTREE, &btreeinfo); @@ -321,12 +332,14 @@ greyupdate(char *dbname, char *ip, char *from, char *to) if (debug) fprintf(stderr, "updated %s\n", key); } - db->close(db); free(key); + db->close(db); + db = NULL; return(0); bad: free(key); db->close(db); + db = NULL; return(-1); } @@ -349,7 +362,7 @@ greyreader(void) if (strlen(buf) < 4) continue; - switch(state) { + switch (state) { case 0: if (strncmp(buf, "IP:", 3) != 0) break; diff --git a/libexec/spamd/grey.h b/libexec/spamd/grey.h index 1384f906050..19d2440fe31 100644 --- a/libexec/spamd/grey.h +++ b/libexec/spamd/grey.h @@ -1,4 +1,8 @@ +/* $OpenBSD: grey.h,v 1.2 2004/02/26 08:18:56 deraadt Exp $ */ +/* + * Where is your damn copyright? + */ #define MAX_MAIL 1024 /* how big an email address will we consider */ #define PASSTIME (60 * 30) /* pass after first retry seen after 30 mins */ #define GREYEXP (60 * 60 * 4) /* remove grey entries after 4 hours */ diff --git a/libexec/spamd/sdl.c b/libexec/spamd/sdl.c index c5b90b0e826..16cf8f6a3f7 100644 --- a/libexec/spamd/sdl.c +++ b/libexec/spamd/sdl.c @@ -1,4 +1,5 @@ -/* $OpenBSD: sdl.c,v 1.11 2004/02/26 07:28:55 beck Exp $ */ +/* $OpenBSD: sdl.c,v 1.12 2004/02/26 08:18:56 deraadt Exp $ */ + /* * Copyright (c) 2003 Bob Beck. All rights reserved. * diff --git a/libexec/spamd/sdl.h b/libexec/spamd/sdl.h index 795f1cc6795..f54b1d00d25 100644 --- a/libexec/spamd/sdl.h +++ b/libexec/spamd/sdl.h @@ -1,4 +1,5 @@ -/* $OpenBSD: sdl.h,v 1.1 2003/03/02 19:22:00 beck Exp $ */ +/* $OpenBSD: sdl.h,v 1.2 2004/02/26 08:18:56 deraadt Exp $ */ + /* * Copyright (c) 2003 Bob Beck, Kjell Wooding. All rights reserved. * @@ -30,11 +31,10 @@ #include <sys/socket.h> #include <netinet/ip_ipsp.h> -/* structs */ - -struct sdlist { /* spamd source list */ - char *tag; /* sdlist source name */ - char *string; /* Format (451) string with no smtp code or \r\n */ +/* spamd source list */ +struct sdlist { + char *tag; /* sdlist source name */ + char *string; /* Format (451) string with no smtp code or \r\n */ struct sdentry *addrs; size_t naddrs; }; @@ -55,17 +55,15 @@ struct sdaddr { #define addr32 _sda.addr32 }; -struct sdentry { /* spamd netblock (black) list */ +/* spamd netblock (black) list */ +struct sdentry { struct sdaddr sda; struct sdaddr sdm; }; -/* prototypes */ - extern int sdl_add(char *, char *, char **, int); -extern struct sdlist ** -sdl_lookup(struct sdlist *head, int af, void * src); - +extern struct sdlist **sdl_lookup(struct sdlist *head, + int af, void * src); #endif /* _SDL_H_ */ diff --git a/libexec/spamd/spamd.c b/libexec/spamd/spamd.c index b2cb5a93ca1..2ece4fef9e0 100644 --- a/libexec/spamd/spamd.c +++ b/libexec/spamd/spamd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: spamd.c,v 1.53 2004/02/26 07:28:55 beck Exp $ */ +/* $OpenBSD: spamd.c,v 1.54 2004/02/26 08:18:56 deraadt Exp $ */ /* * Copyright (c) 2002 Theo de Raadt. All rights