$Log$
+Revision 654.15 2005/08/12 18:00:29 ajc
+* Bounds checking in CtdlDirectoryLookup()
+
Revision 654.14 2005/08/12 15:18:27 ajc
* updated the roadmap
Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
* Initial CVS import
-
* On success: returns 0, and Citadel address stored in 'target'
* On failure: returns nonzero
*/
-int CtdlDirectoryLookup(char *target, char *internet_addr) {
+int CtdlDirectoryLookup(char *target, char *internet_addr, size_t targbuflen) {
struct cdbdata *cdbrec;
char key[SIZ];
/* Dump it in there unchanged, just for kicks */
- strcpy(target, internet_addr);
+ safestrncpy(target, internet_addr, targbuflen);
/* Only do lookups for addresses with hostnames in them */
if (num_tokens(internet_addr, '@') != 2) return(-1);
directory_key(key, internet_addr);
cdbrec = cdb_fetch(CDB_DIRECTORY, key, strlen(key) );
if (cdbrec != NULL) {
- safestrncpy(target, cdbrec->ptr, SIZ);
+ safestrncpy(target, cdbrec->ptr, targbuflen);
cdb_free(cdbrec);
return(0);
}
void CtdlDirectoryInit(void);
void CtdlDirectoryAddUser(char *internet_addr, char *citadel_addr);
void CtdlDirectoryDelUser(char *internet_addr, char *citadel_addr);
-int CtdlDirectoryLookup(char *target, char *internet_addr);
+int CtdlDirectoryLookup(char *target, char *internet_addr, size_t targbuflen);
struct CtdlMessage *convert_internet_message(char *rfc822);
int CtdlHostAlias(char *fqdn);
fclose(fp);
/* Hit the Global Address Book */
- if (CtdlDirectoryLookup(aaa, name) == 0) {
+ if (CtdlDirectoryLookup(aaa, name, sizeof aaa) == 0) {
strcpy(name, aaa);
}
/*
* Callback for vcard_add_to_directory()
* (Lotsa ugly nested callbacks. Oh well.)
- * This little shim function makes sure we're not
*/
void vcard_directory_add_user(char *internet_addr, char *citadel_addr) {
char buf[SIZ];
*/
if (CC->logged_in) {
lprintf(CTDL_DEBUG, "Checking for <%s>...\n", internet_addr);
- if (CtdlDirectoryLookup(buf, internet_addr) == 0) {
+ if (CtdlDirectoryLookup(buf, internet_addr, sizeof buf) == 0) {
if (strcasecmp(buf, citadel_addr)) {
/* This address belongs to someone else.
* Bail out silently without saving.
extract_token(internet_addr, argbuf, 0, '|', sizeof internet_addr);
- if (CtdlDirectoryLookup(citadel_addr, internet_addr) != 0) {
+ if (CtdlDirectoryLookup(citadel_addr, internet_addr, sizeof citadel_addr) != 0) {
cprintf("%d %s was not found.\n",
ERROR + NO_SUCH_USER, internet_addr);
return;