From: Art Cancro Date: Sun, 5 Mar 2000 03:52:42 +0000 (+0000) Subject: * couple of minor security fixes X-Git-Tag: v7.86~7278 X-Git-Url: https://code.citadel.org/?a=commitdiff_plain;h=16a2143bc7fe969130dd02e8d39fcaffee6b57c0;p=citadel.git * couple of minor security fixes --- diff --git a/citadel/internet_addressing.c b/citadel/internet_addressing.c index 0c00d9fe3..91648a86e 100644 --- a/citadel/internet_addressing.c +++ b/citadel/internet_addressing.c @@ -434,7 +434,7 @@ int convert_field(struct CtdlMessage *msg, int beg, int end) { if (parsed_date < 0L) parsed_date = time(NULL); lprintf(9, "Parsed date is %s", asctime(localtime(&parsed_date))); - sprintf(buf, "%ld", parsed_date ); + snprintf(buf, sizeof buf, "%ld", parsed_date ); if (msg->cm_fields['T'] == NULL) msg->cm_fields['T'] = strdoop(buf); processed = 1; @@ -443,7 +443,7 @@ int convert_field(struct CtdlMessage *msg, int beg, int end) { else if (!strcasecmp(key, "From")) { process_rfc822_addr(value, user, node, name); lprintf(9, "Converted to <%s@%s> (%s)\n", user, node, name); - sprintf(addr, "%s@%s", user, node); + snprintf(addr, sizeof addr, "%s@%s", user, node); if (msg->cm_fields['A'] == NULL) msg->cm_fields['A'] = strdoop(name); processed = 1; @@ -526,7 +526,7 @@ struct CtdlMessage *convert_internet_message(char *rfc822) { /* If there's no timestamp on this message, set it to now. */ if (msg->cm_fields['T'] == NULL) { - sprintf(buf, "%ld", time(NULL)); + snprintf(buf, sizeof buf, "%ld", time(NULL)); msg->cm_fields['T'] = strdoop(buf); } diff --git a/citadel/serv_smtp.c b/citadel/serv_smtp.c index 75e99882e..3174d8932 100644 --- a/citadel/serv_smtp.c +++ b/citadel/serv_smtp.c @@ -371,7 +371,7 @@ void smtp_rcpt(char *argbuf) { alias(recp); cvt = convert_internet_address(user, node, recp); - sprintf(recp, "%s@%s", user, node); + snprintf(recp, sizeof recp, "%s@%s", user, node); lprintf(9, "cvt=%d, citaddr=<%s@%s>\n", cvt, user, node); switch(cvt) { @@ -440,7 +440,7 @@ void smtp_rcpt(char *argbuf) { */ void smtp_deliver_ignet(struct CtdlMessage *msg, char *user, char *dest) { struct ser_ret smr; - char *hold_R, *hold_D; + char *hold_R, *hold_D, *hold_O; FILE *fp; char filename[256]; static int seq = 0; @@ -449,16 +449,20 @@ void smtp_deliver_ignet(struct CtdlMessage *msg, char *user, char *dest) { hold_R = msg->cm_fields['R']; hold_D = msg->cm_fields['D']; + hold_O = msg->cm_fields['O']; msg->cm_fields['R'] = user; msg->cm_fields['D'] = dest; + msg->cm_fields['O'] = MAILROOM; serialize_message(&smr, msg); msg->cm_fields['R'] = hold_R; msg->cm_fields['D'] = hold_D; + msg->cm_fields['O'] = hold_O; if (smr.len != 0) { - sprintf(filename, "./network/spoolin/%s.%04x.%04x", + snprintf(filename, sizeof filename, + "./network/spoolin/%s.%04x.