author | Robert Mustacchi <rm@joyent.com> |
Thu, 30 Apr 2015 20:01:26 +0100 | |
changeset 14275 | 704102d4c169 |
parent 18 | 7e2dc246c4e2 |
permissions | -rw-r--r-- |
0 | 1 |
/* |
2 |
* CDDL HEADER START |
|
3 |
* |
|
4 |
* The contents of this file are subject to the terms of the |
|
5 |
* Common Development and Distribution License, Version 1.0 only |
|
6 |
* (the "License"). You may not use this file except in compliance |
|
7 |
* with the License. |
|
8 |
* |
|
9 |
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
10 |
* or http://www.opensolaris.org/os/licensing. |
|
11 |
* See the License for the specific language governing permissions |
|
12 |
* and limitations under the License. |
|
13 |
* |
|
14 |
* When distributing Covered Code, include this CDDL HEADER in each |
|
15 |
* file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
16 |
* If applicable, add the following below this CDDL HEADER, with the |
|
17 |
* fields enclosed by brackets "[]" replaced with your own identifying |
|
18 |
* information: Portions Copyright [yyyy] [name of copyright owner] |
|
19 |
* |
|
20 |
* CDDL HEADER END |
|
21 |
*/ |
|
18 | 22 |
|
23 |
/* |
|
24 |
* Copyright 2001 Sun Microsystems, Inc. All rights reserved. |
|
25 |
* Use is subject to license terms. |
|
26 |
*/ |
|
27 |
||
0 | 28 |
/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ |
29 |
/* All Rights Reserved */ |
|
30 |
||
31 |
/* |
|
32 |
* University Copyright- Copyright (c) 1982, 1986, 1988 |
|
33 |
* The Regents of the University of California |
|
34 |
* All Rights Reserved |
|
35 |
* |
|
36 |
* University Acknowledgment- Portions of this document are derived from |
|
37 |
* software developed by the University of California, Berkeley, and its |
|
38 |
* contributors. |
|
39 |
*/ |
|
40 |
||
41 |
#pragma ident "%Z%%M% %I% %E% SMI" |
|
42 |
||
43 |
/* |
|
44 |
* mailx -- a modified version of a University of California at Berkeley |
|
45 |
* mail program |
|
46 |
* |
|
47 |
* Handle name lists. |
|
48 |
*/ |
|
49 |
||
50 |
#include "rcv.h" |
|
51 |
#include <locale.h> |
|
52 |
||
53 |
static struct name *nalloc(char str[]); |
|
54 |
static int isfileaddr(char *name); |
|
55 |
static int lengthof(struct name *name); |
|
56 |
static struct name *gexpand(struct name *nlist, struct grouphead *gh, int metoo, int arg_ntype); |
|
57 |
static char *norm(register char *user, register char *ubuf, int nbangs); |
|
58 |
static struct name *put(struct name *list, struct name *node); |
|
59 |
||
60 |
/* |
|
61 |
* Allocate a single element of a name list, |
|
62 |
* initialize its name field to the passed |
|
63 |
* name and return it. |
|
64 |
*/ |
|
65 |
||
66 |
static struct name * |
|
67 |
nalloc(char str[]) |
|
68 |
{ |
|
69 |
register struct name *np; |
|
70 |
||
71 |
np = (struct name *) salloc(sizeof *np); |
|
72 |
np->n_flink = NIL; |
|
73 |
np->n_blink = NIL; |
|
74 |
np->n_type = -1; |
|
75 |
np->n_full = savestr(str); |
|
76 |
np->n_name = skin(np->n_full); |
|
77 |
return(np); |
|
78 |
} |
|
79 |
||
80 |
/* |
|
81 |
* Find the tail of a list and return it. |
|
82 |
*/ |
|
83 |
||
84 |
struct name * |
|
85 |
tailof(struct name *name) |
|
86 |
{ |
|
87 |
register struct name *np; |
|
88 |
||
89 |
np = name; |
|
90 |
