Removed
Link Here
|
1 |
--- spamass-milter.cpp.orig 2006-03-23 22:41:36.000000000 +0100 |
2 |
+++ spamass-milter.cpp 2010-05-12 12:05:02.000000000 +0200 |
3 |
@@ -465,26 +465,11 @@ |
4 |
int rv; |
5 |
#endif |
6 |
|
7 |
-#if defined(HAVE_ASPRINTF) |
8 |
- char *buf; |
9 |
-#else |
10 |
- char buf[1024]; |
11 |
-#endif |
12 |
- char *fmt="%s \"%s\""; |
13 |
FILE *p; |
14 |
+ char sendmail_prog[] = SENDMAIL; |
15 |
+ char *const popen_argv[] = { sendmail_prog, spambucket, NULL }; |
16 |
+ pid_t pid; |
17 |
|
18 |
-#if defined(HAVE_ASPRINTF) |
19 |
- asprintf(&buf, fmt, SENDMAIL, spambucket); |
20 |
-#else |
21 |
-#if defined(HAVE_SNPRINTF) |
22 |
- snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, spambucket); |
23 |
-#else |
24 |
- /* XXX possible buffer overflow here */ |
25 |
- sprintf(buf, fmt, SENDMAIL, spambucket); |
26 |
-#endif |
27 |
-#endif |
28 |
- |
29 |
- debug(D_COPY, "calling %s", buf); |
30 |
#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */ |
31 |
rv = pthread_mutex_lock(&popen_mutex); |
32 |
if (rv) |
33 |
@@ -493,15 +478,17 @@ |
34 |
abort(); |
35 |
} |
36 |
#endif |
37 |
- p = popen(buf, "w"); |
38 |
+ debug(D_COPY, "calling %s %s", SENDMAIL, spambucket); |
39 |
+ p = popenv(popen_argv, "w", &pid); |
40 |
if (!p) |
41 |
{ |
42 |
- debug(D_COPY, "popen failed(%s). Will not send a copy to spambucket", strerror(errno)); |
43 |
+ debug(D_COPY, "popenv failed(%s). Will not send a copy to spambucket", strerror(errno)); |
44 |
} else |
45 |
{ |
46 |
// Send message provided by SpamAssassin |
47 |
fwrite(assassin->d().c_str(), assassin->d().size(), 1, p); |
48 |
- pclose(p); p = NULL; |
49 |
+ fclose(p); p = NULL; |
50 |
+ waitpid(pid, NULL, 0); |
51 |
} |
52 |
#if defined(__FreeBSD__) |
53 |
rv = pthread_mutex_unlock(&popen_mutex); |
54 |
@@ -511,9 +498,6 @@ |
55 |
abort(); |
56 |
} |
57 |
#endif |
58 |
-#if defined(HAVE_ASPRINTF) |
59 |
- free(buf); |
60 |
-#endif |
61 |
} |
62 |
return SMFIS_REJECT; |
63 |
} |
64 |
@@ -842,16 +826,12 @@ |
65 |
/* open a pipe to sendmail so we can do address expansion */ |
66 |
|
67 |
char buf[1024]; |
68 |
- char *fmt="%s -bv \"%s\" 2>&1"; |
69 |
+ char sendmail_prog[] = SENDMAIL; |
70 |
+ char sendmail_mode[] = "-bv"; |
71 |
+ char * const popen_argv[] = { sendmail_prog, sendmail_mode, envrcpt[0], NULL }; |
72 |
+ pid_t pid; |
73 |
|
74 |
-#if defined(HAVE_SNPRINTF) |
75 |
- snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]); |
76 |
-#else |
77 |
- /* XXX possible buffer overflow here */ |
78 |
- sprintf(buf, fmt, SENDMAIL, envrcpt[0]); |
79 |
-#endif |
80 |
- |
81 |
- debug(D_RCPT, "calling %s", buf); |
82 |
+ debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]); |
83 |
|
84 |
#if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */ |
85 |
rv = pthread_mutex_lock(&popen_mutex); |
86 |
@@ -862,10 +842,10 @@ |
87 |
} |
88 |
#endif |
89 |
|
90 |
- p = popen(buf, "r"); |
91 |
+ p = popenv(popen_argv, "r", &pid); |
92 |
if (!p) |
93 |
{ |
94 |
- debug(D_RCPT, "popen failed(%s). Will not expand aliases", strerror(errno)); |
95 |
+ debug(D_RCPT, "popenv failed(%s). Will not expand aliases", strerror(errno)); |
