diff options
author | ghelmer <ghelmer@FreeBSD.org> | 1998-07-09 14:06:54 +0000 |
---|---|---|
committer | ghelmer <ghelmer@FreeBSD.org> | 1998-07-09 14:06:54 +0000 |
commit | a9763843375aae7f73fb3964660c9093f7acbbc5 (patch) | |
tree | 5b16e73abe99d97885726ea8b8fee0c59134bb7a | |
parent | 1716a6b1dd9ed9e5dc3b026f1eba9c439d319a53 (diff) | |
download | FreeBSD-src-a9763843375aae7f73fb3964660c9093f7acbbc5.zip FreeBSD-src-a9763843375aae7f73fb3964660c9093f7acbbc5.tar.gz |
Security and minor functionality changes based on OpenBSD msgs.c:
tmp file (mktemp changed to mkstemp), saved POSIX uids, buffer overflow,
and use PAGER environment variable if set.
Obtained from: OpenBSD
-rw-r--r-- | usr.bin/msgs/msgs.c | 44 |
1 files changed, 30 insertions, 14 deletions
diff --git a/usr.bin/msgs/msgs.c b/usr.bin/msgs/msgs.c index 033a767..f5c37ab 100644 --- a/usr.bin/msgs/msgs.c +++ b/usr.bin/msgs/msgs.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)msgs.c 8.2 (Berkeley) 4/28/95"; #endif static const char rcsid[] = - "$Id: msgs.c,v 1.10 1998/07/07 12:02:59 jkh Exp $"; + "$Id: msgs.c,v 1.11 1998/07/07 22:20:50 jkh Exp $"; #endif /* not lint */ /* @@ -78,6 +78,7 @@ static const char rcsid[] = #include <dirent.h> #include <err.h> #include <errno.h> +#include <fcntl.h> #include <locale.h> #include <pwd.h> #include <setjmp.h> @@ -178,7 +179,8 @@ int argc; char *argv[]; setlocale(LC_ALL, ""); time(&t); - setuid(uid = getuid()); + seteuid(uid = getuid()); + setuid(uid); ruptible = (signal(SIGINT, SIG_IGN) == SIG_DFL); if (ruptible) signal(SIGINT, SIG_DFL); @@ -610,11 +612,16 @@ prmesg(length) int length; { FILE *outf; + char *env_pager; if (use_pager && length > Lpp) { signal(SIGPIPE, SIG_IGN); signal(SIGQUIT, SIG_IGN); - snprintf(cmdbuf, sizeof(cmdbuf), _PATH_PAGER, Lpp); + if ((env_pager = getenv("PAGER")) == NULL) { + snprintf(cmdbuf, sizeof(cmdbuf), _PATH_PAGER, Lpp); + } else { + snprintf(cmdbuf, sizeof(cmdbuf), env_pager); + } outf = popen(cmdbuf, "w"); if (!outf) outf = stdout; @@ -716,7 +723,7 @@ ask(prompt) char *prompt; { char inch; - int n, cmsg; + int n, cmsg, fd; off_t oldpos; FILE *cpfrom, *cpto; @@ -760,15 +767,20 @@ char *prompt; } else strcpy(fname, "Messages"); + fd = open(fname, O_RDWR|O_EXCL|O_CREAT|O_APPEND); } else { strcpy(fname, _PATH_TMP); - mktemp(fname); - snprintf(cmdbuf, sizeof(cmdbuf), _PATH_MAIL, fname); - mailing = YES; + fd = mkstemp(fname); + if (fd != -1) { + snprintf(cmdbuf, sizeof(cmdbuf), _PATH_MAIL, + fname); + mailing = YES; + } } - cpto = fopen(fname, "a"); - if (!cpto) { + if (fd == -1 || (cpto = fdopen(fd, "a")) == NULL) { + if (fd != -1) + close(fd); warn("%s", fname); mailing = NO; fseek(newmsg, oldpos, 0); @@ -798,6 +810,7 @@ gfrsub(infile) FILE *infile; { off_t frompos; + int count; seensubj = seenfrom = NO; local = YES; @@ -815,11 +828,14 @@ FILE *infile; frompos = ftell(infile); ptr = from; in = nxtfld(inbuf); - if (*in) while (*in && *in > ' ') { - if (*in == ':' || *in == '@' || *in == '!') - local = NO; - *ptr++ = *in++; - /* what about sizeof from ? */ + if (*in) { + count = sizeof(from) - 1; + while (*in && *in > ' ' && count-- > 0) { + if (*in == ':' || *in == '@' || + *in == '!') + local = NO; + *ptr++ = *in++; + } } *ptr = NULL; if (*(in = nxtfld(in))) |