if (np == NIL) |
|
91 |
return(NIL); |
|
92 |
while (np->n_flink != NIL) |
|
93 |
np = np->n_flink; |
|
94 |
return(np); |
|
95 |
} |
|
96 |
||
97 |
/* |
|
98 |
* Extract a list of names from a line, |
|
99 |
* and make a list of names from it. |
|
100 |
* Return the list or NIL if none found. |
|
101 |
*/ |
|
102 |
||
103 |
struct name * |
|
104 |
extract(char line[], int arg_ntype) |
|
105 |
{ |
|
106 |
short ntype = (short)arg_ntype; |
|
107 |
register char *cp; |
|
108 |
register struct name *top, *np, *t; |
|
109 |
char nbuf[BUFSIZ], abuf[BUFSIZ]; |
|
110 |
int comma; |
|
111 |
||
112 |
if (line == NOSTR || strlen(line) == 0) |
|
113 |
return(NIL); |
|
114 |
comma = docomma(line); |
|
115 |
top = NIL; |
|
116 |
np = NIL; |
|
117 |
cp = line; |
|
118 |
while ((cp = yankword(cp, nbuf, sizeof (nbuf), comma)) != NOSTR) { |
|
119 |
if (np != NIL && equal(nbuf, "at")) { |
|
120 |
nstrcpy(abuf, sizeof (abuf), nbuf); |
|
121 |
if ((cp = yankword(cp, nbuf, sizeof (nbuf), |
|
122 |
comma)) == NOSTR) { |
|
123 |
nstrcpy(nbuf, sizeof (nbuf), abuf); |
|
124 |
goto normal; |
|
125 |
} |
|
126 |
snprintf(abuf, sizeof (abuf), "%s@%s", np->n_name, |
|
127 |
nbuf); |
|
128 |
np->n_name = savestr(abuf); |
|
129 |
continue; |
|
130 |
} |
|
131 |
normal: |
|
132 |
t = nalloc(nbuf); |
|
133 |
t->n_type = ntype; |
|
134 |
if (top == NIL) |
|
135 |
top = t; |
|
136 |
else |
|
137 |
np->n_flink = t; |
|
138 |
t->n_blink = np; |
|
139 |
np = t; |
|
140 |
} |
|
141 |
return(top); |
|
142 |
} |
|
143 |
||
144 |
/* |
|
145 |
* Turn a list of names into a string of the same names. |
|
146 |
*/ |
|
147 |
||
148 |
char * |
|
149 |
detract(register struct name *np, int ntype) |
|
150 |
{ |
|
151 |
register int s; |
|
152 |
register char *cp, *top; |
|
153 |
register struct name *p; |
|
154 |
||
155 |
if (np == NIL) |
|
156 |
return(NOSTR); |
|
157 |
s = 0; |
|
158 |
for (p = np; p != NIL; p = p->n_flink) { |
|
159 |
if ((ntype && (p->n_type & GMASK) != ntype) |
|
160 |
|| (p->n_type & GDEL)) |
|
161 |
continue; |
|
162 |
s += strlen(p->n_full) + 2; |
|
163 |
} |
|
164 |
if (s == 0) |
|
165 |
return(NOSTR); |
|
166 |
top = (char *)salloc((unsigned)(++s)); |
|
167 |
cp = top; |
|
168 |
for (p = np; p != NIL; p = p->n_flink) { |
|
169 |
if ((ntype && (p->n_type & GMASK) != ntype) |
|
170 |
|| (p->n_type & GDEL)) |
|
171 |
continue; |
|
172 |
cp = copy(p->n_full, cp); |
|
173 |
*cp++ = ','; |
|
174 |
*cp++ = ' '; |
|
175 |
} |
|
176 |
*cp = 0; |
|
177 |
return(top); |
|
178 |
} |
|
179 |
||
180 |
struct name * |
|
181 |
outpre(struct name *to) |
|
182 |
{ |
|
183 |
register struct name *np; |
|
184 |
||
185 |
for (np = to; np; np = np->n_flink) |
|
186 |
if (isfileaddr(np->n_name)) |
|
187 |
np->n_type |= GDEL; |
|
188 |
return to; |
|
189 |
} |
|
190 |
||
191 |
/* |
|
192 |
* For each recipient in the passed name list with a / |
|
193 |
* in the name, append the message to the end of the named file |
|
14275
704102d4c169
5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
Robert Mustacchi <rm@joyent.com>
parents:
18
diff
changeset
|
194 |
* and remove them from the recipient list. |
0 | 195 |
* |
196 |
* Recipients whose name begins with | are piped through the given |
|
197 |
* program and removed. |
