Date: Tue, 5 Aug 2014 01:32:10 +0000 (UTC) From: Peter Wemm <peter@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r269550 - head/usr.sbin/cron/cron Message-ID: <53e0341a.5452.17e6e933@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: peter Date: Tue Aug 5 01:32:09 2014 New Revision: 269550 URL: http://svnweb.freebsd.org/changeset/base/269550 Log: Check gethostname(2) return code - but even if it succeeds it may not null terminate. Temporarily use "From: $user@$hostname" rather than "From: $user". The latter exposes incompatible behavior if using dma(8). sendmail(8) (and other alternatives) canonify either form on submission (even if masquerading), but dma will leak a non-compliant address to the internet. Modified: head/usr.sbin/cron/cron/do_command.c Modified: head/usr.sbin/cron/cron/do_command.c ============================================================================== --- head/usr.sbin/cron/cron/do_command.c Tue Aug 5 01:29:02 2014 (r269549) +++ head/usr.sbin/cron/cron/do_command.c Tue Aug 5 01:32:09 2014 (r269550) @@ -481,14 +481,17 @@ child_process(e, u) auto char mailcmd[MAX_COMMAND]; auto char hostname[MAXHOSTNAMELEN]; - (void) gethostname(hostname, MAXHOSTNAMELEN); + if (gethostname(hostname, MAXHOSTNAMELEN) == -1) + hostname[0] = '\0'; + hostname[sizeof(hostname) - 1] = '\0'; (void) snprintf(mailcmd, sizeof(mailcmd), MAILARGS, MAILCMD); if (!(mail = cron_popen(mailcmd, "w", e))) { warn("%s", MAILCMD); (void) _exit(ERROR_EXIT); } - fprintf(mail, "From: %s (Cron Daemon)\n", usernm); + fprintf(mail, "From: Cron Daemon <%s@%s>\n", + usernm, hostname); fprintf(mail, "To: %s\n", mailto); fprintf(mail, "Subject: Cron <%s@%s> %s\n", usernm, first_word(hostname, "."),
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53e0341a.5452.17e6e933>