diff --git a/usr.sbin/sendmail/src/conf.c b/usr.sbin/sendmail/src/conf.c index b6cb178de8a3..0dc18df8a09e 100644 --- a/usr.sbin/sendmail/src/conf.c +++ b/usr.sbin/sendmail/src/conf.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)conf.c 8.243 (Berkeley) 11/20/95"; +static char sccsid[] = "@(#)conf.c 8.243.1.9 (Berkeley) 9/17/96"; #endif /* not lint */ # include "sendmail.h" @@ -250,10 +250,9 @@ setdefuser() static char defuserbuf[40]; DefUser = defuserbuf; - if ((defpwent = sm_getpwuid(DefUid)) != NULL) - strcpy(defuserbuf, defpwent->pw_name); - else - strcpy(defuserbuf, "nobody"); + defpwent = sm_getpwuid(DefUid); + snprintf(defuserbuf, sizeof defuserbuf, "%s", + defpwent == NULL ? "nobody" : defpwent->pw_name); } /* ** HOST_MAP_INIT -- initialize host class structures @@ -1557,9 +1556,6 @@ getla() */ /* Non Apollo stuff removed by Don Lewis 11/15/93 */ -#ifndef lint -static char rcsid[] = "@(#)$Id: conf.c,v 1.10 1995/12/09 05:01:24 peter Exp $"; -#endif /* !lint */ #ifdef apollo # undef volatile @@ -2383,53 +2379,303 @@ vsprintf(s, fmt, ap) /* ** SNPRINTF, VSNPRINT -- counted versions of printf ** -** These are at best crude emulations. +** These versions have been grabbed off the net. They have been +** cleaned up to compile properly and support for .precision and +** %lx has been added. */ #if !HASSNPRINTF -void +/************************************************************** + * Original: + * Patrick Powell Tue Apr 11 09:48:21 PDT 1995 + * A bombproof version of doprnt (dopr) included. + * Sigh. This sort of thing is always nasty do deal with. Note that + * the version here does not include floating point... + * + * snprintf() is used instead of sprintf() as it does limit checks + * for string length. This covers a nasty loophole. + * + * The other functions are there to prevent NULL pointers from + * causing nast effects. + **************************************************************/ + +/*static char _id[] = "$Id: conf.c,v 1.1.1.5 1996/09/19 02:59:42 peter Exp $";*/ +static void dopr(); +static char *end; + +/* VARARGS3 */ +int # ifdef __STDC__ -snprintf(char *buf, size_t bufsize, const char *fmt, ...) +snprintf(char *str, size_t count, const char *fmt, ...) # else -snprintf(buf, bufsize, fmt, va_alist) - char *buf; - size_t bufsize; +snprintf(str, count, fmt, va_alist) + char *str; + size_t count; const char *fmt; va_dcl -# endif +#endif { - VA_LOCAL_DECL + VA_LOCAL_DECL - VA_START(fmt); - vsprintf(buf, fmt, ap); - VA_END; -# if defined(XDEBUG) && defined(LOG) - if (strlen(buf) > bufsize) - syslog(LOG_ALERT, "INTERNAL ERROR: snprintf overflow: %s", - shortenstring(buf, 200)); -# endif + VA_START (fmt); + (void) vsnprintf ( str, count, fmt, ap); + VA_END; + return( strlen( str ) ); } -#ifndef luna2 -void -vsnprintf(buf, bufsize, fmt, ap) - char *buf; - size_t bufsize; - const char *fmt; - va_list ap; +# ifndef luna2 +int +vsnprintf(str, count, fmt, args) + char *str; + size_t count; + const char *fmt; + va_list args; { - vsprintf(buf, fmt, ap); -# if defined(XDEBUG) && defined(LOG) - if (strlen(buf) > bufsize) - syslog(LOG_ALERT, "INTERNAL ERROR: vsnprintf overflow: %s", - shortenstring(buf, 200)); -# endif + str[0] = 0; + end = str+count-1; + dopr( str, fmt, args ); + if( count>0 ){ + end[0] = 0; + } + return(strlen(str)); } -#endif +/* + * dopr(): poor man's version of doprintf + */ + +static void fmtstr __P((char *value, int ljust, int len, int zpad, int maxwidth)); +static void fmtnum __P((long value, int base, int dosign, int ljust, int len, int zpad)); +static void dostr __P(( char * , int )); +static char *output; +static void dopr_outch __P(( int c )); + +static void +dopr( buffer, format, args ) + char *buffer; + char *format; + va_list args; +{ + int ch; + long value; + int longflag = 0; + int pointflag = 0; + int maxwidth = 0; + char *strvalue; + int ljust; + int len; + int zpad; + + output = buffer; + while( (ch = *format++) ){ + switch( ch ){ + case '%': + ljust = len = zpad = maxwidth = 0; + longflag = pointflag = 0; + nextch: + ch = *format++; + switch( ch ){ + case 0: + dostr( "**end of format**" , 0); + return; + case '-': ljust = 1; goto nextch; + case '0': /* set zero padding if len not set */ + if(len==0 && !pointflag) zpad = '0'; + case '1': case '2': case '3': + case '4': case '5': case '6': + case '7': case '8': case '9': + if (pointflag) + maxwidth = maxwidth*10 + ch - '0'; + else + len = len*10 + ch - '0'; + goto nextch; + case '*': + if (pointflag) + maxwidth = va_arg( args, int ); + else + len = va_arg( args, int ); + goto nextch; + case '.': pointflag = 1; goto nextch; + case 'l': longflag = 1; goto nextch; + case 'u': case 'U': + /*fmtnum(value,base,dosign,ljust,len,zpad) */ + if( longflag ){ + value = va_arg( args, long ); + } else { + value = va_arg( args, int ); + } + fmtnum( value, 10,0, ljust, len, zpad ); break; + case 'o': case 'O': + /*fmtnum(value,base,dosign,ljust,len,zpad) */ + if( longflag ){ + value = va_arg( args, long ); + } else { + value = va_arg( args, int ); + } + fmtnum( value, 8,0, ljust, len, zpad ); break; + case 'd': case 'D': + if( longflag ){ + value = va_arg( args, long ); + } else { + value = va_arg( args, int ); + } + fmtnum( value, 10,1, ljust, len, zpad ); break; + case 'x': + if( longflag ){ + value = va_arg( args, long ); + } else { + value = va_arg( args, int ); + } + fmtnum( value, 16,0, ljust, len, zpad ); break; + case 'X': + if( longflag ){ + value = va_arg( args, long ); + } else { + value = va_arg( args, int ); + } + fmtnum( value,-16,0, ljust, len, zpad ); break; + case 's': + strvalue = va_arg( args, char *); + if (maxwidth > 0 || !pointflag) + fmtstr( strvalue,ljust,len,zpad, maxwidth); + break; + case 'c': + ch = va_arg( args, int ); + dopr_outch( ch ); break; + case '%': dopr_outch( ch ); continue; + default: + dostr( "???????" , 0); + } + break; + default: + dopr_outch( ch ); + break; + } + } + *output = 0; +} + +static void +fmtstr( value, ljust, len, zpad, maxwidth ) + char *value; + int ljust, len, zpad, maxwidth; +{ + int padlen, strlen; /* amount to pad */ + + if( value == 0 ){ + value = ""; + } + for( strlen = 0; value[strlen]; ++ strlen ); /* strlen */ + if (strlen > maxwidth && maxwidth) + strlen = maxwidth; + padlen = len - strlen; + if( padlen < 0 ) padlen = 0; + if( ljust ) padlen = -padlen; + while( padlen > 0 ) { + dopr_outch( ' ' ); + --padlen; + } + dostr( value, maxwidth ); + while( padlen < 0 ) { + dopr_outch( ' ' ); + ++padlen; + } +} + +static void +fmtnum( value, base, dosign, ljust, len, zpad ) + long value; + int base, dosign, ljust, len, zpad; +{ + int signvalue = 0; + unsigned long uvalue; + char convert[20]; + int place = 0; + int padlen = 0; /* amount to pad */ + int caps = 0; + + /* DEBUGP(("value 0x%x, base %d, dosign %d, ljust %d, len %d, zpad %d\n", + value, base, dosign, ljust, len, zpad )); */ + uvalue = value; + if( dosign ){ + if( value < 0 ) { + signvalue = '-'; + uvalue = -value; + } + } + if( base < 0 ){ + caps = 1; + base = -base; + } + do{ + convert[place++] = + (caps? "0123456789ABCDEF":"0123456789abcdef") + [uvalue % (unsigned)base ]; + uvalue = (uvalue / (unsigned)base ); + }while(uvalue); + convert[place] = 0; + padlen = len - place; + if( padlen < 0 ) padlen = 0; + if( ljust ) padlen = -padlen; + /* DEBUGP(( "str '%s', place %d, sign %c, padlen %d\n", + convert,place,signvalue,padlen)); */ + if( zpad && padlen > 0 ){ + if( signvalue ){ + dopr_outch( signvalue ); + --padlen; + signvalue = 0; + } + while( padlen > 0 ){ + dopr_outch( zpad ); + --padlen; + } + } + while( padlen > 0 ) { + dopr_outch( ' ' ); + --padlen; + } + if( signvalue ) dopr_outch( signvalue ); + while( place > 0 ) dopr_outch( convert[--place] ); + while( padlen < 0 ){ + dopr_outch( ' ' ); + ++padlen; + } +} + +static void +dostr( str , cut) + char *str; + int cut; +{ + if (cut) { + while(*str && cut-- > 0) dopr_outch(*str++); + } else { + while(*str) dopr_outch(*str++); + } +} + +static void +dopr_outch( c ) + int c; +{ +#if 0 + if( iscntrl(c) && c != '\n' && c != '\t' ){ + c = '@' + (c & 0x1F); + if( end == 0 || output < end ){ + *output++ = '^'; + } + } #endif + if( end == 0 || output < end ){ + *output++ = c; + } +} + +# endif /* !luna2 */ + +#endif /* !HASSNPRINTF */ /* ** USERSHELLOK -- tell if a user's shell is ok for unrestricted use ** @@ -3060,6 +3306,9 @@ chownsafe(fd) # endif # include #endif +#ifndef FD_SETSIZE +# define FD_SETSIZE 256 +#endif void resetlimits() @@ -3070,11 +3319,17 @@ resetlimits() lim.rlim_cur = lim.rlim_max = RLIM_INFINITY; (void) setrlimit(RLIMIT_CPU, &lim); (void) setrlimit(RLIMIT_FSIZE, &lim); +# ifdef RLIMIT_NOFILE + lim.rlim_cur = lim.rlim_max = FD_SETSIZE; + (void) setrlimit(RLIMIT_NOFILE, &lim); +# endif #else # if HASULIMIT (void) ulimit(2, 0x3fffff); + (void) ulimit(4, FD_SETSIZE); # endif #endif + errno = 0; } /* ** GETCFNAME -- return the name of the .cf file. @@ -3507,7 +3762,7 @@ load_if_names() ia = (((struct sockaddr_in *) sa)->sin_addr); /* save IP address in text from */ - (void) sprintf(ip_addr, "[%.*s]", + (void) snprintf(ip_addr, sizeof ip_addr, "[%.*s]", sizeof ip_addr - 3, inet_ntoa(((struct sockaddr_in *) sa)->sin_addr)); if (!wordinclass(ip_addr, 'w')) diff --git a/usr.sbin/sendmail/src/daemon.c b/usr.sbin/sendmail/src/daemon.c index 4bb9a99e4e4c..9a11969bf2c2 100644 --- a/usr.sbin/sendmail/src/daemon.c +++ b/usr.sbin/sendmail/src/daemon.c @@ -37,9 +37,9 @@ #ifndef lint #ifdef DAEMON -static char sccsid[] = "@(#)daemon.c 8.119 (Berkeley) 11/29/95 (with daemon mode)"; +static char sccsid[] = "@(#)daemon.c 8.119.1.2 (Berkeley) 9/16/96 (with daemon mode)"; #else -static char sccsid[] = "@(#)daemon.c 8.119 (Berkeley) 11/29/95 (without daemon mode)"; +static char sccsid[] = "@(#)daemon.c 8.119.1.2 (Berkeley) 9/16/96 (without daemon mode)"; #endif #endif /* not lint */ @@ -1093,7 +1093,8 @@ getauthinfo(fd) if (isatty(fd) || getpeername(fd, &RealHostAddr.sa, &falen) < 0 || falen <= 0 || RealHostAddr.sa.sa_family == 0) { - (void) sprintf(hbuf, "%s@localhost", RealUserName); + (void) snprintf(hbuf, sizeof hbuf, "%s@localhost", + RealUserName); if (tTd(9, 1)) printf("getauthinfo: %s\n", hbuf); return hbuf; @@ -1118,7 +1119,7 @@ getauthinfo(fd) } /* create ident query */ - (void) sprintf(ibuf, "%d,%d\r\n", + (void) snprintf(ibuf, sizeof ibuf, "%d,%d\r\n", ntohs(RealHostAddr.sin.sin_port), ntohs(la.sin.sin_port)); /* create local address */ @@ -1228,8 +1229,8 @@ getauthinfo(fd) /* p now points to the authenticated name -- copy carefully */ cleanstrcpy(hbuf, p, MAXNAME); i = strlen(hbuf); - hbuf[i++] = '@'; - strcpy(&hbuf[i], RealHostName == NULL ? "localhost" : RealHostName); + snprintf(&hbuf[i], sizeof hbuf - i, "@%s", + RealHostName == NULL ? "localhost" : RealHostName); goto postident; closeident: @@ -1243,7 +1244,7 @@ getauthinfo(fd) printf("getauthinfo: NULL\n"); return NULL; } - (void) strcpy(hbuf, RealHostName); + snprintf(hbuf, sizeof hbuf, "%s", RealHostName); postident: #if IP_SRCROUTE @@ -1265,6 +1266,7 @@ getauthinfo(fd) int ipoptlen, j; u_char *q; u_char *o; + int l; struct in_addr addr; struct ipoption ipopt; @@ -1290,10 +1292,14 @@ getauthinfo(fd) case IPOPT_SSRR: case IPOPT_LSRR: p = &hbuf[strlen(hbuf)]; - sprintf(p, " [%s@%.120s", + l = sizeof hbuf - (hbuf - p) - 6; + snprintf(p, SPACELEFT(hbuf, p), " [%s@%.*s", *o == IPOPT_SSRR ? "!" : "", + l > 240 ? 120 : l / 2, inet_ntoa(ipopt.ipopt_dst)); - p += strlen(p); + i = strlen(p); + p += i; + l -= strlen(p); /* o[1] is option length */ j = *++o / sizeof(struct in_addr) - 1; @@ -1303,10 +1309,15 @@ getauthinfo(fd) for ( ; j >= 0; j--) { memcpy(&addr, q, sizeof(addr)); - sprintf(p, "%c%.120s", - j ? '@' : ':', - inet_ntoa(addr)); - p += strlen(p); + snprintf(p, SPACELEFT(hbuf, p), + "%c%.*s", + j != 0 ? '@' : ':', + l > 240 ? 120 : + j == 0 ? l : l / 2, + inet_ntoa(addr)); + i = strlen(p); + p += i; + l -= i + 1; q += sizeof(struct in_addr); } o += *o; @@ -1318,7 +1329,7 @@ getauthinfo(fd) break; } } - strcat(hbuf,"]"); + snprintf(p, SPACELEFT(hbuf, p), "]"); goto postipsr; } #endif @@ -1327,7 +1338,8 @@ getauthinfo(fd) if (RealHostName != NULL && RealHostName[0] != '[') { p = &hbuf[strlen(hbuf)]; - (void) sprintf(p, " [%.100s]", anynet_ntoa(&RealHostAddr)); + (void) snprintf(p, SPACELEFT(hbuf, p), " [%.100s]", + anynet_ntoa(&RealHostAddr)); } postipsr: @@ -1426,12 +1438,7 @@ host_map_lookup(map, name, av, statp) printf("host_map_lookup(%s) => ", name); s->s_namecanon.nc_flags |= NCF_VALID; /* will be soon */ if (strlen(name) < sizeof hbuf) - (void) strcpy(hbuf, name); - else - { - bcopy(name, hbuf, sizeof hbuf - 1); - hbuf[sizeof hbuf - 1] = '\0'; - } + snprintf(hbuf, sizeof hbuf, "%s", name); if (getcanonname(hbuf, sizeof hbuf - 1, !HasWildcardMX)) { if (tTd(9, 1)) @@ -1541,9 +1548,10 @@ anynet_ntoa(sap) #if NETUNIX case AF_UNIX: if (sap->sunix.sun_path[0] != '\0') - sprintf(buf, "[UNIX: %.64s]", sap->sunix.sun_path); + snprintf(buf, sizeof buf, "[UNIX: %.64s]", + sap->sunix.sun_path); else - sprintf(buf, "[UNIX: localhost]"); + snprintf(buf, sizeof