Context Navigation

source: zwrite.c @ 99b50a5

Visit:

debianrelease-1.10release-1.4release-1.5release-1.6release-1.7release-1.8release-1.9

Last change on this file since 99b50a5 was 44a61ac, checked in by Nelson Elhage <nelhage@mit.edu>, 15 years ago
zwrite.c: Fix an unsafe use of sprintf. Reported-By: Geoffrey Thomas <geofft@mit.edu>
Property mode set to `100644`
File size: 8.5 KB

Rev	Line
[7d4fbcd]	1	#include <string.h>
[56330ff]	2	#include <pwd.h>
	3	#include <sys/types.h>
	4	#include <unistd.h>
[7d4fbcd]	5	#include "owl.h"
	6
[1aee7d9]	7	static const char fileIdent[] = "$Id$";
	8
[ce7db4d]	9	int owl_zwrite_create_from_line(owl_zwrite z, char line)
	10	{
[7d4fbcd]	11	int argc, badargs, myargc;
	12	char argv, myargv;
	13
	14	badargs=0;
	15
[ce7db4d]	16	/* start with null entires */
	17	z->realm=NULL;
	18	z->class=NULL;
	19	z->inst=NULL;
	20	z->opcode=NULL;
	21	z->zsig=NULL;
	22	z->message=NULL;
[7d4fbcd]	23	z->cc=0;
	24	z->noping=0;
	25	owl_list_create(&(z->recips));
	26
	27	/* parse the command line for options */
	28	argv=myargv=owl_parseline(line, &argc);
	29	if (argc<0) {
[836ea3a3]	30	owl_function_error("Unbalanced quotes in zwrite");
[7d4fbcd]	31	return(-1);
	32	}
	33	myargc=argc;
[e1c4636]	34	if (myargc && *(myargv[0])!='-') {
	35	myargc--;
	36	myargv++;
	37	}
[7d4fbcd]	38	while (myargc) {
	39	if (!strcmp(myargv[0], "-c")) {
	40	if (myargc<2) {
	41	badargs=1;
	42	break;
	43	}
[7b1d048]	44	z->class=owl_get_iso_8859_1_if_possible(myargv[1]);
[7d4fbcd]	45	myargv+=2;
	46	myargc-=2;
	47	} else if (!strcmp(myargv[0], "-i")) {
	48	if (myargc<2) {
	49	badargs=1;
	50	break;
	51	}
[7b1d048]	52	z->inst=owl_get_iso_8859_1_if_possible(myargv[1]);
[7d4fbcd]	53	myargv+=2;
	54	myargc-=2;
	55	} else if (!strcmp(myargv[0], "-r")) {
	56	if (myargc<2) {
	57	badargs=1;
	58	break;
	59	}
[7b1d048]	60	z->realm=owl_get_iso_8859_1_if_possible(myargv[1]);
[ce7db4d]	61	myargv+=2;
	62	myargc-=2;
	63	} else if (!strcmp(myargv[0], "-s")) {
	64	if (myargc<2) {
	65	badargs=1;
	66	break;
	67	}
[7b1d048]	68	z->zsig=owl_get_iso_8859_1_if_possible(myargv[1]);
[7d4fbcd]	69	myargv+=2;
	70	myargc-=2;
	71	} else if (!strcmp(myargv[0], "-O")) {
	72	if (myargc<2) {
	73	badargs=1;
	74	break;
	75	}
[7b1d048]	76	z->opcode=owl_get_iso_8859_1_if_possible(myargv[1]);
[7d4fbcd]	77	myargv+=2;
	78	myargc-=2;
[ce7db4d]	79	} else if (!strcmp(myargv[0], "-m")) {
	80	if (myargc<2) {
	81	badargs=1;
	82	break;
	83	}
[e016fc2]	84	/* we must already have users or a class or an instance*/
	85	if (owl_list_get_size(&(z->recips))<1 && (!z->class) && (!z->inst)) {
[ce7db4d]	86	badargs=1;
	87	break;
	88	}
	89
	90	/* Once we have -m, gobble up everything else on the line */
	91	myargv++;
	92	myargc--;
[7b1d048]	93	z->message=owl_get_iso_8859_1_if_possible("");
[ce7db4d]	94	while (myargc) {
[34509d5]	95	z->message=owl_realloc(z->message, strlen(z->message)+strlen(myargv[0])+5);
[ce7db4d]	96	strcat(z->message, myargv[0]);
[ae0a5fc]	97	strcat(z->message, " ");
[ce7db4d]	98	myargc--;
	99	myargv++;
	100	}
[ae0a5fc]	101	z->message[strlen(z->message)-1]='\0'; /* remove last space */
[ce7db4d]	102	break;
[7d4fbcd]	103	} else if (!strcmp(myargv[0], "-C")) {
	104	z->cc=1;
	105	myargv++;
	106	myargc--;
	107	} else if (!strcmp(myargv[0], "-n")) {
	108	z->noping=1;
	109	myargv++;
	110	myargc--;
	111	} else {
	112	/* anything unattached is a recipient */
[7b1d048]	113	owl_list_append_element(&(z->recips), owl_get_iso_8859_1_if_possible(myargv[0]));
[7d4fbcd]	114	myargv++;
	115	myargc--;
	116	}
	117	}
	118
	119	owl_parsefree(argv, argc);
	120
	121	if (badargs) {
	122	return(-1);
	123	}
	124
[1fe100c]	125	if (z->class == NULL &&
	126	z->inst == NULL &&
	127	owl_list_get_size(&(z->recips))==0) {
	128	owl_function_error("You must specify a recipient for zwrite");
	129	return(-1);
	130	}
	131
[ce7db4d]	132	/* now deal with defaults */
	133	if (z->class==NULL) z->class=owl_strdup("message");
	134	if (z->inst==NULL) z->inst=owl_strdup("personal");
	135	if (z->realm==NULL) z->realm=owl_strdup("");
	136	if (z->opcode==NULL) z->opcode=owl_strdup("");
	137	/* z->message is allowed to stay NULL */
	138
[3f3ee61]	139	return(0);
	140	}
	141
	142	void owl_zwrite_populate_zsig(owl_zwrite *z)
	143	{
	144	char zsigproc, zsigowlvar, zsigzvar, ptr;
	145	struct passwd *pw;
	146
[ce7db4d]	147	/* get a zsig, if not given */
	148	if (z->zsig==NULL) {
	149	zsigproc = owl_global_get_zsigproc(&g);
	150	zsigowlvar = owl_global_get_zsig(&g);
[09489b89]	151	zsigzvar = owl_zephyr_get_variable("zwrite-signature");
[ce7db4d]	152
	153	if (zsigowlvar && *zsigowlvar) {
[7b1d048]	154	z->zsig=owl_get_iso_8859_1_if_possible(zsigowlvar);
[ce7db4d]	155	} else if (zsigproc && *zsigproc) {
	156	FILE *file;
	157	char buff[LINE], *openline;
	158
	159	/* simple hack for now to nuke stderr */
	160	openline=owl_malloc(strlen(zsigproc)+40);
	161	strcpy(openline, zsigproc);
[2a2bb60]	162	#if !(OWL_STDERR_REDIR)
[ce7db4d]	163	strcat(openline, " 2> /dev/null");
[2a2bb60]	164	#endif
[ce7db4d]	165	file=popen(openline, "r");
	166	owl_free(openline);
	167	if (!file) {
	168	if (zsigzvar && *zsigzvar) {
[7b1d048]	169	z->zsig=owl_get_iso_8859_1_if_possible(zsigzvar);
[ce7db4d]	170	}
	171	} else {
	172	z->zsig=owl_malloc(LINE*5);
	173	strcpy(z->zsig, "");
	174	while (fgets(buff, LINE, file)) { /* wrong sizing */
	175	strcat(z->zsig, buff);
	176	}
	177	pclose(file);
	178	if (z->zsig[strlen(z->zsig)-1]=='\n') {
	179	z->zsig[strlen(z->zsig)-1]='\0';
	180	}
[56330ff]	181	}
[ce7db4d]	182	} else if (zsigzvar) {