reserved. @@ -413,7 +413,8 @@ append_error_string(struct con *cp, size_t off, char *fmt, int af, void *ia) } char * -loglists(struct con *cp) { +loglists(struct con *cp) +{ static char matchlists[80]; struct sdlist **matches; int s = sizeof(matchlists) - 4; @@ -475,8 +476,10 @@ build_reply(struct con *cp) } bad: /* Out of memory, or no match. give generic reply */ - if (cp->obuf != NULL && cp->obufalloc) + if (cp->obuf != NULL && cp->obufalloc) { free(cp->obuf); + cp->obuf = NULL; + } if (cp->blacklists != NULL) asprintf(&cp->obuf, "%s-Sorry %s\n" @@ -687,10 +690,10 @@ nextstate(struct con *cp) cp->blacklists ? "BLACK" : "GREY", cp->addr, cp->mail, cp->rcpt); - if(debug) - fprintf(stderr, "(%s) %s: %s -> %s\n", - cp->blacklists ? "BLACK" : "GREY", - cp->addr, cp->mail, cp->rcpt); + if (debug) + fprintf(stderr, "(%s) %s: %s -> %s\n", + cp->blacklists ? "BLACK" : "GREY", + cp->addr, cp->mail, cp->rcpt); if (greylist && cp->blacklists == NULL) { /* send this info to the greylister */ fprintf(grey, "IP:%s\nFR:%s\nTO:%s\n", diff --git a/libexec/spamlogd/spamlogd.c b/libexec/spamlogd/spamlogd.c index 23e6057e7b7..f93ed313d9e 100644 --- a/libexec/spamlogd/spamlogd.c +++ b/libexec/spamlogd/spamlogd.c @@ -1,3 +1,5 @@ +/* $OpenBSD: spamlogd.c,v 1.2 2004/02/26 08:18:56 deraadt Exp $ */ + /* * Copyright (c) 2004 Bob Beck. All rights reserved. * @@ -133,10 +135,12 @@ dbupdate(char *dbname, char *ip) } db->sync(db, 0); db->close(db); + db = NULL; return (0); bad: db->sync(db, 0); db->close(db); + db = NULL; return(-1); } @@ -144,7 +148,7 @@ static int usage(void) { fprintf(stderr, "usage: spamlogd [-i netif]\n"); - exit(-1); + exit(1); } char *targv[19] = { @@ -165,6 +169,8 @@ main(int argc, char **argv) while ((ch = getopt(argc, argv, "i:")) != -1) { switch (ch) { case 'i': + if (targv[17]) /* may only set once */ + usage(); targv[15] = "and"; targv[16] = "on"; targv[17] = optarg; @@ -197,6 +203,7 @@ main(int argc, char **argv) } /* parent */ + close(p[1]); f = fdopen(p[0], "r"); if (f == NULL) err(1, "fdopen"); diff --git a/usr.sbin/spamdb/spamdb.c b/usr.sbin/spamdb/spamdb.c index 930b131f06a..d0cae7913a9 100644 --- a/usr.sbin/spamdb/spamdb.c +++ b/usr.sbin/spamdb/spamdb.c @@ -1,3 +1,5 @@ +/* $OpenBSD: spamdb.c,v 1.2 2004/02/26 08:18:56 deraadt Exp $ */ + /* * Copyright (c) 2004 Bob Beck. All rights reserved. * @@ -146,15 +148,15 @@ dbupdate(char *dbname, char *ip, int add) } db->sync(db, 0); db->close(db); + db = NULL; return (0); bad: db->sync(db, 0); db->close(db); + db = NULL; return(-1); } - - int dblist(char *dbname) { @@ -207,21 +209,22 @@ dblist(char *dbname) } db->sync(db, 0); db->close(db); + db = NULL; return(0); bad: db->sync(db, 0); db->close(db); + db = NULL; errx(1, "incorrect db format entry"); /* NOTREACHED */ return(-1); } - static int usage(void) { fprintf(stderr, "usage: spamdb [-a ip] [-d ip]\n"); - exit(-1); + exit(1); } int |