diff options
| author | imp <imp@FreeBSD.org> | 1996-10-27 03:06:52 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1996-10-27 03:06:52 +0000 |
| commit | 354a4db3b5ff4e1a474ecd6a53a6b494699bb7e5 (patch) | |
| tree | 66221bf4a36b58f86dc5901d5b3fa62ac74e6013 | |
| parent | 45818699bea7c582d8a5554fabaa32c65e8385f8 (diff) | |
| download | FreeBSD-src-354a4db3b5ff4e1a474ecd6a53a6b494699bb7e5.zip FreeBSD-src-354a4db3b5ff4e1a474ecd6a53a6b494699bb7e5.tar.gz | |
lpc/cmds.c:
From NetBSD via OpenBSD to fix NetBSD PR #506
More descriptive message for printer status
(OpenBSD: 1.2)
Various warnings cleaned up (OpenBSD: 1.4)
lpc/lpc.c:
Various warnings cleaned up (OpenBSD: 1.3)
lpd/lpd.c:
Remove trailing blank lines (OpenBSD: 1.2)
Potential umask problem with creating /dev/printer
(OpenBSD: 1.4 and 1.5)
Ftp bounce attack (untested on FreeBSD)
(OpenBSD: 1.6, 1.8, 1.9)
Fencepost in strncpy
(OpenBSD: 1.6)
lpd/printjob.c:
Fix from freebsd for waiting for an exiting filter, that
appears not in the FreeBSD CVS tree.
(OpenBSD: 1.6)
lpd/recvjob.c:
Buffer overflow protection: use strncpy rather than strcpy.
(OpenBSD: 1.3)
lpr/lpr.c:
NetBSD change of return type for main()
(OpenBSD: 1.2)
Restrict time running as root
(OpenBSD: 1.7)
Use getcwd rather than getwd (from NetBSD)
Use snprintf rather than sprintf
(OpenBSD: 1.8)
Minor tweak to end of loop and buffer overflow sanity. card()
overflow already in FreeBSD
(OpenBSD: 1.9)
lptest/lptest.c:
void -> int return type of main, from NetBSD via OpenBSD
(OpenBSD: 1.2)
pac/pac.c:
void -> int return type of main, from NetBSD via OpenBSD
(OpenBSD: 1.3)
Obtained from: OpenBSD
| -rw-r--r-- | usr.sbin/lpr/common_source/recvjob.c | 6 | ||||
| -rw-r--r-- | usr.sbin/lpr/lpc/cmds.c | 8 | ||||
| -rw-r--r-- | usr.sbin/lpr/lpc/lpc.c | 2 | ||||
| -rw-r--r-- | usr.sbin/lpr/lpd/lpd.c | 38 | ||||
| -rw-r--r-- | usr.sbin/lpr/lpd/printjob.c | 2 | ||||
| -rw-r--r-- | usr.sbin/lpr/lpd/recvjob.c | 6 | ||||
| -rw-r--r-- | usr.sbin/lpr/lpr/lpr.c | 27 | ||||
| -rw-r--r-- | usr.sbin/lpr/lptest/lptest.c | 2 | ||||
| -rw-r--r-- | usr.sbin/lpr/pac/pac.c | 2 | ||||
| -rw-r--r-- | usr.sbin/lpr/runqueue/printjob.c | 2 |
10 files changed, 57 insertions, 38 deletions
diff --git a/usr.sbin/lpr/common_source/recvjob.c b/usr.sbin/lpr/common_source/recvjob.c index fb307c5..040db82 100644 --- a/usr.sbin/lpr/common_source/recvjob.c +++ b/usr.sbin/lpr/common_source/recvjob.c @@ -170,7 +170,8 @@ readjob() * returns */ strcpy(cp + 6, from); - strcpy(tfname, cp); + strncpy(tfname, cp, sizeof tfname-1); + tfname[sizeof tfname-1] = '\0'; tfname[0] = 't'; if (!chksize(size)) { (void) write(1, "\2", 1); @@ -197,7 +198,8 @@ readjob() (void) write(1, "\2", 1); continue; } - (void) strcpy(dfname, cp); + (void) strncpy(dfname, cp, sizeof