[7b1d048]	183	z->zsig=owl_get_iso_8859_1_if_possible(zsigzvar);
[ce7db4d]	184	} else if (((pw=getpwuid(getuid()))!=NULL) && (pw->pw_gecos)) {
[7b1d048]	185	z->zsig=owl_get_iso_8859_1_if_possible(pw->pw_gecos);
[ce7db4d]	186	ptr=strchr(z->zsig, ',');
	187	if (ptr) {
	188	ptr[0]='\0';
[56330ff]	189	}
	190	}
	191	}
[7d4fbcd]	192	}
	193
[ce7db4d]	194	void owl_zwrite_send_ping(owl_zwrite *z)
	195	{
[7d4fbcd]	196	int i, j;
[44a61ac]	197	char *to;
[7d4fbcd]	198
	199	if (z->noping) return;
	200
	201	if (strcasecmp(z->class, "message") \|\|
	202	strcasecmp(z->inst, "personal")) {
	203	return;
	204	}
	205
	206	/* if there are no recipients we won't send a ping, which
	207	is what we want */
	208	j=owl_list_get_size(&(z->recips));
	209	for (i=0; i<j; i++) {
	210	if (strcmp(z->realm, "")) {
[44a61ac]	211	to = owl_sprintf("%s@%s", (char *) owl_list_get_element(&(z->recips), i), z->realm);
[7d4fbcd]	212	} else {
[44a61ac]	213	to = owl_strdup(owl_list_get_element(&(z->recips), i));
[7d4fbcd]	214	}
	215	send_ping(to);
[44a61ac]	216	owl_free(to);
[7d4fbcd]	217	}
	218
	219	}
	220
[ce7db4d]	221	void owl_zwrite_set_message(owl_zwrite z, char msg)
	222	{
[db2dd3d]	223	int i, j;
	224	char toline[LINE];
[7b1d048]	225	char *tmp = NULL;
[db2dd3d]	226
[ce7db4d]	227	if (z->message) owl_free(z->message);
[db2dd3d]	228
	229	j=owl_list_get_size(&(z->recips));
	230	if (j>0 && z->cc) {
	231	strcpy(toline, "CC: ");
	232	for (i=0; i<j; i++) {
	233	if (strcmp(z->realm, "")) {
[b9cb41b]	234	sprintf(toline + strlen(toline), "%s@%s ", (char *) owl_list_get_element(&(z->recips), i), z->realm);
[db2dd3d]	235	} else {
[b9cb41b]	236	sprintf(toline + strlen(toline), "%s ", (char *) owl_list_get_element(&(z->recips), i));
[db2dd3d]	237	}
	238	}
[7b1d048]	239	tmp = owl_get_iso_8859_1_if_possible(msg);
	240	z->message=owl_sprintf("%s\n%s", toline, tmp);
[db2dd3d]	241	} else {
[7b1d048]	242	z->message=owl_get_iso_8859_1_if_possible(msg);
[db2dd3d]	243	}
[7b1d048]	244	if (tmp) owl_free(tmp);
[ce7db4d]	245	}
	246
	247	char owl_zwrite_get_message(owl_zwrite z)
	248	{
	249	if (z->message) return(z->message);
	250	return("");
	251	}
	252
	253	int owl_zwrite_is_message_set(owl_zwrite *z)
	254	{
	255	if (z->message) return(1);
	256	return(0);
	257	}
	258
	259	int owl_zwrite_send_message(owl_zwrite *z)
	260	{
[7d4fbcd]	261	int i, j;
	262	char to[LINE];
	263
[ce7db4d]	264	if (z->message==NULL) return(-1);
	265
[7d4fbcd]	266	j=owl_list_get_size(&(z->recips));
	267	if (j>0) {
	268	for (i=0; i<j; i++) {
	269	if (strcmp(z->realm, "")) {
	270	sprintf(to, "%s@%s", (char *) owl_list_get_element(&(z->recips), i), z->realm);
	271	} else {
	272	strcpy(to, owl_list_get_element(&(z->recips), i));
	273	}
[db2dd3d]	274	send_zephyr(z->opcode, z->zsig, z->class, z->inst, to, z->message);
[7d4fbcd]	275	}
