From 713c03d57ac37f26c3f21be53606c222d68b9e4f Mon Sep 17 00:00:00 2001 From: Peter Wemm Date: Tue, 5 Aug 2014 01:32:09 +0000 Subject: [PATCH] Check gethostname(2) return code - but even if it succeeds it may not null terminate. Temporarily use "From: $user@$hostname" rather than "From: $user". The latter exposes incompatible behavior if using dma(8). sendmail(8) (and other alternatives) canonify either form on submission (even if masquerading), but dma will leak a non-compliant address to the internet. --- usr.sbin/cron/cron/do_command.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/usr.sbin/cron/cron/do_command.c b/usr.sbin/cron/cron/do_command.c index fee4131101eb..8dfd4f66aa8f 100644 --- a/usr.sbin/cron/cron/do_command.c +++ b/usr.sbin/cron/cron/do_command.c @@ -481,14 +481,17 @@ child_process(e, u) auto char mailcmd[MAX_COMMAND]; auto char hostname[MAXHOSTNAMELEN]; - (void) gethostname(hostname, MAXHOSTNAMELEN); + if (gethostname(hostname, MAXHOSTNAMELEN) == -1) + hostname[0] = '\0'; + hostname[sizeof(hostname) - 1] = '\0'; (void) snprintf(mailcmd, sizeof(mailcmd), MAILARGS, MAILCMD); if (!(mail = cron_popen(mailcmd, "w", e))) { warn("%s", MAILCMD); (void) _exit(ERROR_EXIT); } - fprintf(mail, "From: %s (Cron Daemon)\n", usernm); + fprintf(mail, "From: Cron Daemon <%s@%s>\n", + usernm, hostname); fprintf(mail, "To