Fixed buffer overflow with too long newsheader
This commit is contained in:
Michiel Broek
@@ -177,7 +177,7 @@ grlist.o: ../config.h ../lib/libs.h ../lib/clcomm.h grlist.h
|
||||
maketags.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/common.h ../lib/clcomm.h maketags.h
|
||||
mbmsg.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/common.h ../lib/clcomm.h ../lib/msg.h ../lib/dbcfg.h ../lib/mberrors.h post.h mbmsg.h
|
||||
newspost.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/common.h ../lib/clcomm.h ../lib/mbinet.h newspost.h
|
||||
postemail.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/dbuser.h ../lib/common.h ../lib/clcomm.h ../lib/mbinet.h postemail.h
|
||||
postemail.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/dbuser.h ../lib/common.h ../lib/clcomm.h ../lib/mbinet.h ../lib/msg.h postemail.h
|
||||
scan.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/common.h ../lib/msg.h ../lib/clcomm.h ../lib/msgtext.h ../lib/dbnode.h ../lib/dbmsgs.h addpkt.h tracker.h ftn2rfc.h rfc2ftn.h rollover.h postemail.h scan.h
|
||||
toberep.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/common.h ../lib/clcomm.h tic.h toberep.h
|
||||
atoul.o: ../config.h ../lib/libs.h atoul.h
|
||||
@@ -186,7 +186,7 @@ hash.o: ../config.h ../lib/libs.h hash.h lhash.h
|
||||
mbaff.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/common.h ../lib/clcomm.h ../lib/dbcfg.h ../lib/msg.h ../lib/mberrors.h announce.h filefind.h mbaff.h
|
||||
mbseq.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/common.h ../lib/clcomm.h ../lib/dbcfg.h mbseq.h
|
||||
notify.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/common.h ../lib/clcomm.h ../lib/msg.h ../lib/msgtext.h ../lib/dbnode.h filemgr.h areamgr.h sendmail.h mgrutil.h notify.h
|
||||
postnetmail.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/common.h ../lib/records.h ../lib/dbcfg.h ../lib/dbuser.h ../lib/dbnode.h ../lib/dbftn.h ../lib/clcomm.h tracker.h addpkt.h storenet.h ftn2rfc.h areamgr.h filemgr.h ping.h bounce.h postemail.h
|
||||
postnetmail.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/common.h ../lib/records.h ../lib/dbcfg.h ../lib/dbuser.h ../lib/dbnode.h ../lib/dbftn.h ../lib/clcomm.h ../lib/msg.h tracker.h addpkt.h storenet.h ftn2rfc.h areamgr.h filemgr.h ping.h bounce.h postemail.h
|
||||
scannews.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/common.h ../lib/clcomm.h ../lib/mbinet.h ../lib/dbdupe.h ../lib/dbnode.h ../lib/dbmsgs.h ../lib/msg.h ../lib/msgtext.h mkftnhdr.h hash.h rollover.h storeecho.h rfc2ftn.h scannews.h
|
||||
tosspkt.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/common.h ../lib/clcomm.h ../lib/msg.h ../lib/msgtext.h ../lib/dbcfg.h ../lib/dbnode.h ../lib/dbmsgs.h ../lib/dbdupe.h ../lib/dbuser.h ../lib/dbftn.h tosspkt.h postnetmail.h postecho.h rollover.h createm.h
|
||||
mbfkill.o: ../config.h ../lib/libs.h ../lib/structs.h ../lib/users.h ../lib/records.h ../lib/common.h ../lib/clcomm.h ../lib/dbcfg.h ../lib/mberrors.h mbfkill.h mbfutil.h
|
||||
|
||||
@@ -1054,10 +1054,10 @@ int AreaMgr(faddr *f, faddr *t, char *replyid, char *subj, time_t mdate, int fla
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Buf = calloc(2049, sizeof(char));
|
||||
Buf = calloc(MAX_LINE_LENGTH +1, sizeof(char));
|
||||
rewind(fp);
|
||||
|
||||
while ((fgets(Buf, 2048, fp)) != NULL) {
|
||||
while ((fgets(Buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
|
||||
/*
|
||||
* Make sure we have the nodes record loaded
|
||||
@@ -1150,7 +1150,7 @@ int AreaMgr(faddr *f, faddr *t, char *replyid, char *subj, time_t mdate, int fla
|
||||
fprintf(np, "\r");
|
||||
fseek(tmp, 0, SEEK_SET);
|
||||
|
||||
while ((fgets(Buf, 2048, tmp)) != NULL) {
|
||||
while ((fgets(Buf, MAX_LINE_LENGTH, tmp)) != NULL) {
|
||||
while ((Buf[strlen(Buf) - 1]=='\n') || (Buf[strlen(Buf) - 1]=='\r')) {
|
||||
Buf[strlen(Buf) - 1] = '\0';