96 |
assassin->expandedrcpt.push_back(envrcpt[0]); |
97 |
} else |
98 |
{ |
99 |
@@ -890,7 +870,8 @@ |
100 |
assassin->expandedrcpt.push_back(p+7); |
101 |
} |
102 |
} |
103 |
- pclose(p); p = NULL; |
104 |
+ fclose(p); p = NULL; |
105 |
+ waitpid(pid, NULL, 0); |
106 |
} |
107 |
#if defined(__FreeBSD__) |
108 |
rv = pthread_mutex_unlock(&popen_mutex); |
109 |
@@ -1002,9 +983,9 @@ |
110 |
|
111 |
assassin->output((string) |
112 |
"Received: from "+macro_s+" ("+macro__+")\r\n\t"+ |
113 |
- "by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+ |
114 |
+ "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+ |
115 |
macro_b+"\r\n\t"+ |
116 |
- "(envelope-from "+assassin->from()+"\r\n"); |
117 |
+ "(envelope-from "+assassin->from()+")\r\n"); |
118 |
|
119 |
} else |
120 |
assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n"); |
121 |
@@ -2157,5 +2138,72 @@ |
122 |
warnedmacro = true; |
123 |
} |
124 |
|
125 |
+/* |
126 |
+ untrusted-argument-safe popen function - only supports "r" and "w" modes |
127 |
+ for simplicity, and always reads stdout and stderr in "r" mode. Call |
128 |
+ fclose to close the FILE, and waitpid to reap the child process (pid). |
129 |
+*/ |
130 |
+FILE *popenv(char *const argv[], const char *type, pid_t *pid) |
131 |
+{ |
132 |
+ FILE *iop; |
133 |
+ int pdes[2]; |
134 |
+ int save_errno; |
135 |
+ |
136 |
+ if ((*type != 'r' && *type != 'w') || type[1]) |
137 |
+ { |
138 |
+ errno = EINVAL; |
139 |
+ return (NULL); |
140 |
+ } |
141 |
+ if (pipe(pdes) < 0) |
142 |
+ return (NULL); |
143 |
+ switch (*pid = fork()) { |
144 |
+ |
145 |
+ case -1: /* Error. */ |
146 |
+ save_errno = errno; |
147 |
+ (void)close(pdes[0]); |
148 |
+ (void)close(pdes[1]); |
149 |
+ errno = save_errno; |
150 |
+ return (NULL); |
151 |
+ /* NOTREACHED */ |
152 |
+ case 0: /* Child. */ |
153 |
+ if (*type == 'r') { |
154 |
+ /* |
155 |
+ * The dup2() to STDIN_FILENO is repeated to avoid |
156 |
+ * writing to pdes[1], which might corrupt the |
157 |
+ * parent's copy. This isn't good enough in |
158 |
+ * general, since the exit() is no return, so |
159 |
+ * the compiler is free to corrupt all the local |
160 |
+ * variables. |
161 |
+ */ |
162 |
+ (void)close(pdes[0]); |
163 |
+ (void)dup2(pdes[1], STDOUT_FILENO); |
164 |
+ (void)dup2(pdes[1], STDERR_FILENO); |
165 |
+ if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) { |
166 |
+ (void)close(pdes[1]); |
167 |
+ } |
168 |
+ } else { |
169 |
+ if (pdes[0] != STDIN_FILENO) { |
170 |
+ (void)dup2(pdes[0], STDIN_FILENO); |
171 |
+ (void)close(pdes[0]); |
172 |
+ } |
173 |
+ (void)close(pdes[1]); |
174 |
+ } |
175 |
+ execv(argv[0], argv); |
176 |
+ exit(127); |
177 |
+ /* NOTREACHED */ |
178 |
+ } |
179 |
+ |
180 |
+ /* Parent; assume fdopen can't fail. */ |
181 |
+ if (*type == 'r') { |
182 |
+ iop = fdopen(pdes[0], type); |
183 |
+ (void)close(pdes[1]); |
184 |
+ } else { |
185 |
+ iop = fdopen(pdes[1], type); |
186 |
+ (void)close(pdes[0]); |
187 |
+ } |
188 |
+ |
189 |
+ return (iop); |
190 |
+} |
191 |
+ |
192 |
// }}} |
193 |
// vim6:ai:noexpandtab |