Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/gnu/dist/sendmail/sendmail Pullup 1.4 [itojun]:
details: https://anonhg.NetBSD.org/src/rev/b7a6a0b1ab37
branches: netbsd-1-5
changeset: 489822:b7a6a0b1ab37
user: tv <tv%NetBSD.org@localhost>
date: Tue Oct 17 20:41:44 2000 +0000
description:
Pullup 1.4 [itojun]:
(unexploitable) integer range check mistake in "sendmail -bt".
diffstat:
gnu/dist/sendmail/sendmail/macro.c | 9 +++++++--
gnu/dist/sendmail/sendmail/stab.c | 1 +
2 files changed, 8 insertions(+), 2 deletions(-)
diffs (44 lines):
diff -r d7797ce12a48 -r b7a6a0b1ab37 gnu/dist/sendmail/sendmail/macro.c
--- a/gnu/dist/sendmail/sendmail/macro.c Tue Oct 17 20:32:33 2000 +0000
+++ b/gnu/dist/sendmail/sendmail/macro.c Tue Oct 17 20:41:44 2000 +0000
@@ -377,7 +377,7 @@
*ep = p + 1;
if (tTd(35, 14))
dprintf("%c\n", *p);
- return *p;
+ return ((unsigned int)*p) & 0xff;
}
bp = mbuf;
while (*++p != '\0' && *p != '}' && bp < &mbuf[sizeof mbuf - 1])
@@ -401,7 +401,7 @@
else if (mbuf[1] == '\0')
{
/* ${x} == $x */
- mid = mbuf[0];
+ mid = ((unsigned int)mbuf[0]) & 0xff;
p++;
}
else
@@ -428,6 +428,11 @@
}
if (ep != NULL)
*ep = p;
+ if (mid < 0 || mid > MAXMACROID)
+ {
+ syserr("Unable to assign macro/class ID (mid = 0x%x)", mid);
+ mid = 0;
+ }
if (tTd(35, 14))
dprintf("0x%x\n", mid);
return mid;
diff -r d7797ce12a48 -r b7a6a0b1ab37 gnu/dist/sendmail/sendmail/stab.c
--- a/gnu/dist/sendmail/sendmail/stab.c Tue Oct 17 20:32:33 2000 +0000
+++ b/gnu/dist/sendmail/sendmail/stab.c Tue Oct 17 20:41:44 2000 +0000
@@ -326,6 +326,7 @@
register STAB **shead;
register STAB *s;
+ dst = ((unsigned int)dst) & 0xff;
for (shead = SymTab; shead < &SymTab[STABSIZE]; shead++)
{
for (s = *shead; s != NULL; s = s->s_next)
Home |
Main Index |
Thread Index |
Old Index