d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* fix ctm(8) to use mkstemp() instead of tempnam() for tempfile

Browse Source 
creation.

* Tag the internal err() function with __printflike to allow checking
  for non-constant format string arguments (none exist)

* Use fmtcheck() to sanitize the tar command obtained via -t to make
  sure it doesn't contain extraneous format operators.

Reviewed by:    mikeh
MFC after:      1 week
This commit is contained in:
Kris Kennaway 2001-05-06 03:03:45 +00:00
parent 69a66c62c2
commit dde222577d
5 changed files with 64 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
usr.sbin/ctm/ctm/ctm_pass2.c
View File

@ -22,7 +22,7 @@ Pass2(FILE *fd)
{
u_char *p,*q,*md5=0;
MD5_CTX ctx;
int i,j,sep,cnt;
int i,j,sep,cnt,fdesc;
u_char *trash=0,*name=0;
struct CTM_Syntax *sp;
struct stat st;
@ -31,6 +31,7 @@ Pass2(FILE *fd)
char md5_1[33];
struct CTM_Filter *filter;
FILE *ed = NULL;
static char *template = NULL;
if(Verbose>3)
printf("Pass2 -- Checking if CTM-patch will apply\n");
@ -187,8 +188,37 @@ Pass2(FILE *fd)
GETDATA(trash,cnt);
if (!match)
break;
if (!template) {
if (asprintf(&template, "%s/CTMclientXXXXXX",
TmpDir) == -1) {
fprintf(stderr, " %s: malloc failed.\n",
sp->Key);
ret |= Exit_Mess;
return ret;
}
}
if(!strcmp(sp->Key,"FN")) {
p = tempnam(TmpDir,"CTMclient");
if ((p = strdup(template)) == NULL) {
fprintf(stderr, " %s: malloc failed.\n",
sp->Key);
ret |= Exit_Mess;
return ret;
}
if ((fdesc = mkstemp(p)) == -1) {
fprintf(stderr, " %s: mkstemp failed.\n",
sp->Key);
ret |= Exit_Mess;
Free(p);
return ret;
}
if (close(fdesc) == -1) {
fprintf(stderr, " %s: close failed.\n",
sp->Key);
ret |= Exit_Mess;
unlink(p);
Free(p);
return ret;
}
j = ctm_edit(trash,cnt,name,p);
if(j) {
fprintf(stderr," %s: %s edit returned %d.\n",
@ -208,7 +238,27 @@ Pass2(FILE *fd)
unlink(p);
Free(p);
} else if (!strcmp(sp->Key,"FE")) {
p = tempnam(TmpDir,"CTMclient");
if ((p = strdup(template)) == NULL) {
fprintf(stderr, " %s: malloc failed.\n",
sp->Key);
ret |= Exit_Mess;
return ret;
}
if ((fdesc = mkstemp(p)) == -1) {
fprintf(stderr, " %s: mkstemp failed.\n",
sp->Key);
ret |= Exit_Mess;
Free(p);
return ret;
}
if (close(fdesc) == -1) {
fprintf(stderr, " %s: close failed.\n",
sp->Key);
ret |= Exit_Mess;
unlink(p);
Free(p);
return ret;
}
ed = popen("ed","w");
if (!ed) {
WRONG

2
usr.sbin/ctm/ctm/ctm_passb.c
View File

@ -36,7 +36,7 @@ PassB(FILE *fd)
printf("PassB -- Backing up files which would be changed.\n");
MD5Init (&ctx);
sprintf(buf, TarCmd, BackupFile);
snprintf(buf, sizeof(buf), fmtcheck(TarCmd, TARCMD), BackupFile);
b=popen(buf, "w");
if(!b) { warn("%s", buf); return Exit_Garbage; }

2
usr.sbin/ctm/ctm_rmail/ctm_rmail.c
View File

@ -509,7 +509,7 @@ combine(char *delta, int npieces, char *dname, char *pname, char *tname)
err("cannot open '%s' for writing", tname);
}
else
err("*mktemp: '%s'", tname);
err("*mkstemp: '%s'", tname);
return 0;
}

7
usr.sbin/ctm/ctm_rmail/error.c
View File

@ -12,6 +12,11 @@
* Maybe you should write some free software too.
*/
#ifndef lint
static const char rcsid[] =
"$FreeBSD$";
#endif /* not lint */
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
@ -58,7 +63,7 @@ err_prog_name(char *name)
* decoded and appended.
*/
void
err(char *fmt, ...)
err(const char *fmt, ...)
{
va_list ap;
time_t now;

4
usr.sbin/ctm/ctm_rmail/error.h
View File

@ -1,3 +1,5 @@
/* $FreeBSD$ */
extern void err_set_log(char *log_file);
extern void err_prog_name(char *name);
extern void err(char *fmt, ...);
extern void err(const char *fmt, ...) __printflike(1, 2);