1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
From: Wichert Akkerman <wakkerma@debian.org>
Date: Tue, 8 Aug 2000 11:42:00 -0700
Subject: 05 Mailx fixes
mailx (1:8.1.1-10.1.3) frozen unstable; urgency=high
* More security fixes
* Don't allow one to set interactive in mailrc (or interactively)
* Modify the variable-handling code to grok NULL values
-- Wichert Akkerman <wakkerma@debian.org> Mon, 7 Aug 2000 17:22:57 -0700
mailx (1:8.1.1-10.1.2) frozen unstable; urgency=high
* Another security problem: refuse to get the interactive variable
from the environment by explicitly setting it in the hashtable.
-- Wichert Akkerman <wakkerma@debian.org> Mon, 7 Aug 2000 12:36:10 -0700
---
extern.h | 2 +-
mail.1 | 9 ++++++++-
main.c | 20 ++++++++++++++++++++
names.c | 10 ++++++----
vars.c | 5 +++--
5 files changed, 38 insertions(+), 8 deletions(-)
diff --git a/extern.h b/extern.h
index 8c5edaa..6ee17f5 100644
--- a/extern.h
+++ b/extern.h
@@ -75,7 +75,7 @@ const char
*username(void);
char *value(char *);
char *vcopy(char *);
-char *yankword(char *, char *);
+char *yankword(char *, char *, int);
int Fclose(FILE *);
int More(void *);
int Pclose(FILE *);
diff --git a/mail.1 b/mail.1
index 96a907c..3e10a50 100644
--- a/mail.1
+++ b/mail.1
@@ -1192,10 +1192,17 @@ command; normally, the first five lines are printed.
utilizes the
.Ev HOME ,
.Ev LOGNAME ,
+.Ev USER ,
+.Ev SHELL ,
+.Ev DEAD ,
+.Ev PAGER ,
+.Ev LISTER ,
+.Ev EDITOR ,
+.Ev VISUAL
.Ev MAIL ,
.Ev MAILRC ,
and
-.Ev USER
+.Ev MBOX
environment variables.
.Pp
If the
diff --git a/main.c b/main.c
index aac1e89..425646a 100644
--- a/main.c
+++ b/main.c
@@ -105,6 +105,7 @@ main(int argc, char **argv)
char *subject;
char *header = NULL;
char *ef;
+ char* cmd;
char nosrc = 0;
char *rc;
extern const char version[];
@@ -133,6 +134,25 @@ main(int argc, char **argv)
(void)signal(SIGPIPE, SIG_IGN);
if (isatty(0))
assign("interactive", "");
+
+ /*
+ * Grab some stuff from the environment we might use
+ */
+
+ if ((cmd = getenv("PAGER")))
+ assign("PAGER", cmd);
+ if ((cmd = getenv("LISTER")))
+ assign("LISTER", cmd);
+ if ((cmd = getenv("SHELL")))
+ assign("SHELL", cmd);
+ if ((cmd = getenv("EDITOR")))
+ assign("EDITOR", cmd);
+ if ((cmd = getenv("VISUAL")))
+ assign("VISUAL", cmd);
+ if ((cmd = getenv("MBOX")))
+ assign("MBOX", cmd);
+ if ((cmd = getenv("DEAD")))
+ assign("DEAD", cmd);
image = -1;
/*
* Now, determine how we are being used.
diff --git a/names.c b/names.c
index 8f35e6d..ce00861 100644
--- a/names.c
+++ b/names.c
@@ -94,7 +94,7 @@ extract(char *line, int ntype)
top = NULL;
np = NULL;
cp = line;
- while ((cp = yankword(cp, nbuf)) != NULL) {
+ while ((cp = yankword(cp, nbuf, BUFSIZ)) != NULL) {
t = nalloc(nbuf, ntype);
if (top == NULL)
top = t;
@@ -155,9 +155,10 @@ detract(struct name *np, int ntype)
* Throw away things between ()'s, and take anything between <>.
*/
char *
-yankword(char *ap, char *wbuf)
+yankword(char *ap, char *wbuf, int maxsize)
{
char *cp, *cp2;
+ int used = 0;
cp = ap;
for (;;) {
@@ -184,10 +185,11 @@ yankword(char *ap, char *wbuf)
break;
}
if (*cp == '<')
- for (cp2 = wbuf; *cp && (*cp2++ = *cp++) != '>';)
+ /* Pre-increment "used" so we leave room for the trailing zero */
+ for (cp2 = wbuf; *cp && (++used < maxsize) && (*cp2++ = *cp++) != '>';)
;
else
- for (cp2 = wbuf; *cp && !strchr(" \t,(", *cp); *cp2++ = *cp++)
+ for (cp2 = wbuf; *cp && (++used < maxsize) && !strchr(" \t,(", *cp); *cp2++ = *cp++)
;
*cp2 = '\0';
return(cp);
diff --git a/vars.c b/vars.c
index 47ea353..c37e6be 100644
--- a/vars.c
+++ b/vars.c
@@ -70,8 +70,7 @@ assign(char *name, char *value)
void
vfree(char *cp)
{
-
- if (*cp)
+ if (cp && *cp)
(void)free(cp);
}
@@ -84,6 +83,8 @@ vcopy(char *str)
{
char *new;
+ if (str == NULL)
+ return NULL;
if (*str == '\0')
return("");
if ((new = strdup(str)) == NULL)
|
