INN commit: branches/2.5/lib (getmodaddr.c)

INN Commit rra at isc.org
Fri Oct 29 22:39:50 UTC 2010


    Date: Friday, October 29, 2010 @ 15:39:50
  Author: iulius
Revision: 9144

Before passing the submission template to snprintf(), check
that it is a valid one with "%" followed by only another "%"
or a "s" (but once only).

Modified:
  branches/2.5/lib/getmodaddr.c

--------------+
 getmodaddr.c |   58 +++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 54 insertions(+), 4 deletions(-)

Modified: getmodaddr.c
===================================================================
--- getmodaddr.c	2010-10-29 22:39:13 UTC (rev 9143)
+++ getmodaddr.c	2010-10-29 22:39:50 UTC (rev 9144)
@@ -91,6 +91,48 @@
 }
 
 /*
+**  Check if the argument is a valid submission template according to RFC 6048.
+**  At least, make sure it does not contain "%" except as part of "%s" or "%%",
+**  and that only one occurrence of "%s" exists, if any.
+*/
+static bool
+IsValidSubmissionTemplate(const char *string)
+{
+    bool found = false;
+    const char *p;
+
+    /* Not NULL. */
+    if (string == NULL)
+        return false;
+
+    p = string;
+
+    while ((p = strchr(p, '%')) != NULL) {
+        /* Look at the next character. */
+        p++;
+
+        /* Skip "%%". */
+        if (*p == '%') {
+           p++;
+           continue;
+        }
+
+        /* Invalid template if not "%s". */
+        if (*p != 's')
+            return false;
+
+        /* Invalid template if another "%s". */
+        if (found)
+            return false;
+
+        found = true;
+    }
+
+    return true;
+}
+
+
+/*
 **  Read the moderators file, looking for a moderator.
 */
 char *
@@ -158,12 +200,14 @@
 		for (p = name; *p; p++)
 		    if (*p == '.')
 			*p = '-';
-		snprintf(address, sizeof(address), save, name);
-		break;
+                if (IsValidSubmissionTemplate(save)) {
+                    snprintf(address, sizeof(address), save, name);
+                    break;
+                }
 	    }
 	}
 
-	 GMAclose();
+	GMAclose();
 	if (address[0])
 	    return address;
     }
@@ -175,6 +219,12 @@
     for (p = name; *p; p++)
 	if (*p == '.')
 	    *p = '-';
-    snprintf(address, sizeof(address), save, name);
+
+    if (IsValidSubmissionTemplate(save)) {
+        snprintf(address, sizeof(address), save, name);
+    } else {
+        return NULL;
+    }
+
     return address;
 }




More information about the inn-committers mailing list