34 Commits

Author SHA1 Message Date
Eitan Adler
1d1d4a4727 Check the return error of set[ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.  Custom
security modules, or future implementations of the setuid and setgid
may fail.

PR:		bin/172289
PR:		bin/172290
PR:		bin/172291
Submittud by:	Erik Cederstrand <erik@cederstrand.dk>
Discussed by:	freebsd-security
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:31:22 +00:00
Kevin Lo
a3a2bf4b67 fgets(3) returns a pointer, so compare against NULL, not integer 0. 2012-01-13 06:51:15 +00:00
Joel Dahl
914e11a72b Remove the advertising clause from UCB copyrighted files in usr.sbin. This
is in accordance with the information provided at
ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
2010-12-11 09:38:12 +00:00
Brooks Davis
54404cfb13 In preparation for raising NGROUPS and NGROUPS_MAX, change base
system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically.  Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).

This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.

In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups().  In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.

Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages.  We do not yet support a dynamic NGROUPS, but we
may in the future.

MFC after:	2 weeks
2009-06-19 15:58:24 +00:00
Stefan Farfeleder
6b6c96661e Use the new name H_SETSIZE instead of the old H_EVENT to set the history
size.

PR:		86355
Approved by:	gad
2005-10-19 16:37:52 +00:00
Xin LI
943b456e6a MFS5: Minor style(9) tweak. 2005-02-22 02:56:42 +00:00
Xin LI
c7cc259656 Be more careful when doing el_parse() - only do it when el is
properly initialized, that happens when lpc is called from a tty.
Without this change, it's possible to get SIGSEGV simply doing:
	echo "..:" | lpc

Reported by:	Wojciech A. Koszek <dunstan at freebsd czest pl>
PR:		77462 (patch rewritten by myself)
MFC After:	1 week
2005-02-15 10:23:01 +00:00
Tim J. Robbins
1a7c9b7f5e Fix two buffer overflows caused by off-by-one errors: avoid writing a null
character 1 byte past the end of cmdline[] when libedit is being used for
input, and avoid writing a null pointer 1 element past the end of margv[].

Reviewed by:		gad
2003-10-13 07:24:22 +00:00
Garance A Drosehn
c44a6dcebd More changes to use __FBSDID() for setting rcsids, and fix the
format of 'sccsid' lines so they consistently match style(9)
guidelines.  Note that this means you will have to add '-a' to
the 'strings' command when searching for rcs ids, eg:
     strings -a /usr/sbin/lpc | grep '$FreeBSD'

Reviewed by:	discussed on cvs-src & with bde and obrien
MFC after:	15 days
2003-07-14 22:24:28 +00:00
Garance A Drosehn
dd8faa9ff2 Changes which rewrite 'lpc topq', and which add 'lpc bottomq'. These
reflect much valuable feedback from wollman.  More details on the new
'lpc topq' are in the log message for revision 1.2 of lpc/movejobs.c.

The previous implementation of 'lpc topq' is available as 'lpc xtopq',
in case there are any problems noticed in the new implementation.  If
there are no problems with this version, a later update will remove the
'lpc xtopq' command.

Reviewed by:	freebsd-print@bostonradio.org
MFC after:	6 days
2002-07-17 00:51:19 +00:00
Garance A Drosehn
54032d1198 Add a new command to 'lpc' called 'setstatus', which would be used to
change the status message of a print queue.  This includes some minor
changes to the upstat() routine, so that error messages are not printed
while seteuid(priv-user).

Reviewed by:	freebsd-audit and freebsd-print@bostonradio.org
MFC after:	10 days
2002-06-15 22:51:58 +00:00
David E. O'Brien
757eeda04b *** empty log message *** 2001-10-01 08:43:58 +00:00
Garance A Drosehn
a4c7cc9f12 Fix so that lpc's interactive-mode will not be confused by EditLine processing
into thinking that there is a print-queue called 'xterm'...

Reviewed by:	short discussion on freebsd-stable
MFC after:	1 week
2001-09-17 02:35:34 +00:00
Garance A Drosehn
a33973d41a Get rid of a compile-time warning by casting to (size_t).
MFC after:	1 week
2001-07-23 01:13:20 +00:00
Garance A Drosehn
cda5daf84c Get rid of one compile-time warning by changing an 'int' to a 'size_t'.
MFC after:	1 week
2001-07-15 03:10:54 +00:00
Garance A Drosehn
004c9c5da2 Make 'lpc clean' somewhat safer. Add an 'lpc tclean' command, which allows
one to see what files would be removed *if* an 'lpc clean' is done.  'tclean'
will remove no files, and is therefore not a privileged command.  Also, both
'lpc clean' and 'lpc tclean' will now look for 'core' files in spool directories
(but not remove them).  They also print out an extra line of info when a
datafile to be removed is a symlink (from 'lpr -s'), saying what file it is
a symlink to.

The 'lpc clean' commands also now print out a summary line saying how many
queues were checked, how many files were removed (or "would be" removed, for
tclean), and how much disk space is involved.  For the benefit of those who
have many print queues, 'lpc clean all' will only print out the names of print
queues where some "interesting" files were found, instead of printing out a
header-line for every queue in your printcap file.

Reviewed by:	freebsd-print@bostonradio.org  freebsd-audit@FreeBSD.org
MFC after:	2 weeks
2001-06-25 02:05:03 +00:00
Garance A Drosehn
31058a75d0 Rename global variable 'name' to 'progname', thus fixing a number of
warnings which come up for various routines that have a parameter which
is also called 'name'.

Reviewed by:	freebsd-print@bostonradio.org
MFC after:	1 week
2001-06-15 16:28:37 +00:00
Garance A Drosehn
ba7a1ad76a Fix about 90-100 warnings one gets when trying to compile lpr&friends
with BDECFLAGS on, mainly by adding 'const' to parameters in a number
of routine declarations.  While I'm at it, ANSI-fy all of the routine
declarations.  The resulting object code is exactly the same after
this update as before it, with the exception of one unavoidable
change to lpd.o on freebsd/alpha.

Also added $FreeBSD$ line to lpc/extern.h lpc/lpc.h lptest/lptest.c

Reviewed by:	/sbin/md5, and no feedback from freebsd-audit
2001-06-12 16:38:20 +00:00
Garance A Drosehn
34dae154d0 Get rid of a minor compile-time warning. 2000-11-06 19:19:49 +00:00
Alfred Perlstein
00e64813a2 the code assumes that getgroups() always returns NGROUPS groups, however
that is not true.  Instead of looping NGROUPS times, get the return value
from getgroups() and loop over the return that many times.

Noticed by: David A. Holland <dholland@eecs.harvard.edu>
2000-08-23 23:36:32 +00:00
Matthew Hunt
e97781bf25 Quit on EOF from terminal instead of redisplaying the prompt. 2000-06-30 20:05:21 +00:00
Peter Wemm
97d92980a9 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
Matthew N. Dodd
061bab1a78 Fix some cut and paste damage.
Noticed by: Norman C. Rice <nrice@emu.sourcee.com>
1999-08-20 07:14:46 +00:00
Matthew N. Dodd
0b2d7c2ffc What the heck was I thinking? Nobody else saw this? Sheesh.
(num > MAX) ? MAX : num

rather than

(MAX > num) ? MAX : num

Also, make things a little easier to read while I'm here.
1999-08-20 01:24:35 +00:00
Matthew N. Dodd
43d79ae9ef Use el_source() so we pick up .editrc 1999-08-19 04:10:33 +00:00
Matthew N. Dodd
1950bb45f3 Add support for command line editing and history.
Remove src/contrib/bind/bin/nslookup/commands.c as it is generated by lex
from commands.l.

Submitted by: lpc/cdcontrol patches originally by msmith.
Reviewed by: msmith (in theory)
1999-08-19 03:29:15 +00:00
Garrett Wollman
90cf373d9b Fix additional warnings. Remove -Werror, since some people have complained
about it.

PR:		7886
Submitted by:	Stefan Eggers <seggers@semyam.dinoco.de> (partially)
1998-09-11 18:49:33 +00:00
John Birrell
d1ecde2bbb Cast an argument to int for a printf field width the way that gcc
prefers it. This source is compiled with -Werror so the slightest
warning is enough to ruin my day.
1998-03-22 20:19:27 +00:00
Garrett Wollman
4a1a0dbedb Mega lpd/lpd upgrade, part I:
- Get rid of a lot of the static variables which were shared by
  many routines and programs in the suite.
- Create an abstract interface to the printcap database, so that
  other retrieval and iteration mechanisms could be developed
  (e.g., YP, Hesiod, or automatic retrieval from a trusted server).
- Give each capability a human-readable name in addition to the historic
  two-character one.
- Otherwise generally clean up a lot of dark corners.  Many still remain.
- When submitting jobs, use the official login name record (from getlogin())
  if there is one, rather than reverse-mapping the uid.

More to come...
1997-12-02 20:46:22 +00:00
Philippe Charnier
9b3fe531b5 Use err(3). Add usage(). Various fixes in man pages. 1997-09-24 06:48:24 +00:00
Warner Losh
360d4ad5ab Use setuid/seteuid around dangerous operations. Also a few buffer
overflow patches that were "near" to where these operations are taking
place.  The buffer overflows are from OpenBSD.  The setuid/seteuid patches
are from NetBSD by way of OpenBSD (they changed them a little), at least from
my read of the tree.

This is the first of a series of OpenBSD lpr/et al merges.  It (and them)
should be merged back into 2.2 and/or 2.1 (if requested) branches when they
have been shaken out in -current.
Obtained from: OpenBSD
1997-07-23 00:49:46 +00:00
Warner Losh
bc407914f9 lpc/cmds.c:
From NetBSD via OpenBSD to fix NetBSD PR #506
	More descriptive message for printer status
	(OpenBSD: 1.2)

	Various warnings cleaned up (OpenBSD: 1.4)

lpc/lpc.c:
	Various warnings cleaned up (OpenBSD: 1.3)

lpd/lpd.c:
	Remove trailing blank lines (OpenBSD: 1.2)

	Potential umask problem with creating /dev/printer
	(OpenBSD: 1.4 and 1.5)

	Ftp bounce attack (untested on FreeBSD)
	(OpenBSD: 1.6, 1.8, 1.9)
	Fencepost in strncpy
	(OpenBSD: 1.6)

lpd/printjob.c:
	Fix from freebsd for waiting for an exiting filter, that
	appears not in the FreeBSD CVS tree.
	(OpenBSD: 1.6)

lpd/recvjob.c:
	Buffer overflow protection: use strncpy rather than strcpy.
	(OpenBSD: 1.3)

lpr/lpr.c:
	NetBSD change of return type for main()
	(OpenBSD: 1.2)

	Restrict time running as root
	(OpenBSD: 1.7)

	Use getcwd rather than getwd (from NetBSD)

	Use snprintf rather than sprintf
	(OpenBSD: 1.8)

	Minor tweak to end of loop and buffer overflow sanity.  card()
	overflow already in FreeBSD
	(OpenBSD: 1.9)

lptest/lptest.c:
	void -> int return type of main, from NetBSD via OpenBSD
	(OpenBSD: 1.2)

pac/pac.c:
	void -> int return type of main, from NetBSD via OpenBSD
	(OpenBSD: 1.3)

Obtained from: OpenBSD
1996-10-27 03:06:52 +00:00
Joerg Wunsch
7f72cbbae9 Cleanup.
The removed files are no longer needed, they are actually labelled as
``Use only if you are not 4.4BSD''.  (Yeah, the ol' crufty printcap.c
is really gone!)

Properly declare all external objects in files ending in .h, as
opposed to embed them into files ending in .c.
1996-05-09 22:44:28 +00:00
Joerg Wunsch
0b561052df Vendor-branch import of the 4.4BSD-Lite2 code for lpr. There are
several bugfixes in it that are worth considering.

Don't be alarmed about the import conflicts...

Obtained from: 4.4BSD-Lite2
1996-05-05 14:04:33 +00:00