|
198 |
*/ |
|
199 |
||
200 |
int |
|
201 |
outof(struct name *names, FILE *fo) |
|
202 |
{ |
|
203 |
register int c; |
|
204 |
register struct name *np; |
|
205 |
time_t now; |
|
206 |
char *date, *fname, *shell; |
|
207 |
FILE *fout, *fin; |
|
208 |
int ispipe; |
|
209 |
int nout = 0; |
|
210 |
int fd = 0; |
|
211 |
#ifdef preSVr4 |
|
212 |
char line[BUFSIZ]; |
|
213 |
#endif |
|
214 |
||
14275
704102d4c169
5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
Robert Mustacchi <rm@joyent.com>
parents:
18
diff
changeset
|
215 |
if (value("expandaddr") == NOSTR) |
704102d4c169
5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
Robert Mustacchi <rm@joyent.com>
parents:
18
diff
changeset
|
216 |
return (nout); |
704102d4c169
5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
Robert Mustacchi <rm@joyent.com>
parents:
18
diff
changeset
|
217 |
|
0 | 218 |
for (np = names; np != NIL; np = np->n_flink) { |
219 |
if (!isfileaddr(np->n_name) && np->n_name[0] != '|') |
|
220 |
continue; |
|
221 |
nout++; |
|
222 |
ispipe = np->n_name[0] == '|'; |
|
223 |
if (ispipe) |
|
224 |
fname = np->n_name+1; |
|
225 |
else |
|
226 |
fname = safeexpand(np->n_name); |
|
227 |
||
228 |
/* |
|
229 |
* See if we have copied the complete message out yet. |
|
230 |
* If not, do so. |
|
231 |
*/ |
|
232 |
||
233 |
if (image < 0) { |
|
234 |
fd = open(tempEdit, O_CREAT|O_EXCL|O_APPEND|O_WRONLY, |
|
235 |
0600); |
|
236 |
if ((fd < 0) && (errno == EEXIST)) { |
|
237 |
if ((fd = open(tempEdit, O_APPEND|O_WRONLY, |
|
238 |
0600)) < 0) { |
|
239 |
perror(tempEdit); |
|
240 |
senderr++; |
|
241 |
goto cant; |
|
242 |
} |
|
243 |
} |
|
244 |
if ((fout = fdopen(fd, "a")) == NULL) { |
|
245 |
perror(tempEdit); |
|
246 |
senderr++; |
|
247 |
goto cant; |
|
248 |
} |
|
249 |
image = open(tempEdit, O_RDWR); |
|
250 |
unlink(tempEdit); |
|
251 |
if (image < 0) { |
|
252 |
perror(tempEdit); |
|
253 |
senderr++; |
|
254 |
goto cant; |
|
255 |
} else { |
|
256 |
rewind(fo); |
|
257 |
time(&now); |
|
258 |
date = ctime(&now); |
|
259 |
fprintf(fout, "From %s %s", myname, date); |
|
260 |
while ((c = getc(fo)) != EOF) |
|
261 |
putc(c, fout); |
|
262 |
rewind(fo); |
|
263 |
fflush(fout); |
|
264 |
if (fferror(fout)) |
|
265 |
perror(tempEdit); |
|
266 |
fclose(fout); |
|
267 |
} |
|
268 |
} |
|
269 |
||
270 |
/* |
|
271 |
* Now either copy "image" to the desired file |
|
272 |
* or give it as the standard input to the desired |
|
273 |
* program as appropriate. |
|
274 |
*/ |
|
275 |
||
276 |
if (ispipe) { |
|
277 |
wait((int *)NULL); |
|
278 |
switch (fork()) { |
|
279 |
case 0: |
|
280 |
sigchild(); |
|
281 |
sigset(SIGHUP, SIG_IGN); |
|
282 |
sigset(SIGINT, SIG_IGN); |
|
283 |
sigset(SIGQUIT, SIG_IGN); |
|
284 |
close(0); |
|
285 |
dup(image); |
|
286 |
close(image); |
|
287 |
lseek(0, 0L, 0); |
|
288 |
if ((shell = value("SHELL")) == NOSTR || *shell=='\0') |
|
289 |
shell = SHELL; |
|
290 |
(void) execlp(shell, shell, "-c", fname, (char *)0); |
|
291 |
perror(shell); |
|
292 |
exit(1); |
|
293 |
break; |
|
294 |
||
295 |
case (pid_t)-1: |
|
296 |
perror("fork"); |
|
297 |
senderr++; |
|
298 |
goto cant; |
|
299 |
} |
|
300 |
} |
|
301 |
else { |
|
302 |
if ((fout = fopen(fname, "a")) == NULL) { |
|
303 |
perror(fname); |
|
304 |
senderr++; |
|
305 |
goto cant; |
|
306 |
} |
|
307 |
fin = Fdopen(image, "r"); |
|
308 |
if (fin == NULL) { |
|
309 |
fprintf(stderr, |
|
310 |
gettext("Can't reopen image\n")); |
|
311 |
fclose(fout); |
|
312 |
senderr++; |
|
313 |
goto cant; |
|
314 |
} |
|
315 |
rewind(fin); |
|
316 |
#ifdef preSVr4 |
|
317 |
putc(getc(fin), fout); |
|
318 |
while (fgets(line, sizeof line, fin)) { |
|
319 |
if (!strncmp(line, "From ", 5)) |
|
320 |
putc('>', fout); |
|
321 |
fputs(line, fout); |
|
322 |
} |
|
323 |
#else |
|
324 |
while ((c = getc(fin)) != EOF) |
|
325 |
putc(c, fout); |
|
326 |
#endif |
|
327 |
putc('\n', fout); |
|
328 |
fflush(fout); |
|
329 |
if (fferror(fout)) |
|
330 |
senderr++, perror(fname); |
|
331 |
fclose(fout); |
|
332 |
fclose(fin); |
|
333 |
} |
|
334 |
cant: |
|
335 |
/* |
|
336 |
* In days of old we removed the entry from the |
|
337 |
* the list; now for sake of header expansion |
|
338 |
* we leave it in and mark it as deleted. |
|
339 |
*/ |
|
340 |
||
341 |
#ifdef CRAZYWOW |
|
342 |
{ |
|
343 |
register struct name *t, *x; |
|
344 |
||
345 |
if (np == top) { |
|
346 |
top = np->n_flink; |
|
347 |
if (top != NIL) |
|
348 |
top->n_blink = NIL; |
|
349 |
np = top; |
|
350 |
continue; |
|
351 |
} |
|
352 |
x = np->n_blink; |
|
353 |
t = np->n_flink; |
|
354 |
x->n_flink = t; |
|
355 |
if (t != NIL) |
|
356 |
t->n_blink = x; |
|
357 |
np = t; |
|
358 |
} |
|
359 |
#endif |
|
360 |
||
361 |
np->n_type |= GDEL; |
|
362 |
} |
|
363 |
if (image >= 0) { |
|
364 |
close(image); |
|
365 |
image = -1; |
|
366 |
} |
|
367 |
return(nout); |
|
368 |
} |
|
369 |
||
370 |
/* |
|
371 |
* Determine if the passed address is a local "send to file" address. |
|
372 |
* If any of the network metacharacters precedes any slashes, it can't |
|
373 |
* be a filename. We cheat with .'s to allow path names like ./... |
|
374 |
* If "fcc" has been unset, then short-circuit those tests, but not |
|
375 |
* the +... test. |
|
376 |
*/ |
|
377 |
static int |
|
378 |
isfileaddr(char *name) |
|
379 |
{ |
|
380 |
register char *cp; |
|
381 |
char *fcc = value("fcc"); |
|
382 |
||
383 |
if (any('@', name)) |
|
384 |
return(0); |
|
385 |
if (*name == '+') |
|
386 |
return(1); |
|
387 |
if (fcc == NOSTR) |
|
388 |
return(0); |
|
389 |
for (cp = name; *cp; cp++) { |
|
390 |
if (*cp == '.') |
|
391 |
continue; |
|
392 |
if (any(*cp, metanet)) |
|
393 |
return(0); |
|
394 |
if (*cp == '/') |
|
395 |
return(1); |
|
396 |
} |
|
397 |
return(0); |
|
398 |
} |
|
399 |
||
400 |
/* |
|
401 |
* Map all of the aliased users in the invoker's mailrc |
|
402 |
* file and insert them into the list. |
|
403 |
* Changed after all these months of service to recursively |
|
404 |
* expand names (2/14/80). |
|
405 |
*/ |
|
406 |
||
407 |
struct name * |
|
408 |
usermap(struct name *names) |
|
409 |
{ |
|
410 |
register struct name *newnames, *np, *cp; |
|
411 |
struct grouphead *gh; |
|
412 |
register int metoo; |
|
413 |
||
414 |
newnames = NIL; |
|
415 |
np = names; |
|
416 |
metoo = (value("metoo") != NOSTR); |
|
417 |
while (np != NIL) { |
|
418 |
if (np->n_name[0] == '\\') { |
|
419 |
cp = np->n_flink; |
|
420 |
newnames = put(newnames, np); |
|
421 |
np = cp; |
|
422 |
continue; |
|