dfname-1); + dfname[sizeof dfname-1] = '\0'; if (index(dfname, '/')) frecverr("readjob: %s: illegal path name", dfname); diff --git a/usr.sbin/lpr/lpc/cmds.c b/usr.sbin/lpr/lpc/cmds.c index 84c6a4d..722e81b 100644 --- a/usr.sbin/lpr/lpc/cmds.c +++ b/usr.sbin/lpr/lpc/cmds.c @@ -277,7 +277,7 @@ sortq(a, b) d1 = (struct dirent **)a; d2 = (struct dirent **)b; - if (c1 = strcmp((*d1)->d_name + 3, (*d2)->d_name + 3)) + if ((c1 = strcmp((*d1)->d_name + 3, (*d2)->d_name + 3))) return(c1); c1 = (*d1)->d_name[0]; c2 = (*d2)->d_name[0]; @@ -305,7 +305,7 @@ cleanpr() SD = _PATH_DEFSPOOL; printf("%s:\n", printer); - for (lp = line, cp = SD; *lp++ = *cp++; ) + for (lp = line, cp = SD; (*lp++ = *cp++); ) ; lp[-1] = '/'; @@ -592,7 +592,7 @@ putmsg(argc, argv) cp1 = buf; while (--argc >= 0) { cp2 = *argv++; - while (*cp1++ = *cp2++) + while ((*cp1++ = *cp2++)) ; cp1[-1] = ' '; } @@ -815,7 +815,7 @@ prstat() fd = open(line, O_RDONLY); if (fd < 0 || flock(fd, LOCK_SH|LOCK_NB) == 0) { (void) close(fd); /* unlocks as well */ - printf("\tno daemon present\n"); + printf("\tprinter idle\n"); return; } (void) close(fd); diff --git a/usr.sbin/lpr/lpc/lpc.c b/usr.sbin/lpr/lpc/lpc.c index f2938a6..5135163 100644 --- a/usr.sbin/lpr/lpc/lpc.c +++ b/usr.sbin/lpr/lpc/lpc.c @@ -178,7 +178,7 @@ getcmd(name) longest = 0; nmatches = 0; found = 0; - for (c = cmdtab; p = c->c_name; c++) { + for (c = cmdtab; (p = c->c_name); c++) { for (q = name; *q == *p++; q++) if (*q == 0) /* exact match? */ return(c); diff --git a/usr.sbin/lpr/lpd/lpd.c b/usr.sbin/lpr/lpd/lpd.c index feae8e7..898fc48 100644 --- a/usr.sbin/lpr/lpd/lpd.c +++ b/usr.sbin/lpr/lpd/lpd.c @@ -179,6 +179,7 @@ main(argc, argv) } #define mask(s) (1 << ((s) - 1)) omask = sigblock(mask(SIGHUP)|mask(SIGINT)|mask(SIGQUIT)|mask(SIGTERM)); + (void) umask(07); signal(SIGHUP, mcleanup); signal(SIGINT, mcleanup); signal(SIGQUIT, mcleanup); @@ -193,6 +194,7 @@ main(argc, argv) syslog(LOG_ERR, "ubind: %m"); exit(1); } + (void) umask(0); sigsetmask(omask); FD_ZERO(&defreadfds); FD_SET(funix, &defreadfds); @@ -245,6 +247,10 @@ main(argc, argv) domain = AF_INET, fromlen = sizeof(frominet); s = accept(finet, (struct sockaddr *)&frominet, &fromlen); + if (frominet.sin_port == htons(20)) { + close(s); + continue; + } } if (s < 0) { if (errno != EINTR) @@ -494,9 +500,11 @@ chkhost(f) register struct hostent *hp; register FILE *hostf; int first = 1; + int good = 0; f->sin_port = ntohs(f->sin_port); - if (f->sin_family != AF_INET || f->sin_port >= IPPORT_RESERVED) + if (f->sin_family != AF_INET || f->sin_port >= IPPORT_RESERVED || + f->sin_port == htons(20)) fatal("Malformed from address"); /* Need real hostname for temporary filenames */ @@ -506,10 +514,24 @@ chkhost(f) fatal("Host name for your address (%s) unknown", inet_ntoa(f->sin_addr)); - (void) strncpy(fromb, hp->h_name, sizeof(fromb)); + (void) strncpy(fromb, hp->h_name, sizeof(fromb) - 1); from[sizeof(fromb) - 1] = '\0'; from = fromb; + /* Check for spoof, ala rlogind */ + hp = gethostbyname(fromb); + if (!hp) + fatal("hostname for your address (%s) unknown", + inet_ntoa(f->sin_addr)); + for (; good == 0 && hp->h_addr_list[0] != NULL; hp->h_addr_list++) { + if (!bcmp(hp->h_addr_list[0], (caddr_t)&f->sin_addr, + sizeof(f->sin_addr))) + good = 1; + } + if (good == 0) + fatal("address for your hostname (%s) not matched", + inet_ntoa(f->sin_addr)); + hostf = fopen(_PATH_HOSTSEQUIV, "r"); again: if (hostf) { @@ -528,15 +550,3 @@ again: fatal("Your host does not have line printer access"); /*NOTREACHED*/ } - - - - - - - - - - - - diff --git a/usr.sbin/lpr/lpd/printjob.c b/usr.sbin/lpr/lpd/printjob.c index e7e8324..d47d3f0 100644 --- a/usr.sbin/lpr/lpd/printjob.c +++ b/usr.sbin/lpr/lpd/printjob.c @@ -288,6 +288,8 @@ again: if (TR != NULL) /* output trailer */ (void) write(ofd, TR, strlen(TR)); } + (void) close(ofd); + (void) wait(NULL); (void) unlink(tempfile); exit(0); } diff --git a/usr.sbin/lpr/lpd/recvjob.c b/usr.sbin/lpr/lpd/recvjob.c index fb307c5..040db82 100644 --- a/usr.sbin/lpr/lpd/recvjob.c +++ b/usr.sbin/lpr/lpd/recvjob.c @@ -170,7 +170,8 @@ readjob() * returns */ strcpy(cp + 6, from); - strcpy(tfname, cp); + strncpy(tfname, cp, sizeof tfname-1); + tfname[sizeof tfname-1] = '\0'; tfname[0] = 't'; if (!chksize(size)) { (void) write(1, "\2", 1); @@ -197,7 +198,8 @@ readjob() (void) write(1, "\2", 1); continue; } - (void) strcpy(dfname, cp); + (void) strncpy(dfname, cp, sizeof dfname-1); + dfname[sizeof dfname-1] = '\0'; if (index(dfname, '/')) frecverr("readjob: %s: illegal path name", dfname); diff --git a/usr.sbin/lpr/lpr/lpr.c b/usr.sbin/lpr/lpr/lpr.c index 4bb3643..cb041f3 100644 --- a/usr.sbin/lpr/lpr/lpr.c +++ b/usr.sbin/lpr/lpr/lpr.c @@ -45,7 +45,7 @@ static char copyright[] = #ifndef lint static char sccsid[] = "From: @(#)lpr.c 8.4 (Berkeley) 4/28/95" - "\n$Id: lpr.c,v 1.8 1996/10/25 18:14:48 imp Exp $\n"; + "\n$Id: lpr.c,v 1.9 1996/10/26 00:46:34 imp Exp $\n"; #endif /* not lint */ /* @@ -113,7 +113,7 @@ static int nfile __P((char *)); static int test __P((char *)); static void usage __P((void)); -void +int main(argc, argv) int argc; char *argv[]; @@ -272,7 +272,7 @@ main(argc, argv) /* * Check to make sure queuing is enabled if userid is not root. */ - (void) sprintf(buf, "%s/%s", SD, LO); + (void) snprintf(buf, sizeof(buf), "%s/%s", SD, LO); if (userid && stat(buf, &stb) == 0 && (stb.st_mode & 010)) fatal2("Printer queue is disabled"); /* @@ -321,7 +321,8 @@ main(argc, argv) continue; /* file