buf, "[UNIX: localhost]"); return buf; #endif @@ -1554,7 +1562,7 @@ anynet_ntoa(sap) #if NETLINK case AF_LINK: - sprintf(buf, "[LINK: %s]", + snprintf(buf, sizeof buf, "[LINK: %s]", link_ntoa((struct sockaddr_dl *) &sap->sa)); return buf; #endif @@ -1565,12 +1573,12 @@ anynet_ntoa(sap) } /* unknown family -- just dump bytes */ - (void) sprintf(buf, "Family %d: ", sap->sa.sa_family); + (void) snprintf(buf, sizeof buf, "Family %d: ", sap->sa.sa_family); bp = &buf[strlen(buf)]; ap = sap->sa.sa_data; for (l = sizeof sap->sa.sa_data; --l >= 0; ) { - (void) sprintf(bp, "%02x:", *ap++ & 0377); + (void) snprintf(bp, SPACELEFT(buf, bp), "%02x:", *ap++ & 0377); bp += 3; } *--bp = '\0'; @@ -1642,7 +1650,7 @@ hostnamebyanyaddr(sap) /* produce a dotted quad */ static char buf[203]; - (void) sprintf(buf, "[%.200s]", anynet_ntoa(sap)); + (void) snprintf(buf, sizeof buf, "[%.200s]", anynet_ntoa(sap)); return buf; } } diff --git a/usr.sbin/sendmail/src/deliver.c b/usr.sbin/sendmail/src/deliver.c index 51367ce44392..34c6c1a82f1b 100644 --- a/usr.sbin/sendmail/src/deliver.c +++ b/usr.sbin/sendmail/src/deliver.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)deliver.c 8.185 (Berkeley) 11/18/95"; +static char sccsid[] = "@(#)deliver.c 8.185.1.2 (Berkeley) 9/16/96"; #endif /* not lint */ #include "sendmail.h" @@ -322,8 +322,10 @@ sendall(e, mode) char df1buf[20], df2buf[20]; ee->e_dfp = NULL; - strcpy(df1buf, queuename(e, 'd')); - strcpy(df2buf, queuename(ee, 'd')); + snprintf(df1buf, sizeof df1buf, "%s", + queuename(e, 'd')); + snprintf(df2buf, sizeof df2buf, "%s", + queuename(ee, 'd')); if (link(df1buf, df2buf) < 0) { int saverrno = errno; @@ -569,7 +571,8 @@ sendenvelope(e, mode) #if XDEBUG char wbuf[MAXNAME + 20]; - (void) sprintf(wbuf, "sendall(%.*s)", MAXNAME, q->q_paddr); + (void) snprintf(wbuf, sizeof wbuf, "sendall(%.*s)", + MAXNAME, q->q_paddr); checkfd012(wbuf); #endif if (mode == SM_VERIFY) @@ -776,9 +779,13 @@ deliver(e, firstto) p = e->e_sender; else p = e->e_from.q_paddr; - (void) strcpy(rpathbuf, remotename(p, m, - RF_SENDERADDR|RF_CANONICAL, - &rcode, e)); + p = remotename(p, m, RF_SENDERADDR|RF_CANONICAL, &rcode, e); + if (strlen(p) >= (SIZE_T) sizeof rpathbuf) + { + p = shortenstring(p, 203); + syserr("remotename: huge return %s", p); + } + snprintf(rpathbuf, sizeof rpathbuf, "%s", p); define('g', rpathbuf, e); /* translated return path */ define('h', host, e); /* to host */ Errors = 0; @@ -1087,7 +1094,7 @@ deliver(e, firstto) char wbuf[MAXLINE]; /* make absolutely certain 0, 1, and 2 are in use */ - sprintf(wbuf, "%s... openmailer(%s)", + snprintf(wbuf, sizeof wbuf, "%s... openmailer(%s)", shortenstring(e->e_to, 203), m->m_name); checkfd012(wbuf); } @@ -1735,7 +1742,7 @@ deliver(e, firstto) char wbuf[MAXLINE]; /* make absolutely certain 0, 1, and 2 are in use */ - sprintf(wbuf, "%s... end of deliver(%s)", + snprintf(wbuf, sizeof wbuf, "%s... end of deliver(%s)", e->e_to == NULL ? "NO-TO-LIST" : shortenstring(e->e_to, 203), m->m_name); @@ -1851,7 +1858,7 @@ markfailure(e, q, mci, rcode) { char buf[30]; - (void) sprintf(buf, "%d", rcode); + (void) snprintf(buf, sizeof buf, "%d", rcode); q->q_rstatus = newstr(buf); } } @@ -1977,20 +1984,24 @@ giveresponse(stat, m, mci, ctladdr, xstart, e) statmsg = "250 Sent"; if (e->e_statmsg != NULL) { - (void) sprintf(buf, "%s (%s)", + (void) snprintf(buf, sizeof buf, "%s (%s)", statmsg, shortenstring(e->e_statmsg, 403)); statmsg = buf; } } else if (i < 0 || i > N_SysEx) { - (void) sprintf(buf, "554 unknown mailer error %d", stat); + (void) snprintf(buf, sizeof buf, "554 unknown mailer error %d", + stat); stat = EX_UNAVAILABLE; statmsg = buf; } else if (stat == EX_TEMPFAIL) { - (void) strcpy(buf, SysExMsg[i] + 1); + char *bp = buf; + + snprintf(bp, SPACELEFT(buf, bp), "%s", SysExMsg[i] + 1); + bp += strlen(bp); #if NAMED_BIND if (h_errno == TRY_AGAIN) statmsg = errstring(h_errno+E_DNSBASE); @@ -2009,17 +2020,15 @@ giveresponse(stat, m, mci, ctladdr, xstart, e) } } if (statmsg != NULL && statmsg[0] != '\0') - { - (void) strcat(buf, ": "); - (void) strcat(buf, statmsg); - } + snprintf(bp, SPACELEFT(buf, bp), ": %s", statmsg); statmsg = buf; } #if NAMED_BIND else if (stat == EX_NOHOST && h_errno != 0) { statmsg = errstring(h_errno + E_DNSBASE); - (void) sprintf(buf, "%s (%s)", SysExMsg[i] + 1, statmsg); + (void) snprintf(buf, sizeof buf, "%s (%s)", + SysExMsg[i] + 1, statmsg); statmsg = buf; } #endif @@ -2028,7 +2037,8 @@ giveresponse(stat, m, mci, ctladdr, xstart, e) statmsg = SysExMsg[i]; if (*statmsg++ == ':') { - (void) sprintf(buf, "%s: %s", statmsg, errstring(errno)); + (void) snprintf(buf, sizeof buf, "%s: %s", + statmsg, errstring(errno)); statmsg = buf; } } @@ -2050,7 +2060,7 @@ giveresponse(stat, m, mci, ctladdr, xstart, e) char mbuf[8]; Errors++; - sprintf(mbuf, "%.3s %%s", statmsg); + snprintf(mbuf, sizeof mbuf, "%.3s %%s", statmsg); usrerr(mbuf, &statmsg[4]); } @@ -2105,8 +2115,6 @@ giveresponse(stat, m, mci, ctladdr, xstart, e) ** none */ -#define SPACELEFT(bp) (sizeof buf - ((bp) - buf)) - void logdelivery(m, mci, stat, ctladdr, xstart, e) MAILER *m; @@ -2127,25 +2135,25 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) bp = buf; if (ctladdr != NULL) { - strcpy(bp, ", ctladdr="); - strcat(bp, shortenstring(ctladdr->q_paddr, 83)); + snprintf(bp, SPACELEFT(buf, bp), ", ctladdr=%s", + shortenstring(ctladdr->q_paddr, 83)); bp += strlen(bp); if (bitset(QGOODUID, ctladdr->q_flags)) { - (void) snprintf(bp, SPACELEFT(bp), " (%d/%d)", + (void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)", ctladdr->q_uid, ctladdr->q_gid); bp += strlen(bp); } } /* delay & xdelay: max 41 bytes */ - snprintf(bp, SPACELEFT(bp), ", delay=%s", + snprintf(bp, SPACELEFT(buf, bp), ", delay=%s", pintvl(curtime() - e->e_ctime, TRUE)); bp += strlen(bp); if (xstart != (time_t) 0) { - snprintf(bp, SPACELEFT(bp), ", xdelay=%s", + snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s", pintvl(curtime() - xstart, TRUE)); bp += strlen(bp); } @@ -2153,7 +2161,7 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) /* mailer: assume about 19 bytes (max 10 byte mailer name) */ if (m != NULL) { - snprintf(bp, SPACELEFT(bp), ", mailer=%s", m->m_name); + snprintf(bp, SPACELEFT(buf, bp), ", mailer=%s", m->m_name); bp += strlen(bp); } @@ -2164,14 +2172,14 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) extern SOCKADDR CurHostAddr; # endif - snprintf(bp, SPACELEFT(bp), ", relay=%s", + snprintf(bp, SPACELEFT(buf, bp), ", relay=%s", shortenstring(mci->mci_host, 