423 |
} |
|
424 |
gh = findgroup(np->n_name); |
|
425 |
cp = np->n_flink; |
|
426 |
if (gh != NOGRP) |
|
427 |
newnames = gexpand(newnames, gh, metoo, np->n_type); |
|
428 |
else |
|
429 |
newnames = put(newnames, np); |
|
430 |
np = cp; |
|
431 |
} |
|
432 |
return(newnames); |
|
433 |
} |
|
434 |
||
435 |
/* |
|
436 |
* Recursively expand a group name. We limit the expansion to some |
|
437 |
* fixed level to keep things from going haywire. |
|
438 |
* Direct recursion is not expanded for convenience. |
|
439 |
*/ |
|
440 |
||
441 |
static struct name * |
|
442 |
gexpand(struct name *nlist, struct grouphead *gh, int metoo, int arg_ntype) |
|
443 |
{ |
|
444 |
short ntype = (short)arg_ntype; |
|
445 |
struct mgroup *gp; |
|
446 |
struct grouphead *ngh; |
|
447 |
struct name *np; |
|
448 |
static int depth; |
|
449 |
register char *cp; |
|
450 |
||
451 |
if (depth > MAXEXP) { |
|
452 |
printf(gettext("Expanding alias to depth larger than %d\n"), |
|
453 |
MAXEXP); |
|
454 |
return(nlist); |
|
455 |
} |
|
456 |
depth++; |
|
457 |
for (gp = gh->g_list; gp != NOGE; gp = gp->ge_link) { |
|
458 |
cp = gp->ge_name; |
|
459 |
if (*cp == '\\') |
|
460 |
goto quote; |
|
461 |
if (strcmp(cp, gh->g_name) == 0) |
|
462 |
goto quote; |
|
463 |
if ((ngh = findgroup(cp)) != NOGRP) { |
|
464 |
nlist = gexpand(nlist, ngh, metoo, ntype); |
|
465 |
continue; |
|
466 |
} |
|
467 |
quote: |
|
468 |
np = nalloc(cp); |
|
469 |
np->n_type = ntype; |
|
470 |
/* |
|
471 |
* At this point should allow to expand |
|
472 |
* to self if only person in group |
|
473 |
*/ |
|
474 |
if (gp == gh->g_list && gp->ge_link == NOGE) |
|
475 |
goto skip; |
|
476 |
if (!metoo && samebody(myname, gp->ge_name, FALSE)) |
|
477 |
np->n_type |= GDEL; |
|
478 |
skip: |
|
479 |
nlist = put(nlist, np); |
|
480 |
} |
|
481 |
depth--; |
|
482 |
return(nlist); |
|
483 |
} |
|
484 |
||
485 |
/* |
|
486 |
* Normalize a network name for comparison purposes. |
|
487 |
*/ |
|
488 |
static char * |
|
489 |
norm(register char *user, register char *ubuf, int nbangs) |
|
490 |
{ |
|
491 |
register char *cp; |
|
492 |
int inubuf = 0; |
|
493 |
||
494 |
while (*user++ == '!'); |
|
495 |
user--; |
|
496 |
if (!strchr(user, '!')) { |
|
497 |
snprintf(ubuf, BUFSIZ, "%s!%s", host, user); |
|
498 |
user = ubuf; |
|
499 |
inubuf++; |
|
500 |
} |
|
501 |
if (nbangs) { |
|
502 |
cp = user + strlen(user); |
|
503 |
while (nbangs--) |
|
504 |
while (cp > user && *--cp != '!'); |
|
505 |
user = (cp > user) ? ++cp : cp; |
|
506 |
/* |
|
507 |
* Now strip off all Internet-type |
|
508 |
* hosts. |
|
509 |
*/ |
|
510 |
if ((cp = strchr(user, '%')) == NOSTR) |
|
511 |
cp = strchr(user, '@'); |
|
512 |
if (cp != NOSTR) { |
|
513 |
if (!inubuf) { |
|
514 |
strncpy(ubuf, user, cp - user); |
|
515 |
ubuf[cp - user] = '\0'; |
|
516 |
user = ubuf; |
|
517 |
} else |
|
518 |
*cp = '\0'; |
|
519 |
} |
|
520 |
} |
|
521 |
return user; |
|
522 |
} |
|
523 |
||
524 |
/* |
|
525 |
* Implement allnet options. |
|
526 |
*/ |
|
527 |
int |
|
528 |
samebody(register char *user, register char *addr, int fuzzy) |
|
529 |
{ |
|
530 |
char ubuf[BUFSIZ], abuf[BUFSIZ]; |
|
531 |
char *allnet = value("allnet"); |
|
532 |
int nbangs = allnet ? !strcmp(allnet, "uucp") ? 2 : 1 : 0; |
