diff options
author | ache <ache@FreeBSD.org> | 1995-04-13 20:58:13 +0000 |
---|---|---|
committer | ache <ache@FreeBSD.org> | 1995-04-13 20:58:13 +0000 |
commit | 81860156cc5e3c0aa7f3cae5f4e89f26bc558bd7 (patch) | |
tree | 6537ccd1970360013f21d96f12ab387109a22446 /usr.sbin/cron | |
parent | ef3c093b05e9a14fc7ff702c3807b28f4fb03cbb (diff) | |
download | FreeBSD-src-81860156cc5e3c0aa7f3cae5f4e89f26bc558bd7.zip FreeBSD-src-81860156cc5e3c0aa7f3cae5f4e89f26bc558bd7.tar.gz |
Really fix MAILTO hole by parsing spaces.
Remove local bitstring copy
Diffstat (limited to 'usr.sbin/cron')
-rw-r--r-- | usr.sbin/cron/cron/Makefile | 1 | ||||
-rw-r--r-- | usr.sbin/cron/cron/do_command.c | 33 |
2 files changed, 29 insertions, 5 deletions
diff --git a/usr.sbin/cron/cron/Makefile b/usr.sbin/cron/cron/Makefile index 09cde80..905c3ec 100644 --- a/usr.sbin/cron/cron/Makefile +++ b/usr.sbin/cron/cron/Makefile @@ -2,7 +2,6 @@ BINDIR?= /usr/sbin PROG= cron SRCS= cron.c database.c do_command.c job.c user.c popen.c -MAN3= bitstring.3 MAN8= cron.8 .if exists(${.CURDIR}/../lib/obj) diff --git a/usr.sbin/cron/cron/do_command.c b/usr.sbin/cron/cron/do_command.c index 739191e6..a613b7f 100644 --- a/usr.sbin/cron/cron/do_command.c +++ b/usr.sbin/cron/cron/do_command.c @@ -16,7 +16,7 @@ */ #if !defined(lint) && !defined(LINT) -static char rcsid[] = "$Id: do_command.c,v 1.1.1.1 1994/08/27 13:43:03 jkh Exp $"; +static char rcsid[] = "$Id: do_command.c,v 1.2 1995/04/12 18:57:37 ache Exp $"; #endif @@ -94,9 +94,34 @@ child_process(e, u) */ usernm = env_get("LOGNAME", e->envp); mailto = env_get("MAILTO", e->envp); - if (mailto && *mailto == '-') { - log_it("CRON",getpid(), usernm, "attempts to crack"); - exit(ERROR_EXIT); + if (mailto != NULL && *mailto) { + char *head, *next; + int address_found = 0; + + head = mailto; + while (isspace(*head)) + head++; + for ( ; (next = strpbrk(head, " \t")) != NULL; head = next) { + next++; + while (isspace(*next)) + next++; + address_found = 1; + if (*head == '-') { + mailto = NULL; + break; + } + } + if (mailto != NULL && *head) { + address_found = 1; + if (*head == '-') + mailto = NULL; + } + if (!address_found) + mailto = ""; + if (mailto == NULL) { + log_it("CRON",getpid(), usernm, "attempts to crack"); + exit(ERROR_EXIT); + } } #ifdef USE_SIGCHLD |