* Bounds checking in CtdlDirectoryLookup()

author Art Cancro <ajc@citadel.org>

Fri, 12 Aug 2005 18:00:30 +0000 (18:00 +0000)

committer Art Cancro <ajc@citadel.org>

Fri, 12 Aug 2005 18:00:30 +0000 (18:00 +0000)
author Art Cancro <ajc@citadel.org>
Fri, 12 Aug 2005 18:00:30 +0000 (18:00 +0000)
committer Art Cancro <ajc@citadel.org>
Fri, 12 Aug 2005 18:00:30 +0000 (18:00 +0000)
diff --git a/citadel/ChangeLog b/citadel/ChangeLog

index d5d3967538b228d60b55ec96fb06bc503f33a1f7..2014bfc9a9022b738f2c20fbeafe54d6456bfce9 100644 (file)
--- a/citadel/ChangeLog
+++ b/citadel/ChangeLog
@@ -1,4 +1,7 @@
  $Log$
+Revision 654.15  2005/08/12 18:00:29  ajc
+* Bounds checking in CtdlDirectoryLookup()
+
  Revision 654.14  2005/08/12 15:18:27  ajc
  * updated the roadmap
  
@@ -7042,4 +7045,3 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant <bryant@cs.usm.maine.edu>
  
  Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
         * Initial CVS import
-
diff --git a/citadel/internet_addressing.c b/citadel/internet_addressing.c

index f99c1b0756b115033e9dc03d47c1ea629aa18c68..9dbc5b875c99573c402656e4cdeb975e8ca628f4 100644 (file)
--- a/citadel/internet_addressing.c
+++ b/citadel/internet_addressing.c
@@ -610,12 +610,12 @@ void CtdlDirectoryDelUser(char *internet_addr, char *citadel_addr) {
   * On success: returns 0, and Citadel address stored in 'target'
   * On failure: returns nonzero
   */
-int CtdlDirectoryLookup(char *target, char *internet_addr) {
+int CtdlDirectoryLookup(char *target, char *internet_addr, size_t targbuflen) {
         struct cdbdata *cdbrec;
         char key[SIZ];
  
         /* Dump it in there unchanged, just for kicks */
-       strcpy(target, internet_addr);
+       safestrncpy(target, internet_addr, targbuflen);
  
         /* Only do lookups for addresses with hostnames in them */
         if (num_tokens(internet_addr, '@') != 2) return(-1);
@@ -626,7 +626,7 @@ int CtdlDirectoryLookup(char *target, char *internet_addr) {
         directory_key(key, internet_addr);
         cdbrec = cdb_fetch(CDB_DIRECTORY, key, strlen(key) );
         if (cdbrec != NULL) {
-               safestrncpy(target, cdbrec->ptr, SIZ);
+               safestrncpy(target, cdbrec->ptr, targbuflen);
                 cdb_free(cdbrec);
                 return(0);
         }
diff --git a/citadel/internet_addressing.h b/citadel/internet_addressing.h

index c63ec94cc6d272fc515ea726e2592fca4eb82436..6e7b227cfa4de8ee29f93f77d97a4ddf9565d69b 100644 (file)
--- a/citadel/internet_addressing.h
+++ b/citadel/internet_addressing.h
@@ -21,7 +21,7 @@ int IsDirectory(char *addr);
  void CtdlDirectoryInit(void);
  void CtdlDirectoryAddUser(char *internet_addr, char *citadel_addr);
  void CtdlDirectoryDelUser(char *internet_addr, char *citadel_addr);
-int CtdlDirectoryLookup(char *target, char *internet_addr);
+int CtdlDirectoryLookup(char *target, char *internet_addr, size_t targbuflen);
  struct CtdlMessage *convert_internet_message(char *rfc822);
  int CtdlHostAlias(char *fqdn);
  
diff --git a/citadel/msgbase.c b/citadel/msgbase.c

index 941af80b4701ee72df29d73e42543e9cabf94feb..a5035ce27644915ec79a25e61efc2b63c945d477 100644 (file)
--- a/citadel/msgbase.c
+++ b/citadel/msgbase.c
@@ -174,7 +174,7 @@ int alias(char *name)
         fclose(fp);
  
         /* Hit the Global Address Book */
-       if (CtdlDirectoryLookup(aaa, name) == 0) {
+       if (CtdlDirectoryLookup(aaa, name, sizeof aaa) == 0) {
                 strcpy(name, aaa);
         }
  
diff --git a/citadel/serv_vcard.c b/citadel/serv_vcard.c

index 1365d07b3b44ecd352760a9ae14f42242a230ceb..0d18e893acb65a9f7d0065681e731d872395dcbd 100644 (file)
--- a/citadel/serv_vcard.c
+++ b/citadel/serv_vcard.c
@@ -128,7 +128,6 @@ void vcard_extract_internet_addresses(struct CtdlMessage *msg,
  /*
   * Callback for vcard_add_to_directory()
   * (Lotsa ugly nested callbacks.  Oh well.)
- * This little shim function makes sure we're not 
   */
  void vcard_directory_add_user(char *internet_addr, char *citadel_addr) {
         char buf[SIZ];
@@ -139,7 +138,7 @@ void vcard_directory_add_user(char *internet_addr, char *citadel_addr) {
          */
         if (CC->logged_in) {
                 lprintf(CTDL_DEBUG, "Checking for <%s>...\n", internet_addr);
-               if (CtdlDirectoryLookup(buf, internet_addr) == 0) {
+               if (CtdlDirectoryLookup(buf, internet_addr, sizeof buf) == 0) {
                         if (strcasecmp(buf, citadel_addr)) {
                                 /* This address belongs to someone else.
                                  * Bail out silently without saving.
@@ -915,7 +914,7 @@ void cmd_qdir(char *argbuf) {
  
         extract_token(internet_addr, argbuf, 0, '|', sizeof internet_addr);
  
-       if (CtdlDirectoryLookup(citadel_addr, internet_addr) != 0) {
+       if (CtdlDirectoryLookup(citadel_addr, internet_addr, sizeof citadel_addr) != 0) {
                 cprintf("%d %s was not found.\n",
                         ERROR + NO_SUCH_USER, internet_addr);
                 return;
author	Art Cancro <ajc@citadel.org>
	Fri, 12 Aug 2005 18:00:30 +0000 (18:00 +0000)
committer	Art Cancro <ajc@citadel.org>
	Fri, 12 Aug 2005 18:00:30 +0000 (18:00 +0000)
citadel/ChangeLog		patch \| blob \| history
citadel/internet_addressing.c		patch \| blob \| history
citadel/internet_addressing.h		patch \| blob \| history
citadel/msgbase.c		patch \| blob \| history
citadel/serv_vcard.c		patch \| blob \| history