On Sat, 9 Sep 2006, Matthew R. Dempsky wrote:
> On Sat, Sep 09, 2006 at 09:50:16AM -0400, Woodchuck wrote:
> > > FILE *mail;
> > > char sendmail[512];
> > > sprintf(sendmail, "%s %s", SENDMAIL_PATH, RECIPIENT);
> >
> > use snprintf here, this is exactly the sort of code that some joker
> > will try to do a buffer overflow on.
>
> Assuming RECPIENT is actually something that will be user
> controllable, doesn't he need to worry about quoting RECIPIENT and
> making sure it doesn't start with a dash?
Sounds reasonable. I was assuming that RECIPIENT would eventually
be user input. I suggest not having it in the popen() call, but
let sendmail scan the recipients from a To: header or even a Bcc:
if that's needed.
> Does OpenBSD have a popen(3) replacement but with an exec(3)-like
> interface instead of a system(3)-like one?
Easy enough to write one's own with a call to pipe(2) and some
sleight-of-handle with dup2 and friends, depending on need. Stevens'
"Adv. Prog. in the Unix Env." has the canonical examples. Offhand,
though, I can't think of an existing library routine. The OP is not
so hot on C programming, he says. (I refer him to the book just
mentioned, which is truly "how to write real Unix programs", should
he like to improve his skills at the feet of a master.)
Dave
--
Experience runs an expensive school, but fools will learn in no other.
-- Benjamin Franklin
