dma: various code hardening

(as found by the Debian hardening wrapper)

- check the result of fgets()
- loop the network writes until the whole thing is sent
- check one more write() result

Submitted-by: Peter Pentchev <roam@ringlet.net>

diff --git a/conf.c b/conf.c
index 47af9e5202a5719d742216fc2b0c542b520fda20..91560637459a56d1f1d7cdffe2e08b29715f2956 100644 (file)
--- a/conf.c
+++ b/conf.c
@@ -106,7 +106,8 @@ parse_virtuser(const char *path)
                return (-1);
 
        while (!feof(v)) {
-               fgets(line, sizeof(line), v);
+               if (fgets(line, sizeof(line), v) == NULL)
+                       break;
                /* We hit a comment */
                if (strchr(line, '#'))
                        *strchr(line, '#') = 0;
@@ -162,7 +163,8 @@ parse_authfile(const char *path)
                return (1);
 
        while (!feof(a)) {
-               fgets(line, sizeof(line), a);
+               if (fgets(line, sizeof(line), a) == NULL)
+                       break;
                /* We hit a comment */
                if (strchr(line, '#'))
                        *strchr(line, '#') = 0;
@@ -199,7 +201,8 @@ parse_conf(const char *config_path, struct config *config)
        config->features = 0;
 
        while (!feof(conf)) {
-               fgets(line, sizeof(line), conf);
+               if (fgets(line, sizeof(line), conf) == NULL)
+                       break;
                /* We hit a comment */
                if (strchr(line, '#'))
                        *strchr(line, '#') = 0;

diff --git a/dma.c b/dma.c
index f87477ab2cec69bf7e89af04f0a02c2093ed21a3..3ca98264a2c93b5076549cedaaa7cce66ed8860d 100644 (file)
--- a/dma.c
+++ b/dma.c
@@ -525,7 +525,8 @@ Message headers follow.\n\
                        break;
                if (line[0] == '\n')
                        break;
-               write(bounceq.mailfd, line, strlen(line));
+               if ((size_t)write(bounceq.mailfd, line, strlen(line)) != strlen(line))
+                       goto fail;
        }
        if (fsync(bounceq.mailfd) != 0)
                goto fail;

diff --git a/net.c b/net.c
index fd1eec5bacf3dd2bf7780ce585ef7bd9544e816e..11ac4eb010ec779490e71c4cd3aa852ca1cb2b72 100644 (file)
--- a/net.c
+++ b/net.c
@@ -73,23 +73,39 @@ send_remote_command(int fd, const char* fmt, ...)
 {
        va_list va;
        char cmd[4096];
-       ssize_t len = 0;
+       size_t len, pos;
+       int s;
+       ssize_t n;
 
        va_start(va, fmt);
-       vsprintf(cmd, fmt, va);
+       s = vsnprintf(cmd, sizeof(cmd) - 2, fmt, va);
+       va_end(va);
+       if (s == sizeof(cmd) - 2 || s < 0)
+               errx(1, "Internal error: oversized command string");
+       /* We *know* there are at least two more bytes available */
+       strcat(cmd, "\r\n");
+       len = strlen(cmd);
 
        if (((config->features & SECURETRANS) != 0) &&
            ((config->features & NOSSL) == 0)) {
-               len = SSL_write(config->ssl, (const char*)cmd, strlen(cmd));
-               SSL_write(config->ssl, "\r\n", 2);
+               while ((s = SSL_write(config->ssl, (const char*)cmd, len)) <= 0) {
+                       s = SSL_get_error(config->ssl, s);
+                       if (s != SSL_ERROR_WANT_READ &&
+                           s != SSL_ERROR_WANT_WRITE)
+                               return (-1);
+               }
        }
        else {
-               len = write(fd, cmd, strlen(cmd));
-               write(fd, "\r\n", 2);
+               pos = 0;
+               while (pos < len) {
+                       n = write(fd, cmd + pos, len - pos);
+                       if (n < 0)
+                               return (-1);
+                       pos += n;
+               }
        }
-       va_end(va);
 
-       return (len+2);
+       return (len);
 }
 
 int