| History log of /src/libexec/mail.local/mail.local.c |
| Revision | | Date | Author | Comments |
| 1.33 |
| 06-Sep-2023 |
christos | use the correct constant
|
| 1.32 |
| 06-Sep-2023 |
christos | fix merge botch
|
| 1.31 |
| 06-Sep-2023 |
christos | KNF, clarify/provide warning messages, set rval to fail initially and only
set to success once everything works.
|
| 1.30 |
| 06-Sep-2023 |
shm | - remove lock file on error
- clarify diagnostic messages
- initialize struct stat if lstat(2) failed (from mhal at rbox dot co)
- ensure appending to a regular file
|
| 1.29 |
| 17-May-2022 |
kre | fix local privilege escalation due to a race condition
NetBSD-SA2016-006 included an incomplete fix for CVE-2016-6253,
a local privilege escalation vulnerability in mail.local(8).
mail.local(8) attempts to open(2) a user's existing mailbox file
to append to it. If that call fails, mail.local(8) will then issue
a second open(2) call to create the file (O_CREAT).
An attacker had the opportunity to create the file in question (as
a symlink, or link to some other file) in between these two open(2) calls.
Fix this by using O_EXCL in the 2nd open call, if the file exists when
that one happens, something is going wrong, so just abort. Also, only
attempt that 2nd open if the reason the first failed was that the file
did not exist (this doesn't fix the issue, but it potentially saves
some cycles).
Thanks to Jan Schaumann for bringing this to our attention.
|
| 1.28 |
| 21-Jul-2016 |
shm | branches: 1.28.6; 1.28.16;
Fix error checks in open(2) calls.
|
| 1.27 |
| 19-Jul-2016 |
shm | Fix race condition in deliver(), fix resource leak.
|
| 1.26 |
| 27-Aug-2011 |
joerg | branches: 1.26.4; 1.26.10; 1.26.16; 1.26.20; 1.26.22; 1.26.24;
De-__P. staticfy. Use __dead, __printflike.
|
| 1.25 |
| 20-Jul-2008 |
lukem | Remove the \n and tabs from the __COPYRIGHT() strings.
|
| 1.24 |
| 04-May-2008 |
manu | branches: 1.24.2;
Make sure temporary errors are reported as such, using status code
EX_TEMPFAIL (cannot lookup user through NSS, may be because of an
unreachable NIS or LDAP server), or EX_OSERR (other file or memory
related problems).
Sendmail and Postfix should honour EX_TEMPFAIL and EX_OSERR by
queueing the message.
This avoids problems with transcient NSS errors, where the MTA may
successfully lookup a user at a time while mail.local can fail a
few secoonds later.
|
| 1.23 |
| 27-Sep-2006 |
christos | branches: 1.23.2; 1.23.4; 1.23.16;
Coverity CID 3931: Fix memory leak.
|
| 1.22 |
| 07-Aug-2003 |
agc | Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22284, verified by myself.
|
| 1.21 |
| 16-Nov-2002 |
itojun | die if strdup fails
|
| 1.20 |
| 26-May-2002 |
wiz | __STDC__ is always defined on NetBSD.
|
| 1.19 |
| 20-Dec-2001 |
soren | Sync getopt() / man page with actual getopt options.
|
| 1.18 |
| 04-Jan-2001 |
lukem | use more standard %ll_ in favour of %q_
|
| 1.17 |
| 10-Oct-2000 |
is | Format string cleanups by sommerfeld.
|
| 1.16 |
| 10-Aug-1998 |
perry | branches: 1.16.2; 1.16.10;
bzero->memset, bcopy->memcpy, bcmp->memcmp
|
| 1.15 |
| 26-Jul-1998 |
mycroft | const poisoning.
|
| 1.14 |
| 08-Oct-1997 |
enami | Put a whitespace after the keyword `switch'.
|
| 1.13 |
| 08-Oct-1997 |
enami | Compare a return value of getopt() against -1 instead of EOF.
|
| 1.12 |
| 07-Oct-1997 |
mrg | fix warnings on alpha.
|
| 1.11 |
| 07-Oct-1997 |
mrg | WARNS?=1. RCS ids. did not merge very much of lite-2.
|
| 1.10 |
| 21-Apr-1997 |
mrg | KNF. RCSids. be safe with buffers.
|
| 1.9 |
| 03-Jun-1995 |
mycroft | Fill in sin_len.
|
| 1.8 |
| 05-Aug-1994 |
jtc | Change format specification from %ld to %qd, as off_t's are now quads.
|
| 1.7 |
| 05-May-1994 |
deraadt | branches: 1.7.2;
fix from <arndt@uniko.uni-koblenz.de>
|
| 1.6 |
| 19-Apr-1994 |
pk | Another off_t glitch.
|
| 1.5 |
| 10-Feb-1994 |
briggs | Initialize return value from deliver() to zero. I guess the 386 crowd
has been fortunate. It's odd to see mail delivered and get a bounce
back, though, which is what was happening--spent a while thinking it
was sendmail.
|
| 1.4 |
| 01-Aug-1993 |
mycroft | Add RCS identifiers.
|
| 1.3 |
| 01-Aug-1993 |
mycroft | Fix bogus handling of short writes.
|
| 1.2 |
| 24-May-1993 |
deraadt | mail.local can now use username.lock files as well as flock(). Use the
-l flag in your favorite sendmail.cf file.
|
| 1.1 |
| 21-Mar-1993 |
cgd | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 |
| 07-Oct-1997 |
mrg | lite-2.
|
| 1.1.1.1 |
| 21-Mar-1993 |
cgd | initial import of 386bsd-0.1 sources
|
| 1.7.2.1 |
| 06-Aug-1994 |
mycroft | update from trunk
|
| 1.16.10.1 |
| 17-Oct-2000 |
tv | Pullup libexec string format fixes [is].
See "cvs log" for explicit revision numbers per file, from sommerfeld.
|
| 1.16.2.1 |
| 10-Oct-2000 |
he | Pull up revision 1.17 (requested by is):
Format string cleanup.
|
| 1.23.16.1 |
| 18-May-2008 |
yamt | sync with head.
|
| 1.23.4.1 |
| 03-Jun-2008 |
skrll | Sync with netbsd-4.
|
| 1.23.2.1 |
| 17-May-2008 |
bouyer | Pull up following revision(s) (requested by manu in ticket #1148):
libexec/mail.local/mail.local.c: revision 1.24
Make sure temporary errors are reported as such, using status code
EX_TEMPFAIL (cannot lookup user through NSS, may be because of an
unreachable NIS or LDAP server), or EX_OSERR (other file or memory
related problems).
Sendmail and Postfix should honour EX_TEMPFAIL and EX_OSERR by
queueing the message.
This avoids problems with transcient NSS errors, where the MTA may
successfully lookup a user at a time while mail.local can fail a
few secoonds later.
|
| 1.24.2.1 |
| 18-Sep-2008 |
wrstuden | Sync with wrstuden-revivesa-base-2.
|
| 1.26.24.1 |
| 26-Jul-2016 |
pgoyette | Sync with HEAD
|
| 1.26.22.2 |
| 21-Jul-2016 |
martin | Pull up following revision(s) (requested by shm in ticket #1207):
libexec/mail.local/mail.local.c: revision 1.28
Fix error checks in open(2) calls.
|
| 1.26.22.1 |
| 19-Jul-2016 |
martin | Pull up following revision(s) (requested by shm in ticket #1206):
libexec/mail.local/mail.local.c: revision 1.27
Fix race condition in deliver(), fix resource leak.
|
| 1.26.20.2 |
| 21-Jul-2016 |
martin | Pull up following revision(s) (requested by shm in ticket #1207):
libexec/mail.local/mail.local.c: revision 1.28
Fix error checks in open(2) calls.
|
| 1.26.20.1 |
| 19-Jul-2016 |
martin | Pull up following revision(s) (requested by shm in ticket #1206):
libexec/mail.local/mail.local.c: revision 1.27
Fix race condition in deliver(), fix resource leak.
|
| 1.26.16.2 |
| 21-Jul-2016 |
martin | Pull up following revision(s) (requested by shm in ticket #1392):
libexec/mail.local/mail.local.c: revision 1.28
Fix error checks in open(2) calls.
|
| 1.26.16.1 |
| 19-Jul-2016 |
martin | Pull up following revision(s) (requested by shm in ticket #1391):
libexec/mail.local/mail.local.c: revision 1.27
Fix race condition in deliver(), fix resource leak.
|
| 1.26.10.2 |
| 21-Jul-2016 |
martin | Pull up following revision(s) (requested by shm in ticket #1392):
libexec/mail.local/mail.local.c: revision 1.28
Fix error checks in open(2) calls.
|
| 1.26.10.1 |
| 19-Jul-2016 |
martin | Pull up following revision(s) (requested by shm in ticket #1391):
libexec/mail.local/mail.local.c: revision 1.27
Fix race condition in deliver(), fix resource leak.
|
| 1.26.4.2 |
| 21-Jul-2016 |
martin | Pull up following revision(s) (requested by shm in ticket #1392):
libexec/mail.local/mail.local.c: revision 1.28
Fix error checks in open(2) calls.
|
| 1.26.4.1 |
| 19-Jul-2016 |
martin | Pull up following revision(s) (requested by shm in ticket #1391):
libexec/mail.local/mail.local.c: revision 1.27
Fix race condition in deliver(), fix resource leak.
|
| 1.28.16.1 |
| 17-May-2022 |
bouyer | Pull up following revision(s) (requested by kre in ticket #1455):
libexec/mail.local/mail.local.c: revision 1.29
fix local privilege escalation due to a race condition
NetBSD-SA2016-006 included an incomplete fix for CVE-2016-6253,
a local privilege escalation vulnerability in mail.local(8).
mail.local(8) attempts to open(2) a user's existing mailbox file
to append to it. If that call fails, mail.local(8) will then issue
a second open(2) call to create the file (O_CREAT).
An attacker had the opportunity to create the file in question (as
a symlink, or link to some other file) in between these two open(2) calls.
Fix this by using O_EXCL in the 2nd open call, if the file exists when
that one happens, something is going wrong, so just abort. Also, only
attempt that 2nd open if the reason the first failed was that the file
did not exist (this doesn't fix the issue, but it potentially saves
some cycles).
Thanks to Jan Schaumann for bringing this to our attention.
|
| 1.28.6.1 |
| 17-May-2022 |
bouyer | Pull up following revision(s) (requested by kre in ticket #1743):
libexec/mail.local/mail.local.c: revision 1.29
fix local privilege escalation due to a race condition
NetBSD-SA2016-006 included an incomplete fix for CVE-2016-6253,
a local privilege escalation vulnerability in mail.local(8).
mail.local(8) attempts to open(2) a user's existing mailbox file
to append to it. If that call fails, mail.local(8) will then issue
a second open(2) call to create the file (O_CREAT).
An attacker had the opportunity to create the file in question (as
a symlink, or link to some other file) in between these two open(2) calls.
Fix this by using O_EXCL in the 2nd open call, if the file exists when
that one happens, something is going wrong, so just abort. Also, only
attempt that 2nd open if the reason the first failed was that the file
did not exist (this doesn't fix the issue, but it potentially saves
some cycles).
Thanks to Jan Schaumann for bringing this to our attention.
|
