From dc440954ea6b1d5ca22b1bf022e5fe443177f4b9 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Fri, 30 May 1997 08:51:46 +0000 Subject: overflows abound --- usr.bin/mail/aux.c | 6 +++--- usr.bin/mail/cmd1.c | 8 ++++---- usr.bin/mail/cmd3.c | 6 +++--- usr.bin/mail/extern.h | 6 +++--- usr.bin/mail/fio.c | 38 ++++++++++++++++++++------------------ usr.bin/mail/lex.c | 10 +++++----- usr.bin/mail/list.c | 13 ++++++++----- usr.bin/mail/popen.c | 6 +++--- usr.bin/mail/v7.local.c | 17 ++++++++++------- 9 files changed, 59 insertions(+), 51 deletions(-) diff --git a/usr.bin/mail/aux.c b/usr.bin/mail/aux.c index 287edc12897..f6d2cfa2f13 100644 --- a/usr.bin/mail/aux.c +++ b/usr.bin/mail/aux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aux.c,v 1.3 1997/01/17 07:12:44 millert Exp $ */ +/* $OpenBSD: aux.c,v 1.4 1997/05/30 08:51:32 deraadt Exp $ */ /* $NetBSD: aux.c,v 1.4 1996/06/08 19:48:10 christos Exp $ */ /* @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)aux.c 8.1 (Berkeley) 6/6/93"; #else -static char rcsid[] = "$OpenBSD: aux.c,v 1.3 1997/01/17 07:12:44 millert Exp $"; +static char rcsid[] = "$OpenBSD: aux.c,v 1.4 1997/05/30 08:51:32 deraadt Exp $"; #endif #endif /* not lint */ @@ -578,7 +578,7 @@ name1(mp, reptype) if (reptype == 0 && (cp = hfield("sender", mp)) != NOSTR) return cp; ibuf = setinput(mp); - namebuf[0] = 0; + namebuf[0] = '\0'; if (readline(ibuf, linebuf, LINESIZE) < 0) return(savestr(namebuf)); newname: diff --git a/usr.bin/mail/cmd1.c b/usr.bin/mail/cmd1.c index 03821c6b128..1409eaa6d99 100644 --- a/usr.bin/mail/cmd1.c +++ b/usr.bin/mail/cmd1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmd1.c,v 1.4 1997/03/29 03:01:44 millert Exp $ */ +/* $OpenBSD: cmd1.c,v 1.5 1997/05/30 08:51:34 deraadt Exp $ */ /* $NetBSD: cmd1.c,v 1.5 1996/06/08 19:48:11 christos Exp $ */ /*- @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)cmd1.c 8.1 (Berkeley) 6/6/93"; #else -static char rcsid[] = "$OpenBSD: cmd1.c,v 1.4 1997/03/29 03:01:44 millert Exp $"; +static char rcsid[] = "$OpenBSD: cmd1.c,v 1.5 1997/05/30 08:51:34 deraadt Exp $"; #endif #endif /* not lint */ @@ -462,10 +462,10 @@ int folders(v) void *v; { - char dirname[BUFSIZ]; + char dirname[PATHSIZE]; char *cmd; - if (getfold(dirname) < 0) { + if (getfold(dirname, sizeof dirname) < 0) { printf("No value set for \"folder\"\n"); return 1; } diff --git a/usr.bin/mail/cmd3.c b/usr.bin/mail/cmd3.c index 2b2a4dc27ef..197fa5605dd 100644 --- a/usr.bin/mail/cmd3.c +++ b/usr.bin/mail/cmd3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmd3.c,v 1.3 1997/03/29 03:01:44 millert Exp $ */ +/* $OpenBSD: cmd3.c,v 1.4 1997/05/30 08:51:35 deraadt Exp $ */ /* $NetBSD: cmd3.c,v 1.5 1996/06/08 19:48:14 christos Exp $ */ /* @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)cmd3.c 8.1 (Berkeley) 6/6/93"; #else -static char rcsid[] = "$OpenBSD: cmd3.c,v 1.3 1997/03/29 03:01:44 millert Exp $"; +static char rcsid[] = "$OpenBSD: cmd3.c,v 1.4 1997/05/30 08:51:35 deraadt