From: Baptiste Daroussin <bapt@FreeBSD.org>
Date: Thu, 9 Feb 2023 08:19:03 +0000 (+0100)
Subject: mlmmj-receive: limit memory manupulation using file descriptors
X-Git-Tag: RELEASE_1_4_0b1~216
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d26e1b175f0e75e5becf0b945525ff9f7acdfe7;p=thirdparty%2Fmlmmj.git

mlmmj-receive: limit memory manupulation using file descriptors

While here throw an error message in case of inability to open the
"incoming" directory
---

diff --git a/src/mlmmj-receive.c b/src/mlmmj-receive.c
index 8fcaf2ad..11f2c778 100644
--- a/src/mlmmj-receive.c
+++ b/src/mlmmj-receive.c
@@ -62,6 +62,7 @@ int main(int argc, char **argv)
 	char *randomstr = random_str();
 	char *mlmmjprocess, *bindir;
 	int fd, opt, noprocess = 0, nofork = 0;
+	int incfd, listfd;
 	struct stat st;
 	uid_t uid;
 	pid_t childpid;
@@ -125,17 +126,21 @@ int main(int argc, char **argv)
 			exit(EXIT_FAILURE);
 		}
 	}
-	
-	infilename = concatstr(3, listdir, "/incoming/", randomstr);
-	free(randomstr);
-	fd = open(infilename, O_RDWR|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR);
+	listfd = open(listdir, O_DIRECTORY|O_CLOEXEC);
+	if (listfd == -1)
+		err(EXIT_FAILURE, "Cannot open(%s)", listdir);
+	incfd = openat(listfd, "incoming", O_DIRECTORY|O_CLOEXEC);
+	if (incfd == -1)
+		err(EXIT_FAILURE, "Cannot open(%s/incoming)", listdir);
+
+	fd = openat(incfd, randomstr, O_RDWR|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR);
 	while(fd < 0 && errno == EEXIST) {
-		free(infilename);
-		randomstr = random_str();
-		infilename = concatstr(3, listdir, "/incoming/", randomstr);
 		free(randomstr);
-		fd = open(infilename, O_RDWR|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR);
+		randomstr = random_str();
+		fd = openat(incfd, randomstr, O_RDWR|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR);
 	}
+	xasprintf(&infilename, "%s/incoming/%s", listdir, randomstr);
+	free(randomstr);
 
 	if(fd < 0) {
 		log_error(LOG_ARGS, "could not create mail file in "
@@ -143,7 +148,7 @@ int main(int argc, char **argv)
 		free(infilename);
 		exit(EXIT_FAILURE);
 	}
-	
+
 	if(dumpfd2fd(STDIN_FILENO, fd) != 0) {
 		log_error(LOG_ARGS, "Could not receive mail");
 		exit(EXIT_FAILURE);
diff --git a/tests/mlmmj-receive.sh b/tests/mlmmj-receive.sh
index 2d63c2f2..f2b83677 100755
--- a/tests/mlmmj-receive.sh
+++ b/tests/mlmmj-receive.sh
@@ -26,7 +26,7 @@ basics_body()
 	atf_check -s exit:0 -o "inline:$helptxt" $mlmmjreceive -h
 	echo test@mlmmjtest > ml/control/listaddress
 	rm -rf ml/incoming
-	atf_check -s exit:1 $mlmmjreceive -L ml -e bla -s meh -P <<EOF
+	atf_check -s exit:1 -e inline:"mlmmj-receive: Cannot open(ml/incoming): No such file or directory\n" $mlmmjreceive -L ml -e bla -s meh -P <<EOF
 EOF
 	mkdir ml/incoming
 	atf_check -s exit:0 $mlmmjreceive -L ml -e bla -s meh -P <<EOF