40)); bp += strlen(bp); # ifdef DAEMON if (CurHostAddr.sa.sa_family != 0) { - snprintf(bp, SPACELEFT(bp), " [%s]", + snprintf(bp, SPACELEFT(buf, bp), " [%s]", anynet_ntoa(&CurHostAddr)); } # endif @@ -2182,7 +2190,7 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) if (p != NULL && p[0] != '\0') { - snprintf(bp, SPACELEFT(bp), ", relay=%s", + snprintf(bp, SPACELEFT(buf, bp), ", relay=%s", shortenstring(p, 40)); } } @@ -2246,46 +2254,50 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) if (ctladdr != NULL) { bp = buf; - strcpy(buf, "ctladdr="); - bp += strlen(buf); - strcpy(bp, shortenstring(ctladdr->q_paddr, 83)); - bp += strlen(buf); + snprintf(bp, SPACELEFT(buf, bp), "ctladdr=%s", + shortenstring(ctladdr->q_paddr, 83)); + bp += strlen(bp); if (bitset(QGOODUID, ctladdr->q_flags)) { - (void) sprintf(bp, " (%d/%d)", + (void) snprintf(bp, SPACELEFT(buf, bp), " (%d/%d)", ctladdr->q_uid, ctladdr->q_gid); bp += strlen(bp); } syslog(LOG_INFO, "%s: %s", e->e_id, buf); } bp = buf; - sprintf(bp, "delay=%s", pintvl(curtime() - e->e_ctime, TRUE)); + snprintf(bp, SPACELEFT(buf, bp), "delay=%s", + pintvl(curtime() - e->e_ctime, TRUE)); bp += strlen(bp); if (xstart != (time_t) 0) { - sprintf(bp, ", xdelay=%s", pintvl(curtime() - xstart, TRUE)); + snprintf(bp, SPACELEFT(buf, bp), ", xdelay=%s", + pintvl(curtime() - xstart, TRUE)); bp += strlen(bp); } if (m != NULL) { - sprintf(bp, ", mailer=%s", m->m_name); + snprintf(bp, SPACELEFT(buf, bp), ", mailer=%s", m->m_name); bp += strlen(bp); } syslog(LOG_INFO, "%s: %.1000s", e->e_id, buf); buf[0] = '\0'; + bp = buf; if (mci != NULL && mci->mci_host != NULL) { # ifdef DAEMON extern SOCKADDR CurHostAddr; # endif - sprintf(buf, "relay=%.100s", mci->mci_host); + snprintf(bp, SPACELEFT(buf, bp), "relay=%.100s", mci->mci_host); + bp += strlen(bp); # ifdef DAEMON if (CurHostAddr.sa.sa_family != 0) - sprintf(bp, " [%.100s]", anynet_ntoa(&CurHostAddr)); + snprintf(bp, SPACELEFT(buf, bp), " [%.100s]", + anynet_ntoa(&CurHostAddr)); # endif } else if (strcmp(stat, "queued") != 0) @@ -2293,7 +2305,7 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) char *p = macvalue('h', e); if (p != NULL && p[0] != '\0') - sprintf(buf, "relay=%.100s", p); + snprintf(buf, sizeof buf, "relay=%.100s", p); } if (buf[0] != '\0') syslog(LOG_INFO, "%s: %.1000s", e->e_id, buf); @@ -2302,8 +2314,6 @@ logdelivery(m, mci, stat, ctladdr, xstart, e) # endif /* short log buffer */ # endif /* LOG */ } - -#undef SPACELEFT /* ** PUTFROMLINE -- output a UNIX-style from line (or whatever) ** @@ -2351,7 +2361,8 @@ putfromline(mci, e) else { *bang++ = '\0'; - (void) sprintf(xbuf, "From %.800s \201d remote from %.100s\n", + (void) snprintf(xbuf, sizeof xbuf, + "From %.800s \201d remote from %.100s\n", bang, buf); template = xbuf; } @@ -2440,7 +2451,8 @@ putbody(mci, e, separator) if (hvalue("Content-Type", e->e_header) == NULL) { - sprintf(buf, "Content-Type: text/plain; charset=%s", + snprintf(buf, sizeof buf, + "Content-Type: text/plain; charset=%s", defcharset(e)); putline(buf, mci); } diff --git a/usr.sbin/sendmail/src/domain.c b/usr.sbin/sendmail/src/domain.c index 8058330f962a..f446e741821d 100644 --- a/usr.sbin/sendmail/src/domain.c +++ b/usr.sbin/sendmail/src/domain.c @@ -36,9 +36,9 @@ #ifndef lint #if NAMED_BIND -static char sccsid[] = "@(#)domain.c 8.54 (Berkeley) 9/28/95 (with name server)"; +static char sccsid[] = "@(#)domain.c 8.54.1.2 (Berkeley) 9/16/96 (with name server)"; #else -static char sccsid[] = "@(#)domain.c 8.54 (Berkeley) 9/28/95 (without name server)"; +static char sccsid[] = "@(#)domain.c 8.54.1.2 (Berkeley) 9/16/96 (without name server)"; #endif #endif /* not lint */ @@ -339,7 +339,13 @@ getmxrr(host, mxhosts, droplocalhost, rcode) host, MyHostName); return -1; } - strcpy(MXHostBuf, host); + if (strlen(host) >= (SIZE_T) sizeof MXHostBuf) + { + *rcode = EX_CONFIG; + syserr("Host name %s too long", shortenstring(host, 203)); + return -1; + } + snprintf(MXHostBuf, sizeof MXHostBuf, "%s", host); mxhosts[0] = MXHostBuf; if (host[0] == '[') { @@ -732,7 +738,8 @@ dns_getcanonname(host, hbsize, trymx, statp) { char ebuf[MAXLINE]; - sprintf(ebuf, "Deferred: DNS failure: CNAME loop for %.100s", + snprintf(ebuf, sizeof ebuf, + "Deferred: DNS failure: CNAME loop for %.100s", host); CurEnv->e_message = newstr(ebuf); } @@ -808,7 +815,7 @@ dns_getcanonname(host, hbsize, trymx, statp) ** Otherwise append the saved domain name. */ - (void) sprintf(nbuf, "%.*s%s%.*s", MAXDNAME, host, + (void) snprintf(nbuf, sizeof nbuf, "%.*s%s%.*s", MAXDNAME, host, *mxmatch == '\0' ? "" : ".", MAXDNAME, mxmatch); strncpy(host, nbuf, hbsize); diff --git a/usr.sbin/sendmail/src/headers.c b/usr.sbin/sendmail/src/headers.c index 3d20635e8931..72092d75d88e 100644 --- a/usr.sbin/sendmail/src/headers.c +++ b/usr.sbin/sendmail/src/headers.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)headers.c 8.82.1.1 (Berkeley) 2/18/96"; +static char sccsid[] = "@(#)headers.c 8.82.1.2 (Berkeley) 9/16/96"; #endif /* not lint */ # include @@ -678,11 +678,11 @@ logsender(e, msgid) else { name = hbuf; - (void) sprintf(hbuf, "%.80s", RealHostName); + (void) snprintf(hbuf, sizeof hbuf, "%.80s", RealHostName); if (RealHostAddr.sa.sa_family != 0) { p = &hbuf[strlen(hbuf)]; - (void) sprintf(p, " (%.100s)", + (void) snprintf(p, SPACELEFT(hbuf, p), " (%.100s)", anynet_ntoa(&RealHostAddr)); } } @@ -690,23 +690,25 @@ logsender(e, msgid) /* some versions of syslog only take 5 printf args */ # if (SYSLOG_BUFSIZE) >= 256 sbp = sbuf; - sprintf(sbp, "from=%.200s, size=%ld, class=%d, pri=%ld, nrcpts=%d", + snprintf(sbp, SPACELEFT(sbuf, sbp), + "from=%.200s, size=%ld, class=%d, pri=%ld, nrcpts=%d", e->e_from.q_paddr == NULL ? "" : e->e_from.q_paddr, e->e_msgsize, e->e_class, e->e_msgpriority, e->e_nrcpts); sbp += strlen(sbp); if (msgid != NULL) { - sprintf(sbp, ", msgid=%.100s", mbuf); + snprintf(sbp, SPACELEFT(sbuf, sbp), ", msgid=%.100s", mbuf); sbp += strlen(sbp); } if (e->e_bodytype != NULL) { - (void) sprintf(sbp, ", bodytype=%.20s", e->e_bodytype); + (void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", bodytype=%.20s", + e->e_bodytype); sbp += strlen(sbp); } p = macvalue('r', e); if (p != NULL) - (void) sprintf(sbp, ", proto=%.20s", p); + (void) snprintf(sbp, SPACELEFT(sbuf, sbp), ", proto=%.20s", p); syslog(LOG_INFO, "%s: %.850s, relay=%.100s", e->e_id, sbuf, name); @@ -722,17 +724,17 @@ logsender(e, msgid) syslog(LOG_INFO, "%s: msgid=%s", e->e_id, shortenstring(mbuf, 83)); sbp = sbuf; - sprintf(sbp, "%s:", e->e_id); + snprintf(sbp, SPACELEFT(sbuf, sbp), "%s:", e->e_id); sbp += strlen(sbp); if (e->e_bodytype != NULL) { - sprintf(sbp, " bodytype=%.20s,", e->e_bodytype); + snprintf(sbp, SPACELEFT(sbuf, sbp), " bodytype=%.20s,", e->e_bodytype); sbp += strlen(sbp); } p = macvalue('r', e); if (p != NULL) { - sprintf(sbp, " proto=%.20s,", p); + snprintf(sbp, SPACELEFT(sbuf, sbp), " proto=%.20s,", p); sbp += strlen(sbp); } syslog(LOG_INFO, "%.400s relay=%.100s", sbuf, name); @@ -1216,7 +1218,8 @@ putheader(mci, h, e) else { /* no other recipient headers: truncate value */ - (void) sprintf(obuf, "%s:", h->h_field); + (void) snprintf(obuf, sizeof obuf, "%s:", + h->h_field); putline(obuf, mci); } continue; @@ -1241,13 +1244,15 @@ putheader(mci, h, e) register char *obp; vanilla: - (void) sprintf(obuf, "%.200s: ", h->h_field); + obp = obuf; + (void) snprintf(obp, SPACELEFT(obuf, obp), "%.200s: ", + h->h_field); obp = obuf + strlen(obuf); while ((nlp = strchr(p, '\n')) != NULL) { *nlp = '\0'; - sprintf(obp, "%.*s", + snprintf(obp, SPACELEFT(obuf, obp), "%.*s", sizeof obuf - (obp - obuf) - 1, p); *nlp = '\n'; putline(obuf, mci); @@ -1256,7 +1261,8 @@ putheader(mci, h, e) if (*p != ' ' && *p != '\t') *obp++ = ' '; } - sprintf(obp, "%.*s", sizeof obuf - (obp - obuf) - 1, p); + snprintf(obp, SPACELEFT(obuf, obp), "%.*s", + sizeof obuf - (obp - obuf) - 1, p); putline(obuf, mci); } } @@ -1277,7 +1283,8 @@ putheader(mci, h, e) putline("MIME-Version: 1.0", mci); if (hvalue("Content-Type", e->e_header) == NULL) { - sprintf(obuf, "Content-Type: text/plain; charset=%s", + snprintf(obuf, sizeof obuf, + "Content-Type: text/plain; charset=%s", defcharset(e)); putline(obuf, mci); } @@ -1326,7 +1333,7 @@ commaize(h, p, oldstyle, mci, e) printf("commaize(%s: %s)\n", h->h_field, p); obp = obuf; - (void) sprintf(obp, "%.200s: ", h->h_field); + (void) snprintf(obp, SPACELEFT(obuf, obp), "%.200s: ", h->h_field); opos = strlen(h->h_field) + 2; obp += opos; omax = mci->mci_mailer->m_linelimit - 2; @@ -1420,7 +1427,7 @@ commaize(h, p, oldstyle, mci, e) opos += 2; if (opos > omax && !firstone) { - (void) strcpy(obp, ",\n"); + snprintf(obp, SPACELEFT(obuf, obp), ",\n"); putline(obuf, mci); obp = obuf; (void) strcpy(obp, " "); @@ -1430,7 +1437,7 @@ commaize(h, p, oldstyle, mci, e) } else if (!firstone) { - (void) strcpy(obp, ", "); + snprintf(obp, SPACELEFT(obuf, obp), ", "); obp += 2; } diff --git a/usr.sbin/sendmail/src/main.c b/usr.sbin/sendmail/src/main.c index 1b2b9da15023..e19efa489aef 100644 --- a/usr.sbin/sendmail/src/main.c +++ b/usr.sbin/sendmail/src/main.c @@ -39,7 +39,7 @@ static char copyright[] = #endif /* not lint */ #ifndef lint -static char sccsid[] = "@(#)main.c 8.162 (Berkeley) 11/18/95"; +static char sccsid[] = "@(#)main.c 8.162.1.3 (Berkeley) 9/16/96"; #endif /* not lint */ #define _DEFINE @@ -144,6 +144,7 @@ main(argc, argv, envp) extern void sigusr1(); extern void sighup(); extern void initmacros __P((ENVELOPE *)); + extern void resetlimits __P((void)); /* ** Check to see if we reentered. @@ -224,9 +225,9 @@ main(argc, argv, envp) pw = sm_getpwuid(RealUid); if (pw != NULL) - (void) strcpy(rnamebuf, pw->pw_name); + (void) snprintf(rnamebuf, sizeof rnamebuf, "%s", pw->pw_name); else - (void) sprintf(rnamebuf, "Unknown UID %d", RealUid); + (void) snprintf(rnamebuf, sizeof rnamebuf, "Unknown UID %d", RealUid); RealUserName = rnamebuf; /* save command line arguments */ @@ -431,7 +432,7 @@ main(argc, argv, envp) { char ipbuf[103]; - sprintf(ipbuf, "[%.100s]", + snprintf(ipbuf, sizeof ipbuf, "[%.100s]", inet_ntoa(*((struct in_addr *) hp->h_addr_list[i]))); if (tTd(0, 4)) printf("\ta.k.a.: %s\n", ipbuf); @@ -707,6 +708,9 @@ main(argc, argv, envp) readcf(getcfname(), safecf, CurEnv); vendor_post_defaults(CurEnv); + /* avoid denial-of-service attacks */ + resetlimits(); + /* suppress error printing if errors mailed back or whatever */ if (CurEnv->e_errormode != EM_PRINT) HoldErrs = TRUE; @@ -1569,7 +1573,7 @@ auth_warning(e, msg, va_alist) if (hostbuf[0] == '\0') (void) myhostname(hostbuf, sizeof hostbuf); - (void) sprintf(buf, "%s: ", hostbuf); + (void) snprintf(buf, sizeof buf, "%s: ", hostbuf); p = &buf[strlen(buf)]; VA_START(msg); vsnprintf(p, sizeof buf - (p - buf), msg, ap); @@ -1930,6 +1934,11 @@ testmodeline(line, e) printf("Usage: /canon address\n"); return; } + else if (strlen(p) >= sizeof host) + { + printf("Name too long\n"); + return; + } strcpy(host, p); getcanonname(host, sizeof(host), HasWildcardMX, &rcode); printf("getcanonname(%s) returns %s (%d)\n", diff --git a/usr.sbin/sendmail/src/parseaddr.c b/usr.sbin/sendmail/src/parseaddr.c index bea7184e4a4f..7507b8371be4 100644 --- a/usr.sbin/sendmail/src/parseaddr.c +++ b/usr.sbin/sendmail/src/parseaddr.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)parseaddr.c 8.87 (Berkeley) 11/29/95"; +static char sccsid[] = "@(#)parseaddr.c 8.87.1.1 (Berkeley) 9/16/96"; #endif /* not lint */ # include "sendmail.h" @@ -1212,7 +1212,8 @@ rewrite(pvp, ruleset, reclevel, e) { char mbuf[300]; - sprintf(mbuf, "%.80s map: lookup (%s): deferred", + snprintf(mbuf, sizeof mbuf, + "%.80s map: lookup (%s): deferred", mapname, shortenstring(buf, 203)); e->e_message = newstr(mbuf); diff --git a/usr.sbin/sendmail/src/recipient.c b/usr.sbin/sendmail/src/recipient.c index 79126e9ccc5d..4675247e11cf 100644 --- a/usr.sbin/sendmail/src/recipient.c +++ b/usr.sbin/sendmail/src/recipient.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)recipient.c 8.108 (Berkeley) 10/30/95"; +static char sccsid[] = "@(#)recipient.c 8.108.1.1 (Berkeley) 9/12/96"; #endif /* not lint */ # include "sendmail.h" @@ -499,7 +499,7 @@ recipient(a, sendq, aliaslevel, e) /* warning -- finduser may trash buf */ pw = finduser(buf, &fuzzy); - if (pw == NULL) + if (pw == NULL || strlen(pw->pw_name) > MAXNAME) { a->q_flags |= QBADADDR; a->q_status = "5.1.1"; @@ -535,7 +535,7 @@ recipient(a, sendq, aliaslevel, e) a->q_gid = pw->pw_gid; a->q_ruser = newstr(pw->pw_name); a->q_flags |= QGOODUID; - buildfname(pw->pw_gecos, pw->pw_name, nbuf); + buildfname(pw->pw_gecos, pw->pw_name, nbuf, sizeof nbuf); if (nbuf[0] != '\0') a->q_fullname = newstr(nbuf); if (!usershellok(pw->pw_name, pw->pw_shell)) @@ -743,7 +743,7 @@ finduser(name, fuzzyp) } # endif - buildfname(pw->pw_gecos, pw->pw_name, buf); + buildfname(pw->pw_gecos, pw->pw_name, buf, sizeof buf); if (strchr(buf, ' ') != NULL && !strcasecmp(buf, name)) { if (tTd(29, 4)) diff --git a/usr.sbin/sendmail/src/savemail.c b/usr.sbin/sendmail/src/savemail.c index 9898cdd57d81..80639b12cf34 100644 --- a/usr.sbin/sendmail/src/savemail.c +++ b/usr.sbin/sendmail/src/savemail.