|
533 |
||
534 |
if (fuzzy && value("fuzzymatch")) { |
|
535 |
int i; |
|
536 |
||
537 |
(void) strlcpy(ubuf, user, BUFSIZ); |
|
538 |
for (i = 0; ubuf[i]; i++) |
|
539 |
ubuf[i] = tolower(ubuf[i]); |
|
540 |
(void) strlcpy(abuf, addr, BUFSIZ); |
|
541 |
for (i = 0; abuf[i]; i++) |
|
542 |
abuf[i] = tolower(abuf[i]); |
|
543 |
return (strstr(abuf, ubuf) != NOSTR); |
|
544 |
} |
|
545 |
user = norm(user, ubuf, nbangs); |
|
546 |
addr = norm(addr, abuf, nbangs); |
|
547 |
return strcmp(user, addr) == 0; |
|
548 |
} |
|
549 |
||
550 |
/* |
|
551 |
* Compute the length of the passed name list and |
|
552 |
* return it. |
|
553 |
*/ |
|
554 |
static int |
|
555 |
lengthof(struct name *name) |
|
556 |
{ |
|
557 |
register struct name *np; |
|
558 |
register int c; |
|
559 |
||
560 |
for (c = 0, np = name; np != NIL; c++, np = np->n_flink) |
|
561 |
; |
|
562 |
return(c); |
|
563 |
} |
|
564 |
||
565 |
/* |
|
566 |
* Concatenate the two passed name lists, return the result. |
|
567 |
*/ |
|
568 |
||
569 |
struct name * |
|
570 |
cat(struct name *n1, struct name *n2) |
|
571 |
{ |
|
572 |
register struct name *tail; |
|
573 |
||
574 |
if (n1 == NIL) |
|
575 |
return(n2); |
|
576 |
if (n2 == NIL) |
|
577 |
return(n1); |
|
578 |
tail = tailof(n1); |
|
579 |
tail->n_flink = n2; |
|
580 |
n2->n_blink = tail; |
|
581 |
return(n1); |
|
582 |
} |
|
583 |
||
584 |
/* |
|
585 |
* Unpack the name list onto a vector of strings. |
|
586 |
* Return an error if the name list won't fit. |
|
587 |
*/ |
|
588 |
||
589 |
char ** |
|
590 |
unpack(struct name *np) |
|
591 |
{ |
|
592 |
register char **ap, **top; |
|
593 |
register struct name *n; |
|
594 |
char hbuf[10]; |
|
595 |
int t, extra, metoo, verbose; |
|
596 |
||
597 |
n = np; |
|
598 |
if ((t = lengthof(n)) == 0) |
|
599 |
panic("No names to unpack"); |
|
600 |
||
601 |
/* |
|
14275
704102d4c169
5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
Robert Mustacchi <rm@joyent.com>
parents:
18
diff
changeset
|
602 |
* Compute the number of extra arguments we will need. We need at least |
704102d4c169
5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
Robert Mustacchi <rm@joyent.com>
parents:
18
diff
changeset
|
603 |
* 3 extra -- one for "mail", one for a terminating -- to stop sendmail |
704102d4c169
5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
Robert Mustacchi <rm@joyent.com>
parents:
18
diff
changeset
|
604 |
* option processing, and one for the terminating 0 pointer. |
704102d4c169
5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
Robert Mustacchi <rm@joyent.com>
parents:
18
diff
changeset
|
605 |
* |
704102d4c169
5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
Robert Mustacchi <rm@joyent.com>
parents:
18
diff
changeset
|
606 |
* Additional spots may be needed to pass along -r and -f to the host |
704102d4c169
5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
Robert Mustacchi <rm@joyent.com>
parents:
18
diff
changeset
|
607 |
* mailer. |
0 | 608 |
*/ |
609 |
||
14275
704102d4c169
5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
Robert Mustacchi <rm@joyent.com>
parents:
18
diff
changeset
|
610 |
extra = 3; |
0 | 611 |
|
612 |
if (rflag != NOSTR) |
|
613 |
extra += 2; |
|
614 |
#ifdef SENDMAIL |
