INN commit: trunk/nnrpd (commands.c)
INN Commit
rra at isc.org
Sun May 3 15:25:53 UTC 2015
Date: Sunday, May 3, 2015 @ 08:25:53
Author: iulius
Revision: 9850
nnrpd/commands.c: paranoid checking of AUTHINFO GENERIC reply
Check the number of arguments returned by AUTHINFO GENERIC.
Thanks to Richard Kettlewell for the patch.
Modified:
trunk/nnrpd/commands.c
------------+
commands.c | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
Modified: commands.c
===================================================================
--- commands.c 2015-05-03 15:11:05 UTC (rev 9849)
+++ commands.c 2015-05-03 15:25:53 UTC (rev 9850)
@@ -97,6 +97,7 @@
PERMgeneric(char *av[], char *accesslist, size_t size)
{
char path[BIG_BUFFER], *fields[6], *p;
+ size_t j;
int i, pan[2], status;
pid_t pid;
struct stat stb;
@@ -214,12 +215,25 @@
//syslog(L_NOTICE, "%s (%ld) returned: %d %s %d\n", av[0], (long) pid, i, path, status);
/* Split "host:permissions:user:pass:groups" into fields. */
- for (fields[0] = path, i = 0, p = path; *p; p++)
- if (*p == ':') {
- *p = '\0';
- fields[++i] = p + 1;
+ for (fields[0] = path, j = 0, p = path; *p; p++)
+ if (*p == ':') {
+ *p = '\0';
+ ++j;
+ if (j < ARRAY_SIZE(fields)) {
+ fields[j] = p + 1;
+ } else {
+ Reply("%d Program error occurred\r\n", NNTP_FAIL_ACTION);
+ syslog(L_FATAL, "over-long response from %s", av[0]);
+ return -1;
+ }
}
+ if (j < 4) {
+ Reply("%d Program error occurred\r\n", NNTP_FAIL_ACTION);
+ syslog(L_FATAL, "short response from %s", av[0]);
+ return -1;
+ }
+
PERMcanread = strchr(fields[1], 'R') != NULL;
PERMcanpost = strchr(fields[1], 'P') != NULL;
PERMaccessconf->allowapproved = strchr(fields[1], 'A') != NULL;
More information about the inn-committers
mailing list