%04x", dest, getpid(), ++seq); lprintf(9, "spool file name is <%s>\n", filename); fp = fopen(filename, "wb"); @@ -500,6 +504,7 @@ int smtp_message_delivery(struct CtdlMessage *msg) { if (msg->cm_fields['A']==NULL) msg->cm_fields['A'] = strdoop(user); if (msg->cm_fields['N']==NULL) msg->cm_fields['N'] = strdoop(node); if (msg->cm_fields['H']==NULL) msg->cm_fields['H'] = strdoop(name); + if (msg->cm_fields['O']==NULL) msg->cm_fields['O'] = strdoop(MAILROOM); /* Save the message in the queue */ msgid = CtdlSaveMsg(msg, @@ -510,7 +515,8 @@ int smtp_message_delivery(struct CtdlMessage *msg) { ++successful_saves; instr = mallok(1024); - sprintf(instr, "Content-type: %s\n\nmsgid|%ld\nsubmitted|%ld\n" + snprintf(instr, 1024, + "Content-type: %s\n\nmsgid|%ld\nsubmitted|%ld\n" "bounceto|%s\n", SPOOLMIME, msgid, time(NULL), SMTP->from ); @@ -550,7 +556,8 @@ int smtp_message_delivery(struct CtdlMessage *msg) { if (!strcasecmp(dtype, "remote")) { extract(user, buf, 1); instr = reallok(instr, strlen(instr) + 1024); - sprintf(&instr[strlen(instr)], + snprintf(&instr[strlen(instr)], + strlen(instr) + 1024, "remote|%s|0\n", user); ++remote_spools; @@ -606,7 +613,7 @@ void smtp_data(void) { generate_rfc822_datestamp(nowstamp, time(NULL)); body = mallok(4096); - if (body != NULL) sprintf(body, + if (body != NULL) snprintf(body, 4096, "Received: from %s\n" " by %s;\n" " %s\n", @@ -832,7 +839,7 @@ void smtp_try(char *key, char *addr, int *status, char *dsn, long msgnum) lprintf(9, "Number of MX hosts for <%s> is %d\n", node, num_mxhosts); if (num_mxhosts < 1) { *status = 5; - sprintf(dsn, "No MX hosts found for <%s>", node); + snprintf(dsn, 256, "No MX hosts found for <%s>", node); return; } @@ -840,9 +847,9 @@ void smtp_try(char *key, char *addr, int *status, char *dsn, long msgnum) extract(buf, mxhosts, mx); lprintf(9, "Trying <%s>\n", buf); sock = sock_connect(buf, "25", "tcp"); - sprintf(dsn, "Could not connect: %s", strerror(errno)); + snprintf(dsn, 256, "Could not connect: %s", strerror(errno)); if (sock >= 0) lprintf(9, "Connected!\n"); - if (sock < 0) sprintf(dsn, "%s", strerror(errno)); + if (sock < 0) snprintf(dsn, 256, "%s", strerror(errno)); if (sock >= 0) break; } @@ -874,7 +881,7 @@ void smtp_try(char *key, char *addr, int *status, char *dsn, long msgnum) /* At this point we know we are talking to a real SMTP server */ /* Do a HELO command */ - sprintf(buf, "HELO %s", config.c_fqdn); + snprintf(buf, sizeof buf, "HELO %s", config.c_fqdn); lprintf(9, ">%s\n", buf); sock_puts(sock, buf); if (sock_gets(sock, buf) < 0) { @@ -898,7 +905,7 @@ void smtp_try(char *key, char *addr, int *status, char *dsn, long msgnum) /* HELO succeeded, now try the MAIL From: command */ - sprintf(buf, "MAIL From: %s", mailfrom); + snprintf(buf, sizeof buf, "MAIL From: %s", mailfrom); lprintf(9, ">%s\n", buf); sock_puts(sock, buf); if (sock_gets(sock, buf) < 0) { @@ -922,7 +929,7 @@ void smtp_try(char *key, char *addr, int *status, char *dsn, long msgnum) /* MAIL succeeded, now try the RCPT To: command */ - sprintf(buf, "RCPT To: %s", addr); + snprintf(buf, sizeof buf, "RCPT To: %s", addr); lprintf(9, ">%s\n", buf); sock_puts(sock, buf); if (sock_gets(sock, buf) < 0) { @@ -1362,7 +1369,8 @@ void smtp_do_procmsg(long msgnum) { msg->cm_anon_type = MES_NORMAL; msg->cm_format_type = FMT_RFC822; msg->cm_fields['M'] = malloc(strlen(instr)+256); - sprintf(msg->cm_fields['M'], + snprintf(msg->cm_fields['M'], + strlen(instr)+256, "Content-type: %s\n\n%s\nattempted|%ld\n", SPOOLMIME, instr, time(NULL) ); phree(instr);