* Bounds checking in CtdlDirectoryLookup()

[citadel.git] / citadel / internet_addressing.c

diff --git a/citadel/internet_addressing.c b/citadel/internet_addressing.c
index 3d6fb13b20cdc8f0a0c27f7db290f9826e7a14f2..9dbc5b875c99573c402656e4cdeb975e8ca628f4 100644 (file)
--- a/citadel/internet_addressing.c
+++ b/citadel/internet_addressing.c
@@ -70,8 +70,8 @@ struct spamstrings_t *spamstrings = NULL;
 int CtdlHostAlias(char *fqdn) {
        int config_lines;
        int i;
-       char buf[SIZ];
-       char host[SIZ], type[SIZ];
+       char buf[256];
+       char host[256], type[256];
 
        if (fqdn == NULL) return(hostalias_nomatch);
        if (strlen(fqdn) == 0) return(hostalias_nomatch);
@@ -82,9 +82,9 @@ int CtdlHostAlias(char *fqdn) {
 
        config_lines = num_tokens(inetcfg, '\n');
        for (i=0; i<config_lines; ++i) {
-               extract_token(buf, inetcfg, i, '\n');
-               extract_token(host, buf, 0, '|');
-               extract_token(type, buf, 1, '|');
+               extract_token(buf, inetcfg, i, '\n', sizeof buf);
+               extract_token(host, buf, 0, '|', sizeof host);
+               extract_token(type, buf, 1, '|', sizeof type);
 
                if ( (!strcasecmp(type, "localhost"))
                   && (!strcasecmp(fqdn, host)))
@@ -407,7 +407,6 @@ struct CtdlMessage *convert_internet_message(char *rfc822) {
        msg->cm_format_type = FMT_RFC822;       /* internet message */
        msg->cm_fields['M'] = rfc822;
 
-       lprintf(CTDL_DEBUG, "Unconverted RFC822 message length = %ld\n", (long)strlen(rfc822));
        pos = 0;
        done = 0;
 
@@ -465,8 +464,6 @@ struct CtdlMessage *convert_internet_message(char *rfc822) {
                msg->cm_fields['T'] = strdup(buf);
        }
 
-       lprintf(CTDL_DEBUG, "RFC822 length remaining after conversion = %ld\n",
-               (long)strlen(rfc822));
        return msg;
 }
 
@@ -552,21 +549,18 @@ void directory_key(char *key, char *addr) {
  * the directory
  */
 int IsDirectory(char *addr) {
-       char domain[SIZ];
+       char domain[256];
        int h;
 
-       extract_token(domain, addr, 1, '@');
+       extract_token(domain, addr, 1, '@', sizeof domain);
        striplt(domain);
 
        h = CtdlHostAlias(domain);
-       lprintf(CTDL_DEBUG, "IsDirectory(%s)\n", domain);
 
        if ( (h == hostalias_localhost) || (h == hostalias_directory) ) {
-               lprintf(CTDL_DEBUG, " ...yes\n");
                return(1);
        }
        else {
-               lprintf(CTDL_DEBUG, " ...no\n");
                return(0);
        }
 }
@@ -616,12 +610,12 @@ void CtdlDirectoryDelUser(char *internet_addr, char *citadel_addr) {
  * On success: returns 0, and Citadel address stored in 'target'
  * On failure: returns nonzero
  */
-int CtdlDirectoryLookup(char *target, char *internet_addr) {
+int CtdlDirectoryLookup(char *target, char *internet_addr, size_t targbuflen) {
        struct cdbdata *cdbrec;
        char key[SIZ];
 
        /* Dump it in there unchanged, just for kicks */
-       strcpy(target, internet_addr);
+       safestrncpy(target, internet_addr, targbuflen);
 
        /* Only do lookups for addresses with hostnames in them */
        if (num_tokens(internet_addr, '@') != 2) return(-1);
@@ -632,7 +626,7 @@ int CtdlDirectoryLookup(char *target, char *internet_addr) {
        directory_key(key, internet_addr);
        cdbrec = cdb_fetch(CDB_DIRECTORY, key, strlen(key) );
        if (cdbrec != NULL) {
-               safestrncpy(target, cdbrec->ptr, SIZ);
+               safestrncpy(target, cdbrec->ptr, targbuflen);
                cdb_free(cdbrec);
                return(0);
        }