|
||||
}
|
||||
|
||||
@@ -79,7 +79,7 @@ int Bounce(faddr *f, faddr *t, FILE *fp, char *reason)
|
||||
f->domain = xstrcpy(fidonet.domain);
|
||||
|
||||
Syslog('+', "Bounce msg from %s", ascfnode(f, 0xff));
|
||||
Buf = calloc(2049, sizeof(char));
|
||||
Buf = calloc(MAX_LINE_LENGTH +1, sizeof(char));
|
||||
rewind(fp);
|
||||
|
||||
np = tmpfile();
|
||||
@@ -100,7 +100,7 @@ int Bounce(faddr *f, faddr *t, FILE *fp, char *reason)
|
||||
* Add MSGID, REPLY and PID
|
||||
*/
|
||||
fprintf(np, "\001MSGID: %s %08lx\r", ascfnode(from, 0x1f), sequencer());
|
||||
while ((fgets(Buf, 2048, fp)) != NULL) {
|
||||
while ((fgets(Buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
Striplf(Buf);
|
||||
if (strncmp(Buf, "\001MSGID:", 7) == 0) {
|
||||
fprintf(np, "\001REPLY:%s\r", Buf+7);
|
||||
@@ -115,7 +115,7 @@ int Bounce(faddr *f, faddr *t, FILE *fp, char *reason)
|
||||
fprintf(np, "======================================================================\r");
|
||||
|
||||
rewind(fp);
|
||||
while ((fgets(Buf, 2048, fp)) != NULL) {
|
||||
while ((fgets(Buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
Striplf(Buf);
|
||||
if (Buf[0] == '\001') {
|
||||
fprintf(np, "^a");
|
||||
|
||||
@@ -872,10 +872,10 @@ int FileMgr(faddr *f, faddr *t, char *replyid, char *subj, time_t mdate, int fla
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
Buf = calloc(2049, sizeof(char));
|
||||
Buf = calloc(MAX_LINE_LENGTH +1, sizeof(char));
|
||||
rewind(fp);
|
||||
|
||||
while ((fgets(Buf, 2048, fp)) != NULL) {
|
||||
while ((fgets(Buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
|
||||
/*
|
||||
* Make sure we refresh the nodes record.
|
||||
@@ -962,7 +962,7 @@ int FileMgr(faddr *f, faddr *t, char *replyid, char *subj, time_t mdate, int fla
|
||||
fprintf(np, "\r");
|
||||
fseek(tmp, 0, SEEK_SET);
|
||||
|
||||
while ((fgets(Buf, 2048, tmp)) != NULL) {
|
||||
while ((fgets(Buf, MAX_LINE_LENGTH, tmp)) != NULL) {
|
||||
while ((Buf[strlen(Buf) - 1]=='\n') || (Buf[strlen(Buf) - 1]=='\r')) {
|
||||
Buf[strlen(Buf) - 1] = '\0';
|
||||
}
|
||||
|
||||
@@ -79,7 +79,7 @@ int Ping(faddr *f, faddr *t, FILE *fp, int intransit)
|
||||
f->domain = xstrcpy(fidonet.domain);
|
||||
|
||||
Syslog('+', "%s ping msg from %s", intransit ? "Intransit":"Final", ascfnode(f, 0xff));
|
||||
Buf = calloc(2049, sizeof(char));
|
||||
Buf = calloc(MAX_LINE_LENGTH +1, sizeof(char));
|
||||
rewind(fp);
|
||||
|
||||
np = tmpfile();
|
||||
@@ -104,7 +104,7 @@ int Ping(faddr *f, faddr *t, FILE *fp, int intransit)
|
||||
* Add MSGID, REPLY and PID
|
||||
*/
|
||||
fprintf(np, "\001MSGID: %s %08lx\r", ascfnode(from, 0x1f), sequencer());
|
||||
while ((fgets(Buf, 2048, fp)) != NULL) {
|
||||
while ((fgets(Buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
Striplf(Buf);
|
||||
if (strncmp(Buf, "\001MSGID:", 7) == 0) {
|
||||
fprintf(np, "\001REPLY:%s\r", Buf+7);
|
||||
@@ -124,7 +124,7 @@ int Ping(faddr *f, faddr *t, FILE *fp, int intransit)
|
||||
fprintf(np, "======================================================================\r");
|
||||
|
||||
rewind(fp);
|
||||
while ((fgets(Buf, 2048, fp)) != NULL) {
|
||||
while ((fgets(Buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
Striplf(Buf);
|
||||
if (strncmp(Buf, "\1Via", 4) == 0) {
|
||||
fprintf(np, "%s\r", Buf+1);
|
||||
|
||||
@@ -112,9 +112,9 @@ int EchoOut(fidoaddr aka, char *toname, char *fromname, char *subj, FILE *fp, in
|
||||
}
|
||||
|
||||
rewind(fp);
|
||||
buf = calloc(2049, sizeof(char));
|
||||
buf = calloc(MAX_LINE_LENGTH +1, sizeof(char));
|
||||
|
||||
while ((fgets(buf, 2048, fp)) != NULL) {
|
||||
while ((fgets(buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
Striplf(buf);
|
||||
fprintf(qp, "%s\r", buf);
|
||||
}
|
||||
@@ -207,10 +207,10 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
|
||||
/*
|
||||
* Read the message for kludges we need.
