[INN] #136: Check user input used as string literals

INN rra at stanford.edu
Sat Jul 4 21:19:24 UTC 2015


#136: Check user input used as string literals
---------------------+-------------------
 Reporter:  iulius   |      Owner:  eagle
     Type:  defect   |     Status:  new
 Priority:  low      |  Milestone:
Component:  general  |    Version:  2.5.4
 Severity:  minor    |   Keywords:
---------------------+-------------------
 The following programs use format strings that are not string literals at
 compile time; they come from user input and are not currently sanity-
 checked.

 User input should be checked before being used.  We can do something like
 what the IsValidSubmissionTemplate() function does in lib/getmodaddr.c.

 batcher:  check the values of the arguments given to the -p and -s
 parameters
 buffchan:  check the value of the argument given to the -d parameter
 innfeed:  check the contents of the timeToStringFormat and deliver_rcpt_to
 variables (from the log-time-format and deliver-rcpt-to parameters of
 innfeed.conf)
 innd:  check the contents of the sp->Param variable (from newsfeeds)
 ninpaths:  check the value of the argument given to the -d parameter
 nnrpd:  check the contents of the mta parameter of inn.conf (the check may
 be useful at other places of the code)

-- 
Ticket URL: <http://inn.eyrie.org/trac/ticket/136>
INN <http://www.eyrie.org/~eagle/software/inn/>
InterNetNews


More information about the inn-bugs mailing list