From 6a4d3690cf8c3d249a351023cb5dfaf1df45aa1b Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Fri, 12 Aug 2005 18:00:30 +0000 Subject: [PATCH] * Bounds checking in CtdlDirectoryLookup() --- citadel/ChangeLog | 4 +++- citadel/internet_addressing.c | 6 +++--- citadel/internet_addressing.h | 2 +- citadel/msgbase.c | 2 +- citadel/serv_vcard.c | 5 ++--- 5 files changed, 10 insertions(+), 9 deletions(-) diff --git a/citadel/ChangeLog b/citadel/ChangeLog index d5d396753..2014bfc9a 100644 --- a/citadel/ChangeLog +++ b/citadel/ChangeLog @@ -1,4 +1,7 @@ $Log$ +Revision 654.15 2005/08/12 18:00:29 ajc +* Bounds checking in CtdlDirectoryLookup() + Revision 654.14 2005/08/12 15:18:27 ajc * updated the roadmap @@ -7042,4 +7045,3 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant Fri Jul 10 1998 Art Cancro * Initial CVS import - diff --git a/citadel/internet_addressing.c b/citadel/internet_addressing.c index f99c1b075..9dbc5b875 100644 --- a/citadel/internet_addressing.c +++ b/citadel/internet_addressing.c @@ -610,12 +610,12 @@ void CtdlDirectoryDelUser(char *internet_addr, char *citadel_addr) { * On success: returns 0, and Citadel address stored in 'target' * On failure: returns nonzero */ -int CtdlDirectoryLookup(char *target, char *internet_addr) { +int CtdlDirectoryLookup(char *target, char *internet_addr, size_t targbuflen) { struct cdbdata *cdbrec; char key[SIZ]; /* Dump it in there unchanged, just for kicks */ - strcpy(target, internet_addr); + safestrncpy(target, internet_addr, targbuflen); /* Only do lookups for addresses with hostnames in them */ if (num_tokens(internet_addr, '@') != 2) return(-1); @@ -626,7 +626,7 @@ int CtdlDirectoryLookup(char *target, char *internet_addr) { directory_key(key, internet_addr); cdbrec = cdb_fetch(CDB_DIRECTORY, key, strlen(key) ); if (cdbrec != NULL) { - safestrncpy(target, cdbrec->ptr, SIZ); + safestrncpy(target, cdbrec->ptr, targbuflen); cdb_free(cdbrec); return(0); } diff --git a/citadel/internet_addressing.h b/citadel/internet_addressing.h index c63ec94cc..6e7b227cf 100644 --- a/citadel/internet_addressing.h +++ b/citadel/internet_addressing.h @@ -21,7 +21,7 @@ int IsDirectory(char *addr); void CtdlDirectoryInit(void); void CtdlDirectoryAddUser(char *internet_addr, char *citadel_addr); void CtdlDirectoryDelUser(char *internet_addr, char *citadel_addr); -int CtdlDirectoryLookup(char *target, char *internet_addr); +int CtdlDirectoryLookup(char *target, char *internet_addr, size_t targbuflen); struct CtdlMessage *convert_internet_message(char *rfc822); int CtdlHostAlias(char *fqdn); diff --git a/citadel/msgbase.c b/citadel/msgbase.c index 941af80b4..a5035ce27 100644 --- a/citadel/msgbase.c +++ b/citadel/msgbase.c @@ -174,7 +174,7 @@ int alias(char *name) fclose(fp); /* Hit the Global Address Book */ - if (CtdlDirectoryLookup(aaa, name) == 0) { + if (CtdlDirectoryLookup(aaa, name, sizeof aaa) == 0) { strcpy(name, aaa); } diff --git a/citadel/serv_vcard.c b/citadel/serv_vcard.c index 1365d07b3..0d18e893a 100644 --- a/citadel/serv_vcard.c +++ b/citadel/serv_vcard.c @@ -128,7 +128,6 @@ void vcard_extract_internet_addresses(struct CtdlMessage *msg, /* * Callback for vcard_add_to_directory() * (Lotsa ugly nested callbacks. Oh well.) - * This little shim function makes sure we're not */ void vcard_directory_add_user(char *internet_addr, char *citadel_addr) { char buf[SIZ]; @@ -139,7 +138,7 @@ void vcard_directory_add_user(char *internet_addr, char *citadel_addr) { */ if (CC->logged_in) { lprintf(CTDL_DEBUG, "Checking for <%s>...\n", internet_addr); - if (CtdlDirectoryLookup(buf, internet_addr) == 0) { + if (CtdlDirectoryLookup(buf, internet_addr, sizeof buf) == 0) { if (strcasecmp(buf, citadel_addr)) { /* This address belongs to someone else. * Bail out silently without saving. @@ -915,7 +914,7 @@ void cmd_qdir(char *argbuf) { extract_token(internet_addr, argbuf, 0, '|', sizeof internet_addr); - if (CtdlDirectoryLookup(citadel_addr, internet_addr) != 0) { + if (CtdlDirectoryLookup(citadel_addr, internet_addr, sizeof citadel_addr) != 0) { cprintf("%d %s was not found.\n", ERROR + NO_SUCH_USER, internet_addr); return; -- 2.30.2