1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
$NetBSD: patch-ab,v 1.1 2004/02/09 09:17:50 wennmach Exp $
Security patches for jitterbug (taken from Debian GNU/Linux).
See http://www.debian.org/security/2004/dsa-420
--- jitterbug.c.orig Wed Nov 11 13:30:17 1998
+++ jitterbug.c Wed Jan 14 17:34:04 2004
@@ -57,7 +57,7 @@
static int case_sensitive;
static int messagetype = MTYPE_ALL;
static int numquotelines;
-static int addsignature;
+static int addsignature = 1;
static int fullheaders;
/* these are the user preferences -- reflect changes in dump_globals() */
@@ -118,7 +118,7 @@
}
- if (getuid() == 0) return 0;
+ if (strchr(fname, '/') && geteuid() == 0) return 0;
data = load_file(fname, NULL, 0);
if (!data) {
@@ -727,6 +727,11 @@
}
}
+/* return true when the text doesn't have a trailing newline */
+static unsigned nolastnl(char *txt)
+{ return *txt && '\n'!=strchr(txt,'\0')[-1];
+}
+
/* free up an info structure loaded by get_info */
static void free_info(struct message_info *info)
@@ -971,6 +976,7 @@
FILE *f;
char *name = cgi_variable("auditid");
char *source = cgi_variable("sources");
+ char *p;
char buf[1000];
int len;
struct message_info info = zero_info;
@@ -989,6 +995,14 @@
sprintf(buf,"%s %s %s", lp_autopatch(), source, name);
+ p = buf;
+
+ while (*p) {
+ if (!isalnum(*p) && !strchr(";_|=+ &^#@!(){}[].",*p))
+ fatal("invalid character in expression");
+ p++;
+ }
+
printf("<hr>\n");
f = popen(buf,"r");
@@ -1012,6 +1026,7 @@
{
FILE *f;
char *name = cgi_variable("decodeview");
+ char *p;
char buf[1000];
int len;
struct message_info info = zero_info;
@@ -1028,6 +1043,13 @@
sprintf(buf,"%s %s", lp_decoder(), name);
+ p = buf;
+ while (*p) {
+ if (!isalnum(*p) && !strchr(";_|=+ &^#@!(){}[].",*p))
+ fatal("invalid character in expression");
+ p++;
+ }
+
printf("<hr>\n");
f = popen(buf,"r");
@@ -1271,8 +1293,13 @@
}
smtp_write_data(fd, body);
- if (sig)
+ if(nolastnl(body))
+ smtp_write(fd, "\n");
+ if (sig) {
smtp_write_data(fd, sig);
+ if(nolastnl(sig))
+ smtp_write(fd, "\n");
+ }
if (smtp_end_mail(fd) == -1)
fatal(smtp_error());
}
@@ -1392,8 +1419,13 @@
if (cc && *cc)
fprintf(f,"CC: %s\n", cc);
fprintf(f,"\n%s", body);
- if (addsignature && signature)
+ if(nolastnl(body))
+ fprintf(f, "\n");
+ if (addsignature && signature) {
fprintf(f,"%s", signature);
+ if(nolastnl(signature))
+ fprintf(f, "\n");
+ }
fclose(f);
close(fd);
@@ -2179,6 +2211,7 @@
int len;
char buf[1000];
char *decode = cgi_variable("decode");
+ char *p;
if (guest && !lp_guest_download()) {
fatal("guest download has been disabled\n");
@@ -2199,6 +2232,13 @@
if (decode) {
sprintf(buf,"%s %s", lp_decoder(), fname);
+ p = buf;
+ while (*p) {
+ if (!isalnum(*p) && !strchr(";_|=+ &^#@!(){}[].",*p))
+ fatal("invalid character in expression");
+ p++;
+ }
+
f = popen(buf,"r");
} else {
f = fopen(fname,"r");
@@ -2208,7 +2248,7 @@
fatal("unable to open file");
}
- printf("Content-Type: application/octet-stream\n");
+ printf("Content-Type: message/rfc822\n");
if (gzip_encoding || lp_gzip_download()) {
printf("\n");
cgi_start_gzip();
|