Exp $"; #endif #endif /* not lint */ @@ -146,7 +146,7 @@ overf: } strcpy(str, bangbuf); strncpy(lastbang, bangbuf, 128); - lastbang[127] = 0; + lastbang[128-1] = 0; return(0); } diff --git a/usr.bin/mail/extern.h b/usr.bin/mail/extern.h index e40ca2c6363..841a915d714 100644 --- a/usr.bin/mail/extern.h +++ b/usr.bin/mail/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.4 1997/03/29 03:01:45 millert Exp $ */ +/* $OpenBSD: extern.h,v 1.5 1997/05/30 08:51:37 deraadt Exp $ */ /* $NetBSD: extern.h,v 1.4 1996/06/08 19:48:21 christos Exp $ */ /*- @@ -130,7 +130,7 @@ void fail __P((char [], char [])); int file __P((void *)); struct grouphead * findgroup __P((char [])); -void findmail __P((char *, char *)); +void findmail __P((char *, char *, int)); int first __P((int, int)); void fixhead __P((struct header *, struct name *)); void fmt __P((char *, struct name *, FILE *, int)); @@ -139,7 +139,7 @@ int forward __P((char [], FILE *, int)); void free_child __P((int)); int from __P((void *)); off_t fsize __P((FILE *)); -int getfold __P((char *)); +int getfold __P((char *, int)); int gethfield __P((FILE *, char [], int, char **)); int getmsglist __P((char *, int *, int)); int getrawlist __P((char [], char **, int)); diff --git a/usr.bin/mail/fio.c b/usr.bin/mail/fio.c index ca95714da09..acb0d414d56 100644 --- a/usr.bin/mail/fio.c +++ b/usr.bin/mail/fio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fio.c,v 1.4 1997/03/29 03:01:46 millert Exp $ */ +/* $OpenBSD: fio.c,v 1.5 1997/05/30 08:51:39 deraadt Exp $ */ /* $NetBSD: fio.c,v 1.5 1996/06/08 19:48:22 christos Exp $ */ /* @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)fio.c 8.1 (Berkeley) 6/6/93"; #else -static char rcsid[] = "$OpenBSD: fio.c,v 1.4 1997/03/29 03:01:46 millert Exp $"; +static char rcsid[] = "$OpenBSD: fio.c,v 1.5 1997/05/30 08:51:39 deraadt Exp $"; #endif #endif /* not lint */ @@ -71,16 +71,16 @@ setptr(ibuf) FILE *mestmp; off_t offset; int maybe, inhead; - char linebuf[LINESIZE]; + char linebuf[LINESIZE], pathbuf[PATHSIZE]; /* Get temporary file. */ - (void)sprintf(linebuf, "%s/mail.XXXXXXXXXX", tmpdir); - if ((c = mkstemp(linebuf)) == -1 || + (void)snprintf(pathbuf, sizeof pathbuf, "%s/mail.XXXXXXXXXX", tmpdir); + if ((c = mkstemp(pathbuf)) == -1 || (mestmp = Fdopen(c, "r+")) == NULL) { - (void)fprintf(stderr, "mail: can't open %s\n", linebuf); + (void)fprintf(stderr, "mail: can't open %s\n", pathbuf); exit(1); } - (void)unlink(linebuf); + (void)unlink(pathbuf); msgCount = 0; maybe = 1; @@ -336,7 +336,7 @@ expand(name) */ switch (*name) { case '%': - findmail(name[1] ? name + 1 : myname, xname); + findmail(name[1] ? name + 1 : myname, xname, sizeof xname); return savestr(xname); case '#': if (name[1] != 0) @@ -351,13 +351,13 @@ expand(name) name = "~/mbox"; /* fall through */ } - if (name[0] == '+' && getfold(cmdbuf) >= 0) { - sprintf(xname, "%s/%s", cmdbuf, name + 1); + if (name[0] == '+' && getfold(cmdbuf, sizeof cmdbuf) >= 0) { + snprintf(xname, sizeof xname, "%s/%s", cmdbuf, name + 1); name = savestr(xname); } /* catch the most common shell meta character */ if (name[0] == '~' && (name[1] == '/' || name[1] == '\0')) { - sprintf(xname, "%s%s", homedir, name + 1); + snprintf(xname, sizeof xname, "%s%s", homedir, name + 1); name = savestr(xname); } if (!anyof(name, "~{[*?$`'\"\\")) @@ -366,7 +366,7 @@ expand(name) perror("pipe"); return name; } - sprintf(cmdbuf, "echo %s", name); + snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name); if ((shell = value("SHELL")) == NOSTR) shell = _PATH_CSHELL; pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NOSTR); @@ -409,17 +409,19 @@ expand(name) * Determine the current folder directory name. */ int -getfold(name) +getfold(name, namelen) char *name; + int namelen; { char *folder; if ((folder = value("folder")) == NOSTR) return (-1); - if (*folder == '/') - strcpy(name, folder); - else - sprintf(name, "%s/%s", homedir, folder); + if (*folder == '/') { + strncpy(name, folder, namelen-1); + name[namelen-1] = '\0'; + } else + snprintf(name, namelen, "%s/%s", homedir, folder); return (0); } @@ -436,7 +438,7 @@ getdeadletter() else if (*cp != '/') { char buf[PATHSIZE]; - (void) sprintf(buf, "~/%s", cp); + (void) snprintf(buf, sizeof buf, "~/%s", cp); cp = expand(buf); } return cp; diff --git a/usr.bin/mail/lex.c b/usr.bin/mail/lex.c index d1be3133e98..26b8513c25c 100644 --- a/usr.bin/mail/lex.c +++ b/usr.bin/mail/lex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lex.c,v 1.4 1997/01/17 07:12:47 millert Exp $ */ +/* $OpenBSD: lex.c,v 1.5 1997/05/30 08:51:40 deraadt Exp $ */ /* $NetBSD: lex.c,v 1.7 1996/06/08 19:48:28 christos Exp $ */ /* @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)lex.c 8.1 (Berkeley) 6/6/93"; #else -static char rcsid[] = "$OpenBSD: lex.c,v 1.4 1997/01/17 07:12:47 millert Exp $"; +static char rcsid[] = "$OpenBSD: lex.c,v 1.5 1997/05/30 08:51:40 deraadt Exp $"; #endif #endif /* not lint */ @@ -591,7 +591,7 @@ newfileinfo() { register struct message *mp; register int u, n, mdot, d, s; - char fname[BUFSIZ], zname[BUFSIZ], *ename; + char fname[PATHSIZE+1], zname[PATHSIZE+1], *ename; for (mp = &message[0]; mp < &message[msgCount]; mp++) if (mp->m_flag & MNEW) @@ -616,10 +616,10 @@ newfileinfo() s++; } ename = mailname; - if (getfold(fname) >= 0) { + if (getfold(fname, sizeof fname) >= 0) { strcat(fname, "/"); if (strncmp(fname, mailname, strlen(fname)) == 0) { - sprintf(zname, "+%s", mailname + strlen(fname)); + snprintf(zname, sizeof zname, "+%s", mailname + strlen(fname)); ename = zname; } } diff --git a/usr.bin/mail/list.c b/usr.bin/mail/list.c index ddae30f7b84..c4a2813e4a1 100644 --- a/usr.bin/mail/list.c +++ b/usr.bin/mail/list.c @@ -1,4 +1,4 @@ -/* $OpenBSD: list.c,v 1.3 1997/01/17 07:12:49 millert Exp $ */ +/* $OpenBSD: list.c,v 1.4 1997/05/30 08:51:42 deraadt Exp $ */ /* $NetBSD: list.c,v 1.4 1996/06/08 19:48:30 christos Exp $ */ /* @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)list.c 