1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
/* $OpenBSD: percent_x.c,v 1.3 2009/10/27 23:59:30 deraadt Exp $ */
/*
* percent_x() takes a string and performs %<char> expansions. It aborts the
* program when the expansion would overflow the output buffer. The result
* of %<char> expansion may be passed on to a shell process. For this
* reason, characters with a special meaning to shells are replaced by
* underscores.
*
* Diagnostics are reported through syslog(3).
*
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
*/
/* System libraries. */
#include <stdio.h>
#include <stdlib.h>
#include <syslog.h>
#include <string.h>
#include <unistd.h>
/* Local stuff. */
#include "tcpd.h"
/* percent_x - do %<char> expansion, abort if result buffer is too small */
char *percent_x(result, result_len, string, request)
char *result;
int result_len;
char *string;
struct request_info *request;
{
char *bp = result;
char *end = result + result_len - 1; /* end of result buffer */
char *expansion;
int expansion_len;
static char ok_chars[] = "1234567890!@%-_=+:,./\
abcdefghijklmnopqrstuvwxyz\
ABCDEFGHIJKLMNOPQRSTUVWXYZ";
char *str = string;
char *cp;
int ch;
/*
* Warning: we may be called from a child process or after pattern
* matching, so we cannot use clean_exit() or tcpd_jump().
*/
while (*str) {
if (*str == '%' && (ch = str[1]) != 0) {
str += 2;
expansion =
ch == 'a' ? eval_hostaddr(request->client) :
ch == 'A' ? eval_hostaddr(request->server) :
ch == 'c' ? eval_client(request) :
ch == 'd' ? eval_daemon(request) :
ch == 'h' ? eval_hostinfo(request->client) :
ch == 'H' ? eval_hostinfo(request->server) :
ch == 'n' ? eval_hostname(request->client) :
ch == 'N' ? eval_hostname(request->server) :
ch == 'p' ? eval_pid(request) :
ch == 's' ? eval_server(request) :
ch == 'u' ? eval_user(request) :
ch == '%' ? "%" : (tcpd_warn("unrecognized %%%c", ch), "");
for (cp = expansion; *(cp += strspn(cp, ok_chars)); /* */ )
*cp = '_';
expansion_len = cp - expansion;
} else {
expansion = str++;
expansion_len = 1;
}
if (bp + expansion_len >= end) {
tcpd_warn("percent_x: expansion too long: %.30s...", result);
sleep(5);
exit(0);
}
memcpy(bp, expansion, expansion_len);
bp += expansion_len;
}
*bp = 0;
return (result);
}
|