Bug#129104: bug 129104 (buffer overflow + template reading in cgiemail)
I thought of a way not to break compatability: if there's no config
file, have it act like it did before.
Here's a patch.
--- tmp/cgiemail-1.6/cgilib.c Tue Feb 12 17:09:45 2002
+++ cgiemail-1.6/cgilib.c Tue Feb 12 17:08:32 2002
@@ -475,15 +475,7 @@
cfp = fopen(TEMPLATECONF, "r");
if (!cfp)
{
- formp->errcond = 1;
- strcpy(formp->errmsg, "500 Could not open configuration file");
- cgi_concat_errno(formp->errmsg);
-#ifdef DISCLOSE_PATHS
- strncpy(formp->errinfo, TEMPLATECONF, CGI_ERRMSG_MAX);
-#else
- strcpy(formp->errinfo, "Configuration file could not be accessed.");
-#endif /* DISCLOSE_PATHS */
- return(1);
+ return(0);
}
linebuflen = templatedirlen + directivelen + 2;
@@ -533,7 +525,8 @@
if (cgi_read_configuration(formp, templatedir, CGI_VARNAME_MAX - 1))
return(1);
- if (strncmp(templatefile, templatedir, strlen(templatedir)) ||
+ if ((!templatedir) &&
+ strncmp(templatefile, templatedir, strlen(templatedir)) ||
strstr(templatefile, "/../"))
{
formp->errcond=1;
(apply this after the previous patch from Colin)
This appears to work.
--
Thomas "resc" Smith <tgs@resc.net>
web: http://finbar.dyndns.org/
gpg key id 1024D/ACABA81E, fingerprint:
3A47 CFA5 0E5D CF4A 5B22 12D3 FF1B 84FE ACAB A81E
Reply to: