Fix MAILTO hole by passing -t to sendmail

Submitted by: Mike Pritchard <pritc003@maroon.tc.umn.edu>
1995-04-14 21:54:18 +00:00 · 1995-04-14 21:54:18 +00:00 · d12c09e5c2
commit d12c09e5c2
parent b759fab5af
2 changed files with 5 additions and 33 deletions
--- a/usr.sbin/cron/cron/config.h
+++ b/usr.sbin/cron/cron/config.h
@ -17,7 +17,7 @@

 /* config.h - configurables for Vixie Cron
 *
- * $Id: config.h,v 1.1.1.1 1994/08/27 13:43:04 jkh Exp $
+ * $Id: config.h,v 1.2 1995/04/12 19:28:30 ache Exp $
 */

 #if !defined(_PATH_SENDMAIL)
@ -42,10 +42,11 @@
 			 */

 #define MAILCMD _PATH_SENDMAIL					/*-*/
-#define MAILARGS "%s -FCronDaemon -odi -oem %s"                 /*-*/
+#define MAILARGS "%s -FCronDaemon -odi -oem -t"                 /*-*/
 			/* -Fx	 = set full-name of sender
 			 * -odi	 = Option Deliverymode Interactive
 			 * -oem	 = Option Errors Mailedtosender
+			 * -t    = read recipients from header of message
 			 */

 /* #define MAILCMD "/bin/mail"			/*-*/
--- a/usr.sbin/cron/cron/do_command.c
+++ b/usr.sbin/cron/cron/do_command.c
@ -16,7 +16,7 @@
 */

 #if !defined(lint) && !defined(LINT)
-static char rcsid[] = "$Id: do_command.c,v 1.2 1995/04/12 18:57:37 ache Exp $";
+static char rcsid[] = "$Id: do_command.c,v 1.3 1995/04/13 20:58:13 ache Exp $";
 #endif


@ -94,35 +94,6 @@ child_process(e, u)
 	 */
 	usernm = env_get("LOGNAME", e->envp);
 	mailto = env_get("MAILTO", e->envp);
-	if (mailto != NULL && *mailto) {
-		char *head, *next;
-		int address_found = 0;
-
-		head = mailto;
-		while (isspace(*head))
-			head++;
-		for ( ; (next = strpbrk(head, " \t")) != NULL; head = next) {
-			next++;
-			while (isspace(*next))
-				next++;
-			address_found = 1;
-			if (*head == '-') {
-				mailto = NULL;
-				break;
-			}
-		}
-		if (mailto != NULL && *head) {
-			address_found = 1;
-			if (*head == '-')
-				mailto = NULL;
-		}
-		if (!address_found)
-			mailto = "";
-		if (mailto == NULL) {
-			log_it("CRON",getpid(), usernm, "attempts to crack");
-			exit(ERROR_EXIT);
-		}
-	}

 #ifdef USE_SIGCHLD
 	/* our parent is watching for our death by catching SIGCHLD.  we
@ -396,7 +367,7 @@ child_process(e, u)

 				(void) gethostname(hostname, MAXHOSTNAMELEN);
 				(void) sprintf(mailcmd, MAILARGS,
-					       MAILCMD, mailto);
+					       MAILCMD);
 				if (!(mail = cron_popen(mailcmd, "w"))) {
 					perror(MAILCMD);
 					(void) _exit(ERROR_EXIT);