diff options
| author |   gilles <gilles@openbsd.org> | 2012-10-03 19:42:16 +0000 |
|---|---|---|
| committer | gilles <gilles@openbsd.org> | 2012-10-03 19:42:16 +0000 |
| commit | e381cc5d3add6f839fbd3bcc3d561f436bc4a2f5 (patch) | |
| tree | 0a89e7f97d1e903191f3cd3566c57499193eab54 | |
| parent | - add a EXPAND_DEPTH define for ... expansion depth (diff) | |
| download | wireguard-openbsd-e381cc5d3add6f839fbd3bcc3d561f436bc4a2f5.tar.xz wireguard-openbsd-e381cc5d3add6f839fbd3bcc3d561f436bc4a2f5.zip | |
we reintroduced a bug that was fixed 2 years ago with the aliases rewrite:
During the entire expansion process, a username may be larger than
MAXLOGNAME because it may be an alias going through another expansion.
We should use a buffer that's large enough to fit a mailaddr user-part so
we avoid hitting a truncation check leading to a fatal().
ok eric@, ok chl@
| -rw-r--r-- | usr.sbin/smtpd/lka_session.c | 11 | ||||
| -rw-r--r-- | usr.sbin/smtpd/smtpd.h | 8 |
2 files changed, 15 insertions, 4 deletions
diff --git a/usr.sbin/smtpd/lka_session.c b/usr.sbin/smtpd/lka_session.c index 3b2e5c409d9..2494a56b5c1 100644 --- a/usr.sbin/smtpd/lka_session.c +++ b/usr.sbin/smtpd/lka_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka_session.c,v 1.39 2012/10/03 18:09:18 gilles Exp $ */ +/* $OpenBSD: lka_session.c,v 1.40 2012/10/03 19:42:16 gilles Exp $ */ /* * Copyright (c) 2011 Gilles Chehade <gilles@openbsd.org> @@ -258,13 +258,20 @@ lka_expand(struct lka_session *lks, struct rule *rule, struct expandnode *xn) } /* expand aliases with the given rule */ - lks->expand.rule = rule; lks->expand.parent = xn; if (rule->r_amap && aliases_get(rule->r_amap, &lks->expand, xn->u.user)) break; + /* a username should not exceed the size of a system user */ + if (strlen(xn->u.user) >= sizeof fwreq.as_user) { + log_debug("lka_expand: user-part too long to be a system user"); + lks->flags |= F_ERROR; + lks->ss.code = 530; + break; + } + /* no aliases found, query forward file */ lks->rule = rule; lks->node = xn; diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h index 8397d346249..1816f5f0151 100644 --- a/usr.sbin/smtpd/smtpd.h +++ b/usr.sbin/smtpd/smtpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.h,v 1.377 2012/10/03 17:58:03 gilles Exp $ */ +/* $OpenBSD: smtpd.h,v 1.378 2012/10/03 19:42:16 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org> @@ -368,7 +368,11 @@ struct expandnode { struct expandnode *parent; unsigned int depth; union { - char user[MAXLOGNAME]; + /* + * user field handles both expansion user and system user + * so we MUST make it large enough to fit a mailaddr user + */ + char user[MAX_LOCALPART_SIZE]; char buffer[MAX_RULEBUFFER_LEN]; struct mailaddr mailaddr; } u; |