diff options
| -rw-r--r-- | usr.sbin/sendmail/src/envelope.c | 3 | ||||
| -rw-r--r-- | usr.sbin/sendmail/src/recipient.c | 4 | ||||
| -rw-r--r-- | usr.sbin/sendmail/src/util.c | 20 |
3 files changed, 10 insertions, 17 deletions
diff --git a/usr.sbin/sendmail/src/envelope.c b/usr.sbin/sendmail/src/envelope.c index 4bf7ac231dd..1cd3b56f76d 100644 --- a/usr.sbin/sendmail/src/envelope.c +++ b/usr.sbin/sendmail/src/envelope.c @@ -777,7 +777,8 @@ setsender(from, e, delimptr, internal) strcmp(pw->pw_name, e->e_from.q_user) == 0 && !internal) { - buildfname(pw->pw_gecos, e->e_from.q_user, buf); + buildfname(pw->pw_gecos, e->e_from.q_user, + buf, sizeof buf); if (buf[0] != '\0') FullName = newstr(buf); } diff --git a/usr.sbin/sendmail/src/recipient.c b/usr.sbin/sendmail/src/recipient.c index 79126e9ccc5..90e3e5a4353 100644 --- a/usr.sbin/sendmail/src/recipient.c +++ b/usr.sbin/sendmail/src/recipient.c @@ -535,7 +535,7 @@ recipient(a, sendq, aliaslevel, e) a->q_gid = pw->pw_gid; a->q_ruser = newstr(pw->pw_name); a->q_flags |= QGOODUID; - buildfname(pw->pw_gecos, pw->pw_name, nbuf); + buildfname(pw->pw_gecos, pw->pw_name, nbuf, sizeof nbuf); if (nbuf[0] != '\0') a->q_fullname = newstr(nbuf); if (!usershellok(pw->pw_name, pw->pw_shell)) @@ -743,7 +743,7 @@ finduser(name, fuzzyp) } # endif - buildfname(pw->pw_gecos, pw->pw_name, buf); + buildfname(pw->pw_gecos, pw->pw_name, buf, sizeof buf); if (strchr(buf, ' ') != NULL && !strcasecmp(buf, name)) { if (tTd(29, 4)) diff --git a/usr.sbin/sendmail/src/util.c b/usr.sbin/sendmail/src/util.c index 096f519d0c3..06104232543 100644 --- a/usr.sbin/sendmail/src/util.c +++ b/usr.sbin/sendmail/src/util.c @@ -383,10 +383,11 @@ makelower(p) */ void -buildfname(gecos, login, buf) +buildfname(gecos, login, buf, bufsiz) register char *gecos; char *login; char *buf; + int bufsiz; { register char *p; register char *bp = buf; @@ -395,22 +396,13 @@ buildfname(gecos, login, buf) if (*gecos == '*') gecos++; - /* find length of final string */ - l = 0; - for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++) - { - if (*p == '&') - l += strlen(login); - else - l++; - } - - /* now fill in buf */ - for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++) + for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%' + && ((bp - buf) <= (bufsiz - 1)); p++) { if (*p == '&') { - (void) strcpy(bp, login); + (void) strncpy(bp, login, (bufsiz - (bp - buf) - 1)); + buf[bufsiz - 1] = '\0'; *bp = toupper(*bp); while (*bp != '\0') bp++; |