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)savemail.c 8.87 (Berkeley) 10/28/95"; +static char sccsid[] = "@(#)savemail.c 8.87.1.2 (Berkeley) 9/16/96"; #endif /* not lint */ # include "sendmail.h" @@ -376,8 +376,7 @@ savemail(e, sendbody) break; } - strcpy(buf, _PATH_VARTMP); - strcat(buf, "dead.letter"); + snprintf(buf, sizeof buf, "%sdead.letter", _PATH_VARTMP); sfflags = SFF_NOSLINK|SFF_CREAT|SFF_REGONLY|SFF_ROOTOK|SFF_OPENASROOT; if (!writable(buf, NULL, sfflags) || @@ -555,10 +554,10 @@ returntosender(msg, returnq, sendbody, e) { addheader("MIME-Version", "1.0", &ee->e_header); - (void) sprintf(buf, "%s.%ld/%.100s", + (void) snprintf(buf, sizeof buf, "%s.%ld/%.100s", ee->e_id, curtime(), MyHostName); ee->e_msgboundary = newstr(buf); - (void) sprintf(buf, + (void) snprintf(buf, sizeof buf, #if DSN "multipart/report; report-type=delivery-status;\n\tboundary=\"%s\"", #else @@ -592,11 +591,12 @@ returntosender(msg, returnq, sendbody, e) } else { - sprintf(buf, "Returned mail: %.*s", sizeof buf - 20, msg); + snprintf(buf, sizeof buf, "Returned mail: %.*s", + sizeof buf - 20, msg); addheader("Subject", buf, &ee->e_header); p = "failure"; } - (void) sprintf(buf, "auto-generated (%s)", p); + (void) snprintf(buf, sizeof buf, "auto-generated (%s)", p); addheader("Auto-Submitted", buf, &ee->e_header); /* fake up an address header for the from person */ @@ -690,7 +690,7 @@ errbody(mci, e, separator) { putline("This is a MIME-encapsulated message", mci); putline("", mci); - (void) sprintf(buf, "--%s", e->e_msgboundary); + (void) snprintf(buf, sizeof buf, "--%s", e->e_msgboundary); putline(buf, mci); putline("", mci); } @@ -715,7 +715,7 @@ errbody(mci, e, separator) mci); putline("", mci); } - sprintf(buf, "The original message was received at %s", + snprintf(buf, sizeof buf, "The original message was received at %s", arpadate(ctime(&e->e_parent->e_ctime))); putline(buf, mci); expand("from \201_", buf, sizeof buf, e->e_parent); @@ -790,11 +790,12 @@ errbody(mci, e, separator) printheader = FALSE; } - sprintf(buf, "%s (%s)", shortenstring(q->q_paddr, 203), p); + snprintf(buf, sizeof buf, "%s (%s)", + shortenstring(q->q_paddr, 203), p); putline(buf, mci); if (q->q_alias != NULL) { - sprintf(buf, " (expanded from: %s)", + snprintf(buf, sizeof buf, " (expanded from: %s)", shortenstring(q->q_alias->q_paddr, 203)); putline(buf, mci); } @@ -837,7 +838,7 @@ errbody(mci, e, separator) if (e->e_msgboundary != NULL) { putline("", mci); - (void) sprintf(buf, "--%s", e->e_msgboundary); + (void) snprintf(buf, sizeof buf, "--%s", e->e_msgboundary); putline(buf, mci); putline("Content-Type: message/delivery-status", mci); putline("", mci); @@ -849,13 +850,13 @@ errbody(mci, e, separator) /* original envelope id from MAIL FROM: line */ if (e->e_parent->e_envid != NULL) { - (void) sprintf(buf, "Original-Envelope-Id: %.800s", + (void) snprintf(buf, sizeof buf, "Original-Envelope-Id: %.800s", xuntextify(e->e_parent->e_envid)); putline(buf, mci); } /* Reporting-MTA: is us (required) */ - (void) sprintf(buf, "Reporting-MTA: dns; %.800s", MyHostName); + (void) snprintf(buf, sizeof buf, "Reporting-MTA: dns; %.800s", MyHostName); putline(buf, mci); /* DSN-Gateway: not relevant since we are not translating */ @@ -867,13 +868,13 @@ errbody(mci, e, separator) if (e->e_parent->e_from.q_mailer == NULL || (p = e->e_parent->e_from.q_mailer->m_mtatype) == NULL) p = "dns"; - (void) sprintf(buf, "Received-From-MTA: %s; %.800s", + (void) snprintf(buf, sizeof buf, "Received-From-MTA: %s; %.800s", p, RealHostName); putline(buf, mci); } /* Arrival-Date: -- when it arrived here */ - (void) sprintf(buf, "Arrival-Date: %s", + (void) snprintf(buf, sizeof buf, "Arrival-Date: %s", arpadate(ctime(&e->e_parent->e_ctime))); putline(buf, mci); @@ -911,7 +912,7 @@ errbody(mci, e, separator) /* Original-Recipient: -- passed from on high */ if (q->q_orcpt != NULL) { - (void) sprintf(buf, "Original-Recipient: %.800s", + (void) snprintf(buf, sizeof buf, "Original-Recipient: %.800s", q->q_orcpt); putline(buf, mci); } @@ -924,12 +925,14 @@ errbody(mci, e, separator) continue; if (strchr(r->q_user, '@') == NULL) { - (void) sprintf(buf, "Final-Recipient: %s; %.700s@%.100s", + (void) snprintf(buf, sizeof buf, + "Final-Recipient: %s; %.700s@%.100s", p, r->q_user, MyHostName); } else { - (void) sprintf(buf, "Final-Recipient: %s; %.800s", + (void) snprintf(buf, sizeof buf, + "Final-Recipient: %s; %.800s", p, r->q_user); } putline(buf, mci); @@ -939,31 +942,33 @@ errbody(mci, e, separator) { if (strchr(q->q_user, '@') == NULL) { - (void) sprintf(buf, "X-Actual-Recipient: %s; %.700s@%.100s", + (void) snprintf(buf, sizeof buf, + "X-Actual-Recipient: %s; %.700s@%.100s", p, q->q_user, MyHostName); } else { - (void) sprintf(buf, "X-Actual-Recipient: %s; %.800s", + (void) snprintf(buf, sizeof buf, + "X-Actual-Recipient: %s; %.800s", p, q->q_user); } putline(buf, mci); } /* Action: -- what happened? */ - sprintf(buf, "Action: %s", action); + snprintf(buf, sizeof buf, "Action: %s", action); putline(buf, mci); /* Status: -- what _really_ happened? */ - strcpy(buf, "Status: "); if (q->q_status != NULL) - strcat(buf, q->q_status); + p = q->q_status; else if (bitset(QBADADDR, q->q_flags)) - strcat(buf, "5.0.0"); + p = "5.0.0"; else if (bitset(QQUEUEUP, q->q_flags)) - strcat(buf, "4.0.0"); + p = "4.0.0"; else - strcat(buf, "2.0.0"); + p = "2.0.0"; + snprintf(buf, sizeof buf, "Status: %s", p); putline(buf, mci); /* Remote-MTA: -- who was I talking to? */ @@ -972,7 +977,8 @@ errbody(mci, e, separator) if (q->q_mailer == NULL || (p = q->q_mailer->m_mtatype) == NULL) p = "dns"; - (void) sprintf(buf, "Remote-MTA: %s; %.800s", + (void) snprintf(buf, sizeof buf, + "Remote-MTA: %s; %.800s", p, q->q_statmta); p = &buf[strlen(buf) - 1]; if (*p == '.') @@ -986,7 +992,8 @@ errbody(mci, e, separator) p = q->q_mailer->m_diagtype; if (p == NULL) p = "smtp"; - (void) sprintf(buf, "Diagnostic-Code: %s; %.800s", + (void) snprintf(buf, sizeof buf, + "Diagnostic-Code: %s; %.800s", p, q->q_rstatus); putline(buf, mci); } @@ -994,7 +1001,8 @@ errbody(mci, e, separator) /* Last-Attempt-Date: -- fine granularity */ if (q->q_statdate == (time_t) 0L) q->q_statdate = curtime(); - (void) sprintf(buf, "Last-Attempt-Date: %s", + (void) snprintf(buf, sizeof buf, + "Last-Attempt-Date: %s", arpadate(ctime(&q->q_statdate))); putline(buf, mci); @@ -1006,7 +1014,8 @@ errbody(mci, e, separator) xdate = e->e_parent->e_ctime + TimeOuts.to_q_return[e->e_parent->e_timeoutclass]; - sprintf(buf, "Will-Retry-Until: %s", + snprintf(buf, sizeof buf, + "Will-Retry-Until: %s", arpadate(ctime(&xdate))); putline(buf, mci); } @@ -1034,10 +1043,11 @@ errbody(mci, e, separator) } else { - (void) sprintf(buf, "--%s", e->e_msgboundary); + (void) snprintf(buf, sizeof buf, "--%s", + e->e_msgboundary); putline(buf, mci); - (void) sprintf(buf, "Content-Type: %s", + (void) snprintf(buf, sizeof buf, "Content-Type: %s", sendbody ? "message/rfc822" : "text/rfc822-headers"); putline(buf, mci); @@ -1049,7 +1059,7 @@ errbody(mci, e, separator) p = "8bit"; if (p != NULL) { - (void) sprintf(buf, "Content-Transfer-Encoding: %s", + (void) snprintf(buf, sizeof buf, "Content-Transfer-Encoding: %s", p); putline(buf, mci); } @@ -1072,7 +1082,7 @@ errbody(mci, e, separator) if (e->e_msgboundary != NULL) { putline("", mci); - (void) sprintf(buf, "--%s--", e->e_msgboundary); + (void) snprintf(buf, sizeof buf, "--%s--", e->e_msgboundary); putline(buf, mci); } putline("", mci); @@ -1351,6 +1361,7 @@ pruneroute(addr) char *start, *at, *comma; char c; int rcode; + int i; char hostbuf[BUFSIZ]; char *mxhosts[MAXMXHOSTS + 1]; @@ -1363,8 +1374,11 @@ pruneroute(addr) return FALSE; /* slice off the angle brackets */ + i = strlen(at + 1); + if (i >= (SIZE_T) sizeof hostbuf) + return FALSE; strcpy(hostbuf, at + 1); - hostbuf[strlen(hostbuf) - 1] = '\0'; + hostbuf[i - 1] = '\0'; while (start) { @@ -1376,10 +1390,11 @@ pruneroute(addr) c = *start; *start = '\0'; comma = strrchr(addr, ','); - if (comma && comma[1] == '@') + if (comma != NULL && comma[1] == '@' && + strlen(comma + 2) < (SIZE_T) sizeof hostbuf) strcpy(hostbuf, comma + 2); else - comma = 0; + comma = NULL; *start = c; start = comma; } diff --git a/usr.sbin/sendmail/src/sendmail.h b/usr.sbin/sendmail/src/sendmail.h index 66c75764a5f1..fb2f1452ddaf 100644 --- a/usr.sbin/sendmail/src/sendmail.h +++ b/usr.sbin/sendmail/src/sendmail.h @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * @(#)sendmail.h 8.159 (Berkeley) 11/18/95 + * @(#)sendmail.h 8.159.1.3 (Berkeley) 9/16/96 */ /* @@ -41,7 +41,7 @@ # ifdef _DEFINE # define EXTERN # ifndef lint -static char SmailSccsId[] = "@(#)sendmail.h 8.159 11/18/95"; +static char SmailSccsId[] = "@(#)sendmail.h 8.159.1.3 9/16/96"; # endif # else /* _DEFINE */ # define EXTERN extern @@ -121,6 +121,14 @@ typedef int BITMAP[BITMAPBYTES / sizeof (int)]; /* clear an entire bit map */ #define clrbitmap(map) bzero((char *) map, BITMAPBYTES) + + +/* +** Utility macros +*/ + +/* return number of bytes left in a buffer */ +#define SPACELEFT(buf, ptr) (sizeof buf - ((ptr) - buf)) /* ** Address structure. ** Addresses are stored internally in this structure. @@ -1199,6 +1207,7 @@ extern void setclass __P((int, char *)); extern void inittimeouts __P((char *)); extern void logdelivery __P((MAILER *, MCI *, const char *, ADDRESS *, time_t, ENVELOPE *)); extern void giveresponse __P((int, MAILER *, MCI *, ADDRESS *, time_t, ENVELOPE *)); +extern void buildfname __P((char *, char *, char *, int)); extern const char *errstring __P((int)); extern sigfunc_t setsignal __P((int, sigfunc_t)); @@ -1228,10 +1237,10 @@ extern void nmessage(); #if !HASSNPRINTF # ifdef __STDC__ -extern void snprintf(char *, size_t, const char *, ...); -extern void vsnprintf(char *, size_t, const char *, va_list); +extern int snprintf(char *, size_t, const char *, ...); +extern int vsnprintf(char *, size_t, const char *, va_list); # else -extern void snprintf(); -extern void vsnprintf(); +extern int snprintf(); +extern int vsnprintf(); # endif #endif diff --git a/usr.sbin/sendmail/src/udb.c b/usr.sbin/sendmail/src/udb.c index 9212bb4ed015..e9834ebea082 100644 --- a/usr.sbin/sendmail/src/udb.c +++ b/usr.sbin/sendmail/src/udb.c @@ -36,9 +36,9 @@ #ifndef lint #if USERDB -static char sccsid [] = "@(#)udb.c 8.33 (Berkeley) 11/29/95 (with USERDB)"; +static char sccsid [] = "@(#)udb.c 8.33.1.2 (Berkeley) 9/16/96 (with USERDB)"; #else -static char sccsid [] = "@(#)udb.c 8.33 (Berkeley) 11/29/95 (without USERDB)"; +static char sccsid [] = "@(#)udb.c 8.33.1.2 (Berkeley) 9/16/96 (without USERDB)"; #endif #endif @@ -359,7 +359,7 @@ udbexpand(a, sendq, aliaslevel, e) a->q_user, hes_error()); continue; } - sprintf(info.data, "%s@%s", + snprintf(pobuf, sizeof pobuf, "%s@%s", hp->po_name, hp->po_host); info.size = strlen(info.data); #else @@ -438,7 +438,8 @@ udbexpand(a, sendq, aliaslevel, e) user = buf; else user = xalloc(i + 1); - (void) sprintf(user, "%s@%s", a->q_user, up->udb_fwdhost); + (void) snprintf(user, i, "%s@%s", + a->q_user, up->udb_fwdhost); message("expanded to %s", user); a->q_flags &= ~QSELFREF; naddrs = sendtolist(user, a, sendq, aliaslevel + 1, e); @@ -1044,6 +1045,8 @@ hes_udb_get(key, info) char *p, **hp; char kbuf[MAXKEY + 1]; + if (strlen(key->data) >= (SIZE_T) sizeof kbuf) + return 0; strcpy(kbuf, key->data); name = kbuf; type = strrchr(name, ':'); diff --git a/usr.sbin/sendmail/src/usersmtp.c b/usr.sbin/sendmail/src/usersmtp.c index 6233e0f1bcfc..edfe7beb8d53 100644 --- a/usr.sbin/sendmail/src/usersmtp.c +++ b/usr.sbin/sendmail/src/usersmtp.c @@ -36,9 +36,9 @@ #ifndef lint #ifdef SMTP -static char sccsid[] = "@(#)usersmtp.c 8.65 (Berkeley) 9/28/95 (with SMTP)"; +static char sccsid[] = "@(#)usersmtp.c 8.65.1.2 (Berkeley) 9/16/96 (with SMTP)"; #else -static char sccsid[] = "@(#)usersmtp.c 8.65 (Berkeley) 9/28/95 (without SMTP)"; +static char sccsid[] = "@(#)usersmtp.c 8.65.1.2 (Berkeley) 9/16/96 (without SMTP)"; #endif #endif /* not lint */ @@ -332,6 +332,7 @@ smtpmailfrom(m, mci, e) ENVELOPE *e; { int r; + int l; char *bufp; char *bodytype; char buf[MAXNAME + 1]; @@ -342,9 +343,10 @@ smtpmailfrom(m, mci, e) /* set up appropriate options to include */ if (bitset(MCIF_SIZE, mci->mci_flags) && e->e_msgsize > 0) - sprintf(optbuf, " SIZE=%ld", e->e_msgsize); + snprintf(optbuf, sizeof optbuf, " SIZE=%ld", e->e_msgsize); else strcpy(optbuf, ""); + l = sizeof optbuf - strlen(optbuf) - 1; bodytype = e->e_bodytype; if (bitset(MCIF_8BITMIME, mci->mci_flags)) @@ -359,6 +361,7 @@ smtpmailfrom(m, mci, e) { strcat(optbuf, " BODY="); strcat(optbuf, bodytype); + l -= strlen(optbuf); } } else if (bitnset(M_8BITS, m->m_flags) || @@ -387,20 +390,22 @@ smtpmailfrom(m, mci, e) if (bitset(MCIF_DSN, mci->mci_flags)) { - if (e->e_envid != NULL) + if (e->e_envid != NULL && strlen(e->e_envid) < (SIZE_T) l) { strcat(optbuf, " ENVID="); strcat(optbuf, e->e_envid); + l -= strlen(optbuf); } /* RET= parameter */ - if (bitset(EF_RET_PARAM, e->e_flags)) + if (bitset(EF_RET_PARAM, e->e_flags) && l >= 9) { strcat(optbuf, " RET="); if (bitset(EF_NO_BODY_RETN, e->e_flags)) strcat(optbuf, "HDRS"); else strcat(optbuf, "FULL"); + l -= 9; } } @@ -516,10 +521,12 @@ smtprcpt(to, m, mci, e) ENVELOPE *e; { register int r; + int l; char optbuf[MAXLINE]; extern char *smtptodsn(); strcpy(optbuf, ""); + l = sizeof optbuf - 1; if (bitset(MCIF_DSN, mci->mci_flags)) { /* NOTIFY= parameter */ @@ -550,13 +557,15 @@ smtprcpt(to, m, mci, e) } if (firstone) strcat(optbuf, "NEVER"); + l -= strlen(optbuf); } /* ORCPT= parameter */ - if (to->q_orcpt != NULL) + if (to->q_orcpt != NULL && strlen(to->q_orcpt) + 7 < l) { strcat(optbuf, " ORCPT="); strcat(optbuf, to->q_orcpt); + l -= strlen(optbuf); } } @@ -921,14 +930,19 @@ reply(m, mci, e, timeout, pfunc) { char wbuf[MAXLINE]; char *p = wbuf; + int wbufleft = sizeof wbuf; if (e->e_to != NULL) { - sprintf(p, "%s... ", + int plen; + + snprintf(p, wbufleft, "%s... ", shortenstring(e->e_to, 203)); - p += strlen(p); + plen = strlen(p); + p += plen; + wbufleft -= plen; } - sprintf(p, "reply(%.100s) during %s", + snprintf(p, wbufleft, "reply(%.100s) during %s", mci->mci_host, SmtpPhase); checkfd012(wbuf); } @@ -992,7 +1006,7 @@ reply(m, mci, e, timeout, pfunc) /* save temporary failure messages for posterity */ if (SmtpReplyBuffer[0] == '4' && SmtpError[0] == '\0') - (void) strcpy(SmtpError, SmtpReplyBuffer); + snprintf(SmtpError, sizeof SmtpError, "%s", SmtpReplyBuffer); /* reply code 421 is "Service Shutting Down" */ if (r == SMTPCLOSING && mci->mci_state != MCIS_SSD) diff --git a/usr.sbin/sendmail/src/util.c b/usr.sbin/sendmail/src/util.c index 20c98670f1ad..3065e382b248 100644 --- a/usr.sbin/sendmail/src/util.c +++ b/usr.sbin/sendmail/src/util.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)util.c 8.84.1.2 (Berkeley) 3/4/96"; +static char sccsid[] = "@(#)util.c 8.84.1.4 (Berkeley) 9/16/96"; #endif /* not lint */ # include "sendmail.h" @@ -374,6 +374,7 @@ makelower(p) ** p -- name to build. ** login -- the login name of this user (for &). ** buf -- place to put the result. +** buflen -- length of buf. ** ** Returns: ** none. @@ -383,10 +384,11 @@ makelower(p) */ void -buildfname(gecos, login, buf) +buildfname(gecos, login, buf, buflen) register char *gecos; char *login; char *buf; + int buflen; { register char *p; register char *bp = buf; @@ -404,16 +406,21 @@ buildfname(gecos, login, buf) else l++; } + if (l > buflen - 1) + { + /* not a good sign */ + snprintf(buf, buflen, "%s", gecos); + return; + } /* now fill in buf */ for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++) { if (*p == '&') { - (void) strcpy(bp, login); + snprintf(bp, SPACELEFT(buf, bp), "%s", login); *bp = toupper(*bp); - while (*bp != '\0') - bp++; + bp += strlen(bp); } else *bp++ = *p; @@ -1530,14 +1537,15 @@ dumpfd(fd, printclosed, logit) extern char *hostnamebyanyaddr(); p = buf; - sprintf(p, "%3d: ", fd); + snprintf(p, SPACELEFT(buf, p), "%3d: ", fd); p += strlen(p); if (fstat(fd, &st) < 0) { if (printclosed || errno != EBADF) { - sprintf(p, "CANNOT STAT (%s)", errstring(errno)); + snprintf(p, SPACELEFT(buf, p), "CANNOT STAT (%s)", + errstring(errno)); goto printit; } return; @@ -1546,73 +1554,75 @@ dumpfd(fd, printclosed, logit) slen = fcntl(fd, F_GETFL, NULL); if (slen != -1) { - sprintf(p, "fl=0x%x, ", slen); + snprintf(p, SPACELEFT(buf, p), "fl=0x%x, ", slen); p += strlen(p); } - sprintf(p, "mode=%o: ", st.st_mode); + snprintf(p, SPACELEFT(buf, p), "mode=%o: ", st.st_mode); p += strlen(p); switch (st.st_mode & S_IFMT) { #ifdef S_IFSOCK case S_IFSOCK: - sprintf(p, "SOCK "); + snprintf(p, SPACELEFT(buf, p), "SOCK "); p += strlen(p); slen = sizeof sa; if (getsockname(fd, &sa.sa, &slen) < 0) - sprintf(p, "(%s)", errstring(errno)); + snprintf(p, SPACELEFT(buf, p), "(%s)", errstring(errno)); else { hp = hostnamebyanyaddr(&sa); if (sa.sa.sa_family == AF_INET) - sprintf(p, "%s/%d", hp, ntohs(sa.sin.sin_port)); + snprintf(p, SPACELEFT(buf, p), "%s/%d", + hp, ntohs(sa.sin.sin_port)); else - sprintf(p, "%s", hp); + snprintf(p, SPACELEFT(buf, p), "%s", hp); } p += strlen(p); - sprintf(p, "->"); + snprintf(p, SPACELEFT(buf, p), "->"); p += strlen(p); slen = sizeof sa; if (getpeername(fd, &sa.sa, &slen) < 0) - sprintf(p, "(%s)", errstring(errno)); + snprintf(p, SPACELEFT(buf, p), "(%s)", errstring(errno)); else { hp = hostnamebyanyaddr(&sa); if (sa.sa.sa_family == AF_INET) - sprintf(p, "%s/%d", hp, ntohs(sa.sin.sin_port)); + snprintf(p, SPACELEFT(buf, p), "%s/%d", + hp, ntohs(sa.sin.sin_port)); else - sprintf(p, "%s", hp); + snprintf(p, SPACELEFT(buf, p), "%s", hp); } break; #endif case S_IFCHR: - sprintf(p, "CHR: "); + snprintf(p, SPACELEFT(buf, p), "CHR: "); p += strlen(p); goto defprint; case S_IFBLK: - sprintf(p, "BLK: "); + snprintf(p, SPACELEFT(buf, p), "BLK: "); p += strlen(p); goto defprint; #if defined(S_IFIFO) && (!defined(S_IFSOCK) || S_IFIFO != S_IFSOCK) case S_IFIFO: - sprintf(p, "FIFO: "); + snprintf(p, SPACELEFT(buf, p), "FIFO: "); p += strlen(p); goto defprint; #endif #ifdef S_IFDIR case S_IFDIR: - sprintf(p, "DIR: "); + snprintf(p, SPACELEFT(buf, p), "DIR: "); p += strlen(p); goto defprint; #endif #ifdef S_IFLNK case S_IFLNK: - sprintf(p, "LNK: "); + snprintf(p, SPACELEFT(buf, p), "LNK: "); p += strlen(p); goto defprint; #endif @@ -1623,7 +1633,7 @@ dumpfd(fd, printclosed, logit) fmtstr = "dev=%d/%d, ino=%d, nlink=%d, u/gid=%d/%d, size=%qd"; else fmtstr = "dev=%d/%d, ino=%d, nlink=%d, u/gid=%d/%d, size=%ld"; - sprintf(p, fmtstr, + snprintf(p, SPACELEFT(buf, p), fmtstr, major(st.st_dev), minor(st.st_dev), st.st_ino, st.st_nlink, st.st_uid, st.st_gid, st.st_size); break; @@ -1856,6 +1866,7 @@ prog_open(argv, pfd, e) ** delim -- the delimiter between columns. If null, ** use white space. ** buf -- the output buffer. +** buflen -- the length of buf. ** ** Returns: ** buf if successful. @@ -1863,11 +1874,12 @@ prog_open(argv, pfd, e) */ char * -get_column(line, col, delim, buf) +get_column(line, col, delim, buf, buflen) char line[]; int col; char delim; char buf[]; + int buflen; { char *p; char *begin, *end; @@ -1910,14 +1922,13 @@ get_column(line, col, delim, buf) end = strpbrk(begin, delimbuf); if (end == NULL) - { - strcpy(buf, begin); - } + i = strlen(buf); else - { - strncpy(buf, begin, end - begin); - buf[end - begin] = '\0'; - } + i = end - begin; + if (i >= buflen) + i = buflen - 1; + strncpy(buf, begin, i); + buf[i] = '\0'; return buf; } /*