Date: Thu, 15 Oct 1998 21:52:44 GMT From: Studded@gorean.org To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/8339: [PATCH - MFC] for 'mail' Message-ID: <199810152152.VAA01700@dt053nb4.san.rr.com>
next in thread | raw e-mail | index | archive | help
>Number: 8339
>Category: bin
>Synopsis: [PATCH - MFC] for 'mail'
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Oct 15 15:00:01 PDT 1998
>Last-Modified:
>Originator: Doug
>Organization:
AAAG
>Release: FreeBSD 2.2.7-STABLE-1015 i386
>Environment:
Any 2.x system.
>Description:
The 'mail' program contains some overflowable arrays that lead to the
dreaded, "mail in free(): warning: junk pointer, too high to make sense" warnings.
>How-To-Repeat:
Any use of 'mail' with a username, $TMPDIR, etc. which overflows the buffers
causes the error.
>Fix:
Apply the following patch. This is a cvs diff between -Stable and -Current.
The only thing I'm leaving out is the changes from vfork() -> fork() in cmd2.c and
popen.c because they cause the junk pointer error again, and the whole fork/vfork
thing is a -Current'ism. For the record, the changes in these patches are not my
work, I'm just the tackle dummy. :)
Thanks,
Doug
Index: collect.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/mail/collect.c,v
retrieving revision 1.1.1.1.8.1
retrieving revision 1.4
diff -u -r1.1.1.1.8.1 -r1.4
--- collect.c 1998/03/08 09:46:35 1.1.1.1.8.1
+++ collect.c 1998/10/10 09:58:20 1.4
@@ -77,7 +77,7 @@
int lc, cc, escape, eofcount;
register int c, t;
char linebuf[LINESIZE], *cp;
- extern char tempMail[];
+ extern char *tempMail;
char getsub;
int omask;
void collint(), collhup(), collstop();
@@ -472,7 +472,7 @@
{
FILE *nf;
sig_t sigint = signal(SIGINT, SIG_IGN);
- extern char tempEdit[];
+ extern char *tempEdit;
char *shell;
if ((nf = Fopen(tempEdit, "w+")) == NULL) {
@@ -521,7 +521,7 @@
int f;
{
register int *msgvec;
- extern char tempMail[];
+ extern char *tempMail;
struct ignoretab *ig;
char *tabst;
Index: edit.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/mail/edit.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- edit.c 1994/05/27 12:32:06 1.1.1.1
+++ edit.c 1998/10/10 09:58:20 1.2
@@ -148,7 +148,7 @@
time_t modtime;
char *edit;
struct stat statb;
- extern char tempEdit[];
+ extern char *tempEdit;
if ((t = creat(tempEdit, readonly ? 0400 : 0600)) < 0) {
perror(tempEdit);
Index: lex.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/mail/lex.c,v
retrieving revision 1.2.2.1
retrieving revision 1.5
diff -u -r1.2.2.1 -r1.5
--- lex.c 1998/03/08 09:46:49 1.2.2.1
+++ lex.c 1998/10/10 18:37:02 1.5
@@ -64,7 +64,7 @@
char isedit = *name != '%';
char *who = name[1] ? name + 1 : myname;
static int shudclob;
- extern char tempMesg[];
+ extern char *tempMesg;
extern int errno;
if ((name = expand(name)) == NOSTR)
Index: names.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/mail/names.c,v
retrieving revision 1.2.6.1
retrieving revision 1.4
diff -u -r1.2.6.1 -r1.4
--- names.c 1998/03/08 09:47:02 1.2.6.1
+++ names.c 1998/10/10 09:58:20 1.4
@@ -223,7 +223,7 @@
char *date, *fname, *ctime();
FILE *fout, *fin;
int ispipe;
- extern char tempEdit[];
+ extern char *tempEdit;
top = names;
np = names;
Index: quit.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/mail/quit.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- quit.c 1994/05/27 12:32:07 1.1.1.1
+++ quit.c 1998/10/10 09:58:20 1.2
@@ -72,7 +72,7 @@
FILE *ibuf, *obuf, *fbuf, *rbuf, *readstat, *abuf;
register struct message *mp;
register int c;
- extern char tempQuit[], tempResid[];
+ extern char *tempQuit, *tempResid;
struct stat minfo;
char *mbox;
Index: send.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/mail/send.c,v
retrieving revision 1.2.6.1
retrieving revision 1.5
diff -u -r1.2.6.1 -r1.5
--- send.c 1998/03/08 09:47:07 1.2.6.1
+++ send.c 1998/10/10 09:58:20 1.5
@@ -428,7 +428,7 @@
struct header *hp;
FILE *fi;
{
- extern char tempMail[];
+ extern char *tempMail;
register FILE *nfo, *nfi;
register int c;
Index: temp.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/mail/temp.c,v
retrieving revision 1.2.6.1
retrieving revision 1.5
diff -u -r1.2.6.1 -r1.5
--- temp.c 1997/07/28 06:43:49 1.2.6.1
+++ temp.c 1998/10/10 19:01:47 1.5
@@ -49,11 +49,11 @@
* Give names to all the temporary files that we will need.
*/
-char tempMail[24];
-char tempQuit[24];
-char tempEdit[24];
-char tempResid[24];
-char tempMesg[24];
+char *tempMail;
+char *tempQuit;
+char *tempEdit;
+char *tempResid;
+char *tempMesg;
char *tmpdir;
void
@@ -67,21 +67,31 @@
else {
len = strlen(tmpdir);
if ((cp = malloc(len + 2)) == NULL)
- err(1, NULL);
+ panic("Out of memory");
(void)strcpy(cp, tmpdir);
cp[len] = '/';
cp[len + 1] = '\0';
tmpdir = cp;
}
-
+ len = strlen(tmpdir);
+ if ((tempMail = malloc(len + sizeof("RsXXXXXX"))) == NULL)
+ panic("Out of memory");
strcpy(tempMail, tmpdir);
mktemp(strcat(tempMail, "RsXXXXXX"));
+ if ((tempResid = malloc(len + sizeof("RqXXXXXX"))) == NULL)
+ panic("Out of memory");
strcpy(tempResid, tmpdir);
mktemp(strcat(tempResid, "RqXXXXXX"));
+ if ((tempQuit = malloc(len + sizeof("RmXXXXXX"))) == NULL)
+ panic("Out of memory");
strcpy(tempQuit, tmpdir);
mktemp(strcat(tempQuit, "RmXXXXXX"));
+ if ((tempEdit = malloc(len + sizeof("ReXXXXXX"))) == NULL)
+ panic("Out of memory");
strcpy(tempEdit, tmpdir);
mktemp(strcat(tempEdit, "ReXXXXXX"));
+ if ((tempMesg = malloc(len + sizeof("RxXXXXXX"))) == NULL)
+ panic("Out of memory");
strcpy(tempMesg, tmpdir);
mktemp(strcat(tempMesg, "RxXXXXXX"));
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810152152.VAA01700>