|
||||
*/
|
||||
buf = calloc(2049, sizeof(char));
|
||||
buf = calloc(MAX_LINE_LENGTH +1, sizeof(char));
|
||||
First = TRUE;
|
||||
rewind(fp);
|
||||
while ((fgets(buf, 2048, fp)) != NULL) {
|
||||
while ((fgets(buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
|
||||
Striplf(buf);
|
||||
|
||||
@@ -264,7 +264,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
|
||||
* dupecheck. Redy Rodriguez.
|
||||
*/
|
||||
rewind(fp);
|
||||
while ((fgets(buf, 2048, fp)) != NULL) {
|
||||
while ((fgets(buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
Striplf(buf);
|
||||
if (strncmp(buf, "---", 3) == 0)
|
||||
break;
|
||||
@@ -396,7 +396,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
|
||||
rewind(fp);
|
||||
if ((nfp = tmpfile()) == NULL)
|
||||
WriteError("$Unable to open tmpfile");
|
||||
while ((fgets(buf, 2048, fp)) != NULL) {
|
||||
while ((fgets(buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
Striplf(buf);
|
||||
fprintf(nfp, "%s", buf);
|
||||
/*
|
||||
@@ -502,7 +502,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
|
||||
if (strlen(msgs.Newsgroup) && tonews) {
|
||||
rewind(nfp);
|
||||
qp = tmpfile();
|
||||
while ((fgets(buf, 2048, nfp)) != NULL) {
|
||||
while ((fgets(buf, MAX_LINE_LENGTH, nfp)) != NULL) {
|
||||
Striplf(buf);
|
||||
if (kludges && (buf[0] != '\001') && strncmp(buf, "AREA:", 5)) {
|
||||
kludges = FALSE;
|
||||
|
||||
@@ -37,6 +37,7 @@
|
||||
#include "../lib/common.h"
|
||||
#include "../lib/clcomm.h"
|
||||
#include "../lib/mbinet.h"
|
||||
#include "../lib/msg.h"
|
||||
#include "postemail.h"
|
||||
|
||||
|
||||
@@ -90,7 +91,7 @@ int postemail(FILE *fp, char *MailFrom, char *MailTo)
|
||||
return 2;
|
||||
}
|
||||
|
||||
temp = calloc(2048, sizeof(char));
|
||||
temp = calloc(MAX_LINE_LENGTH +1, sizeof(char));
|
||||
sprintf(temp, "MAIL FROM:<%s>\r\n", MailFrom);
|
||||
if (smtp_cmd(temp, 250)) {
|
||||
WriteError("SMTP: refused FROM <%s>", MailFrom);
|
||||
|
||||
@@ -39,6 +39,7 @@
|
||||
#include "../lib/dbnode.h"
|
||||
#include "../lib/dbftn.h"
|
||||
#include "../lib/clcomm.h"
|
||||
#include "../lib/msg.h"
|
||||
#include "tracker.h"
|
||||
#include "addpkt.h"
|
||||
#include "storenet.h"
|
||||
@@ -89,9 +90,9 @@ int postnetmail(FILE *fp, faddr *f, faddr *t, char *orig, char *subject, time_t
|
||||
/*
|
||||
* Extract MSGID and REPLY kludges from this netmail.
|
||||
*/
|
||||
buf = calloc(2049, sizeof(char));
|
||||
buf = calloc(MAX_LINE_LENGTH +1, sizeof(char));
|
||||
rewind(fp);
|
||||
while ((fgets(buf, 2048, fp)) != NULL) {
|
||||
while ((fgets(buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
Striplf(buf);
|
||||
Syslogp('M', printable(buf, 0));
|
||||
if (!strncmp(buf, "\001MSGID: ", 8)) {
|
||||
@@ -432,8 +433,8 @@ int postnetmail(FILE *fp, faddr *f, faddr *t, char *orig, char *subject, time_t
|
||||
* Copy all text including kludges, when
|
||||
* finished, insert our ^aVia line.
|
||||
*/
|
||||
buf = calloc(2048, sizeof(char));
|
||||
while ((fgets(buf, 2048, fp)) != NULL)
|
||||
buf = calloc(MAX_LINE_LENGTH +1, sizeof(char));
|
||||
while ((fgets(buf, MAX_LINE_LENGTH, fp)) != NULL)
|
||||
fprintf(net, "%s\r", buf);
|
||||
|
||||
now = time(NULL);
|
||||
|
||||
@@ -76,7 +76,7 @@ extern int do_learn;
|
||||
extern int news_in;
|
||||
extern int email_in;
|
||||
extern char *replyaddr;
|
||||
|
||||
extern int most_debug;
|
||||
|
||||
|
||||
/*
|
||||
@@ -835,6 +835,7 @@ int needputrfc(rfcmsg *msg, int newsmode)
|
||||
if (!strcasecmp(msg->key,"Precedence")) return 0;
|
||||
if (!strcasecmp(msg->key,"X-Face")) return 0;
|
||||
if (!strcasecmp(msg->key,"X-Accept-Language")) return 0;
|
||||
if (!strncasecmp(msg->key,"X-Spam-", 7)) return 0;
|
||||
/*if (!strcasecmp(msg->key,"")) return ;*/
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -152,10 +152,10 @@ int storeecho(faddr *f, faddr *t, time_t mdate, int flags, char *subj, char *msg
|
||||
* If not a bad or dupe message, eat the first
|
||||
* line (AREA:tag).
|
||||
*/
|
||||
buf = calloc(2049, sizeof(char));
|
||||
buf = calloc(MAX_LINE_LENGTH +1, sizeof(char));
|
||||
rewind(fp);
|
||||
if (!dupe && !bad)
|
||||
fgets(buf , 2048, fp);
|
||||
fgets(buf , MAX_LINE_LENGTH, fp);
|
||||
Msg_Write(fp);
|
||||
Msg_AddMsg();
|
||||
Msg_UnLock();
|
||||
|
||||
@@ -145,8 +145,8 @@ int storenet(faddr *f, faddr *t, time_t mdate, int flags, char *Subj, char *msgi
|
||||
* Check if this is an empty netmail
|
||||
*/
|
||||
rewind(fp);
|
||||
Buf = calloc(2049, sizeof(char));
|
||||
while ((fgets(Buf, 2048, fp)) != NULL) {
|
||||
Buf = calloc(MAX_LINE_LENGTH +1, sizeof(char));
|
||||
while ((fgets(Buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
|
||||
for (i = 0; i < strlen(Buf); i++) {
|
||||
if (*(Buf + i) == '\0')
|
||||
|
||||
@@ -174,7 +174,7 @@ int importmsg(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t
|
||||
Known = TRUE;
|
||||
}
|
||||
|
||||
buf = calloc(2049, sizeof(char));
|
||||
buf = calloc(MAX_LINE_LENGTH +1, sizeof(char));
|
||||
marea = NULL;
|
||||
|
||||
/*
|
||||
@@ -183,7 +183,7 @@ int importmsg(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t
|
||||
rewind(fp);
|
||||
|
||||
FirstLine = TRUE;
|
||||
while ((fgets(buf, 2048, fp)) != NULL) {
|
||||
while ((fgets(buf, MAX_LINE_LENGTH, fp)) != NULL) {
|
||||
|
||||
Striplf(buf);
|
||||
|
||||
@@ -320,7 +320,7 @@ int TossPkt(char *fn)
|
||||
*/
|
||||
int getmessage(FILE *pkt, faddr *p_from, faddr *p_to)
|
||||
{
|
||||
char buf[2048], *orig = NULL, *p, *l, *r, *subj = NULL;
|
||||
char buf[MAX_LINE_LENGTH +1], *orig = NULL, *p, *l, *r, *subj = NULL;
|
||||
int tmp, rc, maxrc = 0, result, flags, cost;
|
||||
static faddr f, t;
|
||||
faddr *o;
|
||||
|
||||
Reference in New Issue
Block a user