unreasonable */ if (sflag && (cp = linked(arg)) != NULL) { - (void) sprintf(buf, "%d %d", statb.st_dev, statb.st_ino); + (void) snprintf(buf, sizeof(buf), "%d %d", statb.st_dev, + statb.st_ino); card('S', buf); if (format == 'p') card('T', title ? title : arg); @@ -339,12 +340,12 @@ main(argc, argv) printf("%s: %s: not linked, copying instead\n", name, arg); if ((i = open(arg, O_RDONLY)) < 0) { printf("%s: cannot open %s\n", name, arg); - continue; + } else { + copy(i, arg); + (void) close(i); + if (f && unlink(arg) < 0) + printf("%s: %s: not removed\n", name, arg); } - copy(i, arg); - (void) close(i); - if (f && unlink(arg) < 0) - printf("%s: %s: not removed\n", name, arg); } if (nact) { @@ -434,7 +435,7 @@ linked(file) static char buf[BUFSIZ]; if (*file != '/') { - if (getwd(buf) == NULL) + if (getcwd(buf,sizeof(buf)) == NULL) return(NULL); while (file[0] == '.') { switch (file[1]) { @@ -693,7 +694,7 @@ mktemps() register char *cp; char buf[BUFSIZ]; - (void) sprintf(buf, "%s/.seq", SD); + (void) snprintf(buf, sizeof(buf), "%s/.seq", SD); if ((fd = open(buf, O_RDWR|O_CREAT, 0661)) < 0) { printf("%s: cannot create %s\n", name, buf); exit(1); @@ -717,7 +718,7 @@ mktemps() inchar = strlen(SD) + 3; n = (n + 1) % 1000; (void) lseek(fd, (off_t)0, 0); - sprintf(buf, "%03d\n", n); + snprintf(buf, sizeof(buf), "%03d\n", n); (void) write(fd, buf, strlen(buf)); (void) close(fd); /* unlocks as well */ } @@ -734,7 +735,7 @@ lmktemp(id, num, len) if ((s = malloc(len)) == NULL) fatal2("out of memory"); - (void) sprintf(s, "%s/%sA%03d%s", SD, id, num, host); + (void) snprintf(s, len, "%s/%sA%03d%s", SD, id, num, host); return(s); } diff --git a/usr.sbin/lpr/lptest/lptest.c b/usr.sbin/lpr/lptest/lptest.c index 5ce80b5..1cf2206 100644 --- a/usr.sbin/lpr/lptest/lptest.c +++ b/usr.sbin/lpr/lptest/lptest.c @@ -48,7 +48,7 @@ static char sccsid[] = "@(#)lptest.c 8.1 (Berkeley) 6/6/93"; /* * lptest -- line printer test program (and other devices). */ -void +int main(argc, argv) int argc; char **argv; diff --git a/usr.sbin/lpr/pac/pac.c b/usr.sbin/lpr/pac/pac.c index 17e207e..692f005 100644 --- a/usr.sbin/lpr/pac/pac.c +++ b/usr.sbin/lpr/pac/pac.c @@ -98,7 +98,7 @@ static struct hent *lookup __P((char [])); static int qucmp __P((const void *, const void *)); static void rewrite __P((void)); -void +int main(argc, argv) int argc; char **argv; diff --git a/usr.sbin/lpr/runqueue/printjob.c b/usr.sbin/lpr/runqueue/printjob.c index e7e8324..d47d3f0 100644 --- a/usr.sbin/lpr/runqueue/printjob.c +++ b/usr.sbin/lpr/runqueue/printjob.c @@ -288,6 +288,8 @@ again: if (TR != NULL) /* output trailer */ (void) write(ofd, TR, strlen(TR)); } + (void) close(ofd); + (void) wait(NULL); (void) unlink(tempfile); exit(0); } |
