[INN] #136: Check user input used as string literals
INN
rra at stanford.edu
Sat Jul 4 21:19:24 UTC 2015
#136: Check user input used as string literals
---------------------+-------------------
Reporter: iulius | Owner: eagle
Type: defect | Status: new
Priority: low | Milestone:
Component: general | Version: 2.5.4
Severity: minor | Keywords:
---------------------+-------------------
The following programs use format strings that are not string literals at
compile time; they come from user input and are not currently sanity-
checked.
User input should be checked before being used. We can do something like
what the IsValidSubmissionTemplate() function does in lib/getmodaddr.c.
batcher: check the values of the arguments given to the -p and -s
parameters
buffchan: check the value of the argument given to the -d parameter
innfeed: check the contents of the timeToStringFormat and deliver_rcpt_to
variables (from the log-time-format and deliver-rcpt-to parameters of
innfeed.conf)
innd: check the contents of the sp->Param variable (from newsfeeds)
ninpaths: check the value of the argument given to the -d parameter
nnrpd: check the contents of the mta parameter of inn.conf (the check may
be useful at other places of the code)
--
Ticket URL: <http://inn.eyrie.org/trac/ticket/136>
INN <http://www.eyrie.org/~eagle/software/inn/>
InterNetNews
More information about the inn-bugs
mailing list