|
615 |
extra++; |
|
616 |
metoo = value("metoo") != NOSTR; |
|
617 |
if (metoo) |
|
618 |
extra++; |
|
619 |
verbose = value("verbose") != NOSTR; |
|
620 |
if (verbose) |
|
621 |
extra++; |
|
622 |
if (hflag) |
|
623 |
extra += 2; |
|
18 | 624 |
#endif /* SENDMAIL */ |
0 | 625 |
top = (char **) salloc((t + extra) * sizeof (char *)); |
626 |
ap = top; |
|
627 |
*ap++ = "mail"; |
|
628 |
if (rflag != NOSTR) { |
|
629 |
*ap++ = "-r"; |
|
630 |
*ap++ = rflag; |
|
631 |
} |
|
632 |
#ifdef SENDMAIL |
|
633 |
*ap++ = "-i"; |
|
634 |
if (metoo) |
|
635 |
*ap++ = "-m"; |
|
636 |
if (verbose) |
|
637 |
*ap++ = "-v"; |
|
638 |
if (hflag) { |
|
639 |
*ap++ = "-h"; |
|
640 |
snprintf(hbuf, sizeof (hbuf), "%d", hflag); |
|
641 |
*ap++ = savestr(hbuf); |
|
642 |
} |
|
14275
704102d4c169
5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
Robert Mustacchi <rm@joyent.com>
parents:
18
diff
changeset
|
643 |
*ap++ = "--"; |
18 | 644 |
#endif /* SENDMAIL */ |
0 | 645 |
while (n != NIL) { |
646 |
if (n->n_type & GDEL) { |
|
647 |
n = n->n_flink; |
|
648 |
continue; |
|
649 |
} |
|
650 |
*ap++ = n->n_name; |
|
651 |
n = n->n_flink; |
|
652 |
} |
|
653 |
*ap = NOSTR; |
|
654 |
return(top); |
|
655 |
} |
|
656 |
||
657 |
/* |
|
658 |
* See if the user named himself as a destination |
|
659 |
* for outgoing mail. If so, set the global flag |
|
660 |
* selfsent so that we avoid removing his mailbox. |
|
661 |
*/ |
|
662 |
||
663 |
void |
|
664 |
mechk(struct name *names) |
|
665 |
{ |
|
666 |
register struct name *np; |
|
667 |
||
668 |
for (np = names; np != NIL; np = np->n_flink) |
|
669 |
if ((np->n_type & GDEL) == 0 && |
|
670 |
samebody(np->n_name, myname, FALSE)) { |
|
671 |
selfsent++; |
|
672 |
return; |
|
673 |
} |
|
674 |
} |
|
675 |
||
676 |
/* |
|
677 |
* Remove all of the duplicates from the passed name list by |
|
678 |
* insertion sorting them, then checking for dups. |
|
679 |
* Return the head of the new list. |
|
680 |
*/ |
|
681 |
||
682 |
struct name * |
|
683 |
elide(struct name *names) |
|
684 |
{ |
|
685 |
register struct name *np, *t, *newnames; |
|
686 |
struct name *x; |
|
687 |
||
688 |
if (names == NIL) |
|
689 |
return(NIL); |
|
690 |
newnames = names; |
|
691 |
np = names; |
|
692 |
np = np->n_flink; |
|
693 |
if (np != NIL) |
|
694 |
np->n_blink = NIL; |
|
695 |
newnames->n_flink = NIL; |
|
696 |
while (np != NIL) { |
|
697 |
t = newnames; |
|
698 |
while (strcmp(t->n_name, np->n_name) < 0) { |
|
699 |
if (t->n_flink == NIL) |
|
700 |
break; |
|
701 |
t = t->n_flink; |
|
702 |
} |
|
703 |
||
704 |
/* |
|
705 |
* If we ran out of t's, put the new entry after |
|
706 |
* the current value of t. |
|
707 |
*/ |
|
708 |
||
709 |
if (strcmp(t->n_name, np->n_name) < 0) { |
|
710 |
t->n_flink = np; |
|
711 |
np->n_blink = t; |
|
712 |
t = np; |
|
713 |
np = np->n_flink; |
|
714 |
t->n_flink = NIL; |
|
715 |
continue; |
|
716 |
} |
|
717 |
||
718 |
/* |
|
719 |
* Otherwise, put the new entry in front of the |
|
720 |
* current t. If at the front of the list, |
|
721 |
* the new guy becomes the new head of the list. |
|
722 |
*/ |
|
723 |
||
724 |
if (t == newnames) { |
|
725 |
t = np; |
|
726 |
np = np->n_flink; |
|
727 |
t->n_flink = newnames; |
|
728 |
newnames->n_blink = t; |
|
729 |
t->n_blink = NIL; |
|
730 |
newnames = t; |
|
731 |
continue; |
|
732 |
} |
|
733 |
||
734 |
/* |
|
735 |
* The normal case -- we are inserting into the |
|
736 |
* middle of the list. |
|
737 |
*/ |
|
738 |
||
739 |
x = np; |
|
740 |
np = np->n_flink; |
|
741 |
x->n_flink = t; |
|
742 |
x->n_blink = t->n_blink; |
|
743 |
t->n_blink->n_flink = x; |
|
744 |
t->n_blink = x; |
|
745 |
} |
|
746 |
||
747 |
/* |
|
748 |
* Now the list headed up by new is sorted. |
|
749 |
* Go through it and remove duplicates. |
|
750 |
* Remember the best "type" among all the |
|
751 |
* duplicates of a name. |
|
752 |
*/ |
|
753 |
||
754 |
np = newnames; |
|
755 |
while (np != NIL) { |
|
756 |
int type; |
|
757 |
||
758 |
t = np; |
|
759 |
type = np->n_type; |
|
760 |
while (t->n_flink!=NIL && |
|
761 |
strcmp(np->n_name, t->n_flink->n_name) == 0) { |
|
762 |
t = t->n_flink; |
|
763 |
/* "To" before "Cc" before "Bcc" */ |
|
764 |
if (t->n_type < type) |
|
765 |
type = t->n_type; |
|
766 |
} |
|
767 |
if (t == np || t == NIL) { |
|
768 |
np = np->n_flink; |
|
769 |
continue; |
|
770 |
} |
|
771 |
||
772 |
/* |
|
773 |
* Now t points to the last entry with the same name |
|
774 |
* as np. Make np point beyond t. |
|
775 |
*/ |
|
776 |
||
777 |
np->n_flink = t->n_flink; |
|
778 |
if (t->n_flink != NIL) |
|
779 |
t->n_flink->n_blink = np; |
|
780 |
np->n_type = type; |
|
781 |
np = np->n_flink; |
|
782 |
} |
|
783 |
return(newnames); |
|
784 |
} |
|
785 |
||
786 |
/* |
|
787 |
* Put another node onto a list of names and return |
|
788 |
* the list. |
|
789 |
*/ |
|
790 |
||
791 |
static struct name * |
|
792 |
put(struct name *list, struct name *node) |
|
793 |
{ |
|
794 |
node->n_flink = list; |
|
795 |
node->n_blink = NIL; |
|
796 |
if (list != NIL) |
|
797 |
list->n_blink = node; |
|
798 |
return(node); |
|
799 |
} |
|
800 |
||
801 |
||
802 |
/* |
|
803 |
* Delete the given name from a namelist. |
|
804 |
*/ |
|
805 |
struct name * |
|
806 |
delname(register struct name *np, char name[]) |
|
807 |
{ |
|
808 |
register struct name *p; |
|
809 |
||
810 |
for (p = np; p != NIL; p = p->n_flink) |
|
811 |
if (samebody(name, p->n_name, FALSE)) { |
|
812 |
if (p->n_blink == NIL) { |
|
813 |
if (p->n_flink != NIL) |
|
814 |
p->n_flink->n_blink = NIL; |
|
815 |
np = p->n_flink; |
|
816 |
continue; |
|
817 |
} |
|
818 |
if (p->n_flink == NIL) { |
|
819 |
if (p->n_blink != NIL) |
|
820 |
p->n_blink->n_flink = NIL; |
|
821 |
continue; |
|
822 |
} |
|
823 |
p->n_blink->n_flink = p->n_flink; |
|
824 |
p->n_flink->n_blink = p->n_blink; |
|
825 |
} |
|
826 |
return(np); |
|
827 |
} |
|
828 |
||
829 |
/* |
|
830 |
* Call the given routine on each element of the name |
|
831 |
* list, replacing said value if need be. |
|
832 |
*/ |
|
833 |
||
834 |
void |
|
835 |
mapf(register struct name *np, char *from) |
|
836 |
{ |
|
837 |
register struct name *p; |
|
838 |
||
839 |
if (debug) fprintf(stderr, "mapf %lx, %s\n", (long)np, from); |
|
840 |
for (p = np; p != NIL; p = p->n_flink) |
|
841 |
if ((p->n_type & GDEL) == 0) { |
|
842 |
p->n_name = netmap(p->n_name, from); |
|
843 |
p->n_full = splice(p->n_name, p->n_full); |
|
844 |
} |
|
845 |
if (debug) fprintf(stderr, "mapf %s done\n", from); |
|
846 |
} |