	276	} else {
	277	sprintf(to, "@%s", z->realm);
[ce7db4d]	278	send_zephyr(z->opcode, z->zsig, z->class, z->inst, to, z->message);
	279	}
	280	return(0);
	281	}
	282
	283	int owl_zwrite_create_and_send_from_line(char cmd, char msg)
	284	{
	285	owl_zwrite z;
	286	int rv;
	287	rv=owl_zwrite_create_from_line(&z, cmd);
	288	if (rv) return(rv);
	289	if (!owl_zwrite_is_message_set(&z)) {
	290	owl_zwrite_set_message(&z, msg);
[7d4fbcd]	291	}
[3f3ee61]	292	owl_zwrite_populate_zsig(&z);
[ce7db4d]	293	owl_zwrite_send_message(&z);
	294	owl_zwrite_free(&z);
	295	return(0);
[7d4fbcd]	296	}
	297
[ce7db4d]	298	char owl_zwrite_get_class(owl_zwrite z)
	299	{
[7d4fbcd]	300	return(z->class);
	301	}
	302
[ce7db4d]	303	char owl_zwrite_get_instance(owl_zwrite z)
	304	{
[7d4fbcd]	305	return(z->inst);
	306	}
	307
[ce7db4d]	308	char owl_zwrite_get_opcode(owl_zwrite z)
	309	{
[4b464a4]	310	return(z->opcode);
	311	}
	312
[9ceee9d]	313	void owl_zwrite_set_opcode(owl_zwrite z, char opcode)
	314	{
	315	if (z->opcode) owl_free(z->opcode);
[7b1d048]	316	z->opcode=owl_get_iso_8859_1_if_possible(opcode);
[9ceee9d]	317	}
	318
[ce7db4d]	319	char owl_zwrite_get_realm(owl_zwrite z)
	320	{
[7d4fbcd]	321	return(z->realm);
	322	}
	323
[ce7db4d]	324	char owl_zwrite_get_zsig(owl_zwrite z)
	325	{
	326	if (z->zsig) return(z->zsig);
	327	return("");
[56330ff]	328	}
	329
[ce7db4d]	330	void owl_zwrite_get_recipstr(owl_zwrite z, char buff)
	331	{
[7d4fbcd]	332	int i, j;
	333
	334	strcpy(buff, "");
	335	j=owl_list_get_size(&(z->recips));
	336	for (i=0; i<j; i++) {
	337	strcat(buff, owl_list_get_element(&(z->recips), i));
	338	strcat(buff, " ");
	339	}
	340	buff[strlen(buff)-1]='\0';
	341	}
	342
[ce7db4d]	343	int owl_zwrite_get_numrecips(owl_zwrite *z)
	344	{
[7d4fbcd]	345	return(owl_list_get_size(&(z->recips)));
	346	}
	347
[ce7db4d]	348	char owl_zwrite_get_recip_n(owl_zwrite z, int n)
	349	{
[7d4fbcd]	350	return(owl_list_get_element(&(z->recips), n));
	351	}
	352
[ce7db4d]	353	int owl_zwrite_is_personal(owl_zwrite *z)
	354	{
[7d4fbcd]	355	/* return true if at least one of the recipients is personal */
	356	int i, j;
	357	char *foo;
	358
	359	j=owl_list_get_size(&(z->recips));
	360	for (i=0; i<j; i++) {
	361	foo=owl_list_get_element(&(z->recips), i);
	362	if (foo[0]!='@') return(1);
	363	}
	364	return(0);
	365	}
[3f3ee61]	366
[ce7db4d]	367	void owl_zwrite_free(owl_zwrite *z)
	368	{
[7d4fbcd]	369	owl_list_free_all(&(z->recips), &owl_free);
[ce7db4d]	370	if (z->class) owl_free(z->class);
	371	if (z->inst) owl_free(z->inst);
	372	if (z->opcode) owl_free(z->opcode);
	373	if (z->realm) owl_free(z->realm);
	374	if (z->message) owl_free(z->message);
	375	if (z->zsig) owl_free(z->zsig);
[7d4fbcd]	376	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: