Index: lpc/cmds.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lpc/cmds.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- cmds.c 1996/05/05 22:40:44 1.3 +++ cmds.c 1996/10/27 03:06:21 1.4 @@ -277,7 +277,7 @@ d1 = (struct dirent **)a; d2 = (struct dirent **)b; - if (c1 = strcmp((*d1)->d_name + 3, (*d2)->d_name + 3)) + if ((c1 = strcmp((*d1)->d_name + 3, (*d2)->d_name + 3))) return(c1); c1 = (*d1)->d_name[0]; c2 = (*d2)->d_name[0]; @@ -305,7 +305,7 @@ SD = _PATH_DEFSPOOL; printf("%s:\n", printer); - for (lp = line, cp = SD; *lp++ = *cp++; ) + for (lp = line, cp = SD; (*lp++ = *cp++); ) ; lp[-1] = '/'; @@ -592,7 +592,7 @@ cp1 = buf; while (--argc >= 0) { cp2 = *argv++; - while (*cp1++ = *cp2++) + while ((*cp1++ = *cp2++)) ; cp1[-1] = ' '; } @@ -815,7 +815,7 @@ fd = open(line, O_RDONLY); if (fd < 0 || flock(fd, LOCK_SH|LOCK_NB) == 0) { (void) close(fd); /* unlocks as well */ - printf("\tno daemon present\n"); + printf("\tprinter idle\n"); return; } (void) close(fd); Index: lpc/lpc.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lpc/lpc.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- lpc.c 1996/05/09 22:44:18 1.2 +++ lpc.c 1996/10/27 03:06:23 1.3 @@ -178,7 +178,7 @@ longest = 0; nmatches = 0; found = 0; - for (c = cmdtab; p = c->c_name; c++) { + for (c = cmdtab; (p = c->c_name); c++) { for (q = name; *q == *p++; q++) if (*q == 0) /* exact match? */ return(c); Index: lpd/lpd.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lpd/lpd.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- lpd.c 1996/05/09 22:44:22 1.2 +++ lpd.c 1996/10/27 03:06:39 1.3 @@ -179,6 +179,7 @@ } #define mask(s) (1 << ((s) - 1)) omask = sigblock(mask(SIGHUP)|mask(SIGINT)|mask(SIGQUIT)|mask(SIGTERM)); + (void) umask(07); signal(SIGHUP, mcleanup); signal(SIGINT, mcleanup); signal(SIGQUIT, mcleanup); @@ -193,6 +194,7 @@ syslog(LOG_ERR, "ubind: %m"); exit(1); } + (void) umask(0); sigsetmask(omask); FD_ZERO(&defreadfds); FD_SET(funix, &defreadfds); @@ -245,6 +247,10 @@ domain = AF_INET, fromlen = sizeof(frominet); s = accept(finet, (struct sockaddr *)&frominet, &fromlen); + if (frominet.sin_port == htons(20)) { + close(s); + continue; + } } if (s < 0) { if (errno != EINTR) @@ -494,9 +500,11 @@ register struct hostent *hp; register FILE *hostf; int first = 1; + int good = 0; f->sin_port = ntohs(f->sin_port); - if (f->sin_family != AF_INET || f->sin_port >= IPPORT_RESERVED) + if (f->sin_family != AF_INET || f->sin_port >= IPPORT_RESERVED || + f->sin_port == htons(20)) fatal("Malformed from address"); /* Need real hostname for temporary filenames */ @@ -506,10 +514,24 @@ fatal("Host name for your address (%s) unknown", inet_ntoa(f->sin_addr)); - (void) strncpy(fromb, hp->h_name, sizeof(fromb)); + (void) strncpy(fromb, hp->h_name, sizeof(fromb) - 1); from[sizeof(fromb) - 1] = '\0'; from = fromb; + /* Check for spoof, ala rlogind */ + hp = gethostbyname(fromb); + if (!hp) + fatal("hostname for your address (%s) unknown", + inet_ntoa(f->sin_addr)); + for (; good == 0 && hp->h_addr_list[0] != NULL; hp->h_addr_list++) { + if (!bcmp(hp->h_addr_list[0], (caddr_t)&f->sin_addr, + sizeof(f->sin_addr))) + good = 1; + } + if (good == 0) + fatal("address for your hostname (%s) not matched", + inet_ntoa(f->sin_addr)); + hostf = fopen(_PATH_HOSTSEQUIV, "r"); again: if (hostf) { @@ -528,15 +550,3 @@ fatal("Your host does not have line printer access"); /*NOTREACHED*/ } - - - - - - - - - - - - Index: lpd/printjob.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lpd/printjob.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- printjob.c 1996/09/29 19:12:55 1.10 +++ printjob.c 1996/10/27 03:06:42 1.11 @@ -288,6 +288,8 @@ if (TR != NULL) /* output trailer */ (void) write(ofd, TR, strlen(TR)); } + (void) close(ofd); + (void) wait(NULL); (void) unlink(tempfile); exit(0); } Index: lpd/recvjob.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lpd/recvjob.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- recvjob.c 1996/05/09 22:44:25 1.4 +++ recvjob.c 1996/10/27 03:06:43 1.5 @@ -170,7 +170,8 @@ * returns */ strcpy(cp + 6, from); - strcpy(tfname, cp); + strncpy(tfname, cp, sizeof tfname-1); + tfname[sizeof tfname-1] = '\0'; tfname[0] = 't'; if (!chksize(size)) { (void) write(1, "\2", 1); @@ -197,7 +198,8 @@ (void) write(1, "\2", 1); continue; } - (void) strcpy(dfname, cp); + (void) strncpy(dfname, cp, sizeof dfname-1); + dfname[sizeof dfname-1] = '\0'; if (index(dfname, '/')) frecverr("readjob: %s: illegal path name", dfname); Index: lpr/lpr.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lpr/lpr.c,v retrieving revision 1.7 retrieving revision 1.10 diff -u -r1.7 -r1.10 --- lpr.c 1996/05/11 19:00:55 1.7 +++ lpr.c 1996/10/27 03:06:46 1.10 @@ -45,7 +45,7 @@ #ifndef lint static char sccsid[] = "From: @(#)lpr.c 8.4 (Berkeley) 4/28/95" - "\n$Id: lpr.c,v 1.7 1996/05/11 19:00:55 joerg Exp $\n"; + "\n$Id: lpr.c,v 1.10 1996/10/27 03:06:46 imp Exp $\n"; #endif /* not lint */ /* @@ -113,7 +113,7 @@ static int test __P((char *)); static void usage __P((void)); -void +int main(argc, argv) int argc; char *argv[]; @@ -272,7 +272,7 @@ /* * Check to make sure queuing is enabled if userid is not root. */ - (void) sprintf(buf, "%s/%s", SD, LO); + (void) snprintf(buf, sizeof(buf), "%s/%s", SD, LO); if (userid && stat(buf, &stb) == 0 && (stb.st_mode & 010)) fatal2("Printer queue is disabled"); /* @@ -321,7 +321,8 @@ continue; /* file unreasonable */ if (sflag && (cp = linked(arg)) != NULL) { - (void) sprintf(buf, "%d %d", statb.st_dev, statb.st_ino); + (void) snprintf(buf, sizeof(buf), "%d %d", statb.st_dev, + statb.st_ino); card('S', buf); if (format == 'p') card('T', title ? title : arg); @@ -339,12 +340,12 @@ printf("%s: %s: not linked, copying instead\n", name, arg); if ((i = open(arg, O_RDONLY)) < 0) { printf("%s: cannot open %s\n", name, arg); - continue; + } else { + copy(i, arg); + (void) close(i); + if (f && unlink(arg) < 0) + printf("%s: %s: not removed\n", name, arg); } - copy(i, arg); - (void) close(i); - if (f && unlink(arg) < 0) - printf("%s: %s: not removed\n", name, arg); } if (nact) { @@ -434,7 +435,7 @@ static char buf[BUFSIZ]; if (*file != '/') { - if (getwd(buf) == NULL) + if (getcwd(buf,sizeof(buf)) == NULL) return(NULL); while (file[0] == '.') { switch (file[1]) { @@ -471,7 +472,7 @@ register int len = 2; *p1++ = c; - while ((c = *p2++) != '\0') { + while ((c = *p2++) != '\0' && len < sizeof(buf)) { *p1++ = (c == '\n') ? ' ' : c; len++; } @@ -693,7 +694,7 @@ register char *cp; char buf[BUFSIZ]; - (void) sprintf(buf, "%s/.seq", SD); + (void) snprintf(buf, sizeof(buf), "%s/.seq", SD); if ((fd = open(buf, O_RDWR|O_CREAT, 0661)) < 0) { printf("%s: cannot create %s\n", name, buf); exit(1); @@ -717,7 +718,7 @@ inchar = strlen(SD) + 3; n = (n + 1) % 1000; (void) lseek(fd, (off_t)0, 0); - sprintf(buf, "%03d\n", n); + snprintf(buf, sizeof(buf), "%03d\n", n); (void) write(fd, buf, strlen(buf)); (void) close(fd); /* unlocks as well */ } @@ -734,7 +735,7 @@ if ((s = malloc(len)) == NULL) fatal2("out of memory"); - (void) sprintf(s, "%s/%sA%03d%s", SD, id, num, host); + (void) snprintf(s, len, "%s/%sA%03d%s", SD, id, num, host); return(s); } Index: lptest/lptest.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lptest/lptest.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- lptest.c 1994/05/26 05:21:55 1.1 +++ lptest.c 1996/10/27 03:06:49 1.2 @@ -48,7 +48,7 @@ /* * lptest -- line printer test program (and other devices). */ -void +int main(argc, argv) int argc; char **argv; Index: pac/pac.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/pac/pac.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- pac.c 1995/07/17 13:14:01 1.3 +++ pac.c 1996/10/27 03:06:52 1.4 @@ -98,7 +98,7 @@ static int qucmp __P((const void *, const void *)); static void rewrite __P((void)); -void +int main(argc, argv) int argc; char **argv;