3 Security patches for jitterbug (taken from Debian GNU/Linux).
4 See http://www.debian.org/security/2004/dsa-420
6 --- new_message.c.orig Wed Nov 11 13:30:17 1998
7 +++ new_message.c Wed Jan 14 17:34:04 2004
12 +/* This function should always return success */
13 +static int mail_failure(char* from, char* to, char* content)
16 + fd = smtp_start_mail(from, to, NULL, NULL, "Request failed", strlen(content));
18 + fprintf(stderr, "Failed to send failure\n");
21 + smtp_write(fd, "\n");
22 + smtp_write_data(fd, content);
27 +static int is_a_bug(char* name)
29 + if (*name >= '1' && *name <= '9')
30 + return !is_directory(name);
34 +static int get_bug(char *mbuf, char* to, char *query)
38 + char *subject="Jitterbug results";
40 + unsigned int size=0;
47 + snprintf(boundary, sizeof(boundary), "jitterbug-burp-%d-%d", getpid(), time(NULL));
49 + /* maybe check for lp_download? */
50 + /* maybe add info to audit? */
51 + from = lp_from_address();
53 + while (*query && *query == ' ') query++;
54 + if (!strncmp(query, "list", 4)) {
55 + char** dir_l, **file_l;
58 + fd = smtp_start_mail(from, to, NULL, NULL, subject, 0);
62 + msg_id = getmailheader(mbuf, "Message-ID:", 0);
64 + smtp_write(fd, "References: %s\n", msg_id);
65 + smtp_write(fd, "\nList for query: %s\n\n", query);
66 + trim_string(query, " ", " ");
67 + /* use strtok to allow multiple queries */
68 + if (!*query || *query == '/' || *query == '.') {
70 + dir_l = load_dir_list(query, is_directory);
73 + add_list_item(dir_l, query);
75 + for (i=0; dir_l && dir_l[i]; ++i) {
76 + file_l = load_dir_list(dir_l[i], is_a_bug);
77 + /* maybe add subject, from, ... */
78 + for (j=0; file_l && file_l[j]; ++j)
79 + smtp_write(fd, "%s/%s\n", dir_l[i], file_l[j]);
85 + } else if (!strncmp(query, "get", 3)) {
87 + } else if (!strncmp(query, "search", 6)) {
89 + snprintf(buf, sizeof(buf), "Not implemeted (%s)\n", query);
90 + return mail_failure(from, to, buf);
92 + snprintf(buf, sizeof(buf), "Not implemeted (%s)\n", query);
93 + return mail_failure(from, to, buf);
96 + fd = smtp_start_mail(from, to, NULL, NULL, subject, 0);
100 + msg_id = getmailheader(mbuf, "Message-ID:", 0);
102 + smtp_write(fd, "References: %s\n", msg_id);
103 + smtp_write(fd, "Mime-Version: 1.0\n");
104 + smtp_write(fd, "Content-Type: multipart/mixed; boundary=%s\n\n", boundary);
105 + msg_list = strdup(query);
106 + for (query = strtok(msg_list, " \t,;"); query; query = strtok(NULL, " \t,;")) {
107 + smtp_write(fd, "\n--%s\nContent-Type: text/plain; charset=us-ascii\n", boundary);
108 + /* a few security checks */
109 + if (*query == '/' || strchr(query, '.') || !(p=strchr(query, '/'))) {
110 + smtp_write(fd, "\nNot allowed (%s)\n", query);
114 + if ( !is_directory(query) ) {
115 + smtp_write(fd, "\nNot allowed (%s)\n", query);
119 + bug = load_file(query, &st, 0);
121 + smtp_write(fd, "\nCannot load (%s)\n", query);
124 + /* replace / with _ in filename */
127 + if (*p == '/') *p = '_';
130 + smtp_write(fd, "Content-Disposition: attachment; filename=\"%s\"\n\n", query);
131 + smtp_write_data(fd, bug);
140 int process_mail(char *def_dir)
146 + if (strncasecmp(from, "MAILER-DAEMON", 13) == 0) {
147 + fprintf(stderr,"Ignoring bounced mail\n");
151 /* work out if it has an existing id */
157 + subject = getmailheader(mbuf, "Subject:", 0);
158 + if (subject && !strncmp(subject, "GETBUG:", 7)) {
160 + return get_bug(mbuf, from, subject + 7);
164 char *idfile = load_file(".nextid", NULL, 0);
169 /* forward to "forward public" if message not marked private */
170 - subject = getmailheader(mbuf, "Subject:", 0);
173 lp_forward_public() && !strstr(subject,"PRIVATE")) {