8.2 (Berkeley) 4/19/94"; #else -static char rcsid[] = "$OpenBSD: list.c,v 1.3 1997/01/17 07:12:49 millert Exp $"; +static char rcsid[] = "$OpenBSD: list.c,v 1.4 1997/05/30 08:51:42 deraadt Exp $"; #endif #endif /* not lint */ @@ -685,7 +685,7 @@ matchsender(str, mesg) * previous search string. */ -char lastscan[128]; +char lastscan[STRINGLEN]; int matchsubj(str, mesg) char *str; @@ -697,8 +697,11 @@ matchsubj(str, mesg) str++; if (strlen(str) == 0) str = lastscan; - else - strcpy(lastscan, str); + else { + strncpy(lastscan, str, sizeof lastscan-1); + lastscan[sizeof lastscan-1] = '\0'; + } + mp = &message[mesg-1]; /* diff --git a/usr.bin/mail/popen.c b/usr.bin/mail/popen.c index 96909892a58..1c0226fbbbe 100644 --- a/usr.bin/mail/popen.c +++ b/usr.bin/mail/popen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: popen.c,v 1.4 1997/03/29 03:01:47 millert Exp $ */ +/* $OpenBSD: popen.c,v 1.5 1997/05/30 08:51:43 deraadt Exp $ */ /* $NetBSD: popen.c,v 1.4 1996/06/08 19:48:35 christos Exp $ */ /* @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)popen.c 8.1 (Berkeley) 6/6/93"; #else -static char rcsid[] = "$OpenBSD: popen.c,v 1.4 1997/03/29 03:01:47 millert Exp $"; +static char rcsid[] = "$OpenBSD: popen.c,v 1.5 1997/05/30 08:51:43 deraadt Exp $"; #endif #endif /* not lint */ @@ -285,7 +285,7 @@ prepare_child(nset, infd, outfd) if (outfd >= 0) dup2(outfd, 1); if (nset) { - for (i = 1; i <= NSIG; i++) + for (i = 1; i < NSIG; i++) if (sigismember(nset, i)) (void) signal(i, SIG_IGN); if (!sigismember(nset, SIGINT)) diff --git a/usr.bin/mail/v7.local.c b/usr.bin/mail/v7.local.c index 9becb8dacb4..056e6723cb6 100644 --- a/usr.bin/mail/v7.local.c +++ b/usr.bin/mail/v7.local.c @@ -1,4 +1,4 @@ -/* $OpenBSD: v7.local.c,v 1.3 1996/10/26 05:11:05 millert Exp $ */ +/* $OpenBSD: v7.local.c,v 1.4 1997/05/30 08:51:45 deraadt Exp $ */ /* $NetBSD: v7.local.c,v 1.7 1996/06/08 19:48:44 christos Exp $ */ /* @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)v7.local.c 8.1 (Berkeley) 6/6/93"; #else -static char rcsid[] = "$OpenBSD: v7.local.c,v 1.3 1996/10/26 05:11:05 millert Exp $"; +static char rcsid[] = "$OpenBSD: v7.local.c,v 1.4 1997/05/30 08:51:45 deraadt Exp $"; #endif #endif /* not lint */ @@ -60,15 +60,18 @@ static char rcsid[] = "$OpenBSD: v7.local.c,v 1.3 1996/10/26 05:11:05 millert Ex * mail is queued). */ void -findmail(user, buf) +findmail(user, buf, buflen) char *user, *buf; + int buflen; { char *mbox; if (!(mbox = getenv("MAIL"))) - (void)sprintf(buf, "%s/%s", _PATH_MAILDIR, user); - else - (void)strcpy(buf, mbox); + (void)snprintf(buf, sizeof buf, "%s/%s", _PATH_MAILDIR, user); + else { + (void)strncpy(buf, mbox, sizeof buf - 1); + buf[sizeof buf - 1] = '\0'; + } } /* @@ -97,6 +100,6 @@ username() return np; if ((np = getname(uid = getuid())) != NOSTR) return np; - printf("Cannot associate a name with uid %d\n", uid); + printf("Cannot associate a name with uid %u\n", (unsigned)uid); return NOSTR; } -- cgit v1.2.3