[packages/sendmail.git] / smrsh-20020924.patch

diff -urN sendmail-8.12.6.orig/smrsh/smrsh.c sendmail-8.12.6/smrsh/smrsh.c
--- sendmail-8.12.6.orig/smrsh/smrsh.c	Mon Oct 14 17:29:31 2002
+++ sendmail-8.12.6/smrsh/smrsh.c	Mon Oct 14 17:50:32 2002
@@ -57,6 +57,8 @@
 #include <sm/limits.h>
 #include <sm/string.h>
 #include <sys/file.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 #include <string.h>
 #include <ctype.h>
 #include <errno.h>
@@ -145,6 +147,7 @@
 	char *newenv[2];
 	char pathbuf[1000];
 	char specialbuf[32];
+	struct stat st;
 
 #ifndef DEBUG
 # ifndef LOG_MAIL
@@ -302,6 +305,38 @@
 			(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
 					     "Trying %s\n", cmdbuf);
 #endif /* DEBUG */
+			if (stat(cmdbuf, &st) < 0)
+			{
+				/* can't stat it */
+				(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
+						     "%s: %s not available for sendmail programs (stat failed)\n",
+						      prg, cmd);
+				if (p != NULL)
+					*p = ' ';
+#ifndef DEBUG
+				syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)",
+				       (int) getuid(), cmd);
+#endif /* ! DEBUG */
+				exit(EX_UNAVAILABLE);
+			}
+			if (!S_ISREG(st.st_mode)
+#ifdef S_ISLNK
+			    && !S_ISLNK(st.st_mode)
+#endif /* S_ISLNK */
+			   )
+			{
+				/* can't stat it */
+				(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
+						     "%s: %s not available for sendmail programs (not a file)\n",
+						      prg, cmd);
+				if (p != NULL)
+					*p = ' ';
+#ifndef DEBUG
+				syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)",
+				       (int) getuid(), cmd);
+#endif /* ! DEBUG */
+				exit(EX_UNAVAILABLE);
+			}
 			if (access(cmdbuf, X_OK) < 0)
 			{
 				/* oops....  crack attack possiblity */
Commit	Line	Data
8a9976d5 KT	1	diff -urN sendmail-8.12.6.orig/smrsh/smrsh.c sendmail-8.12.6/smrsh/smrsh.c
	2	--- sendmail-8.12.6.orig/smrsh/smrsh.c Mon Oct 14 17:29:31 2002
	3	+++ sendmail-8.12.6/smrsh/smrsh.c Mon Oct 14 17:50:32 2002
	4	@@ -57,6 +57,8 @@
	5	#include <sm/limits.h>
	6	#include <sm/string.h>
	7	#include <sys/file.h>
	8	+#include <sys/types.h>
	9	+#include <sys/stat.h>
	10	#include <string.h>
	11	#include <ctype.h>
	12	#include <errno.h>
	13	@@ -145,6 +147,7 @@
	14	char *newenv[2];
	15	char pathbuf[1000];
	16	char specialbuf[32];
	17	+ struct stat st;
	18
	19	#ifndef DEBUG
	20	# ifndef LOG_MAIL
	21	@@ -302,6 +305,38 @@
	22	(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
	23	"Trying %s\n", cmdbuf);
	24	#endif /* DEBUG */
	25	+ if (stat(cmdbuf, &st) < 0)
	26	+ {
	27	+ /* can't stat it */
	28	+ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
	29	+ "%s: %s not available for sendmail programs (stat failed)\n",
	30	+ prg, cmd);
	31	+ if (p != NULL)
	32	+ *p = ' ';
	33	+#ifndef DEBUG
	34	+ syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)",
	35	+ (int) getuid(), cmd);
	36	+#endif /* ! DEBUG */
	37	+ exit(EX_UNAVAILABLE);
	38	+ }
	39	+ if (!S_ISREG(st.st_mode)
	40	+#ifdef S_ISLNK
	41	+ && !S_ISLNK(st.st_mode)
	42	+#endif /* S_ISLNK */
	43	+ )
	44	+ {
	45	+ /* can't stat it */
	46	+ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
	47	+ "%s: %s not available for sendmail programs (not a file)\n",
	48	+ prg, cmd);
	49	+ if (p != NULL)
	50	+ *p = ' ';
	51	+#ifndef DEBUG
	52	+ syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)",
	53	+ (int) getuid(), cmd);
	54	+#endif /* ! DEBUG */
	55	+ exit(EX_UNAVAILABLE);
	56	+ }
	57	if (access(cmdbuf, X_OK) < 0)
	58	{
	59	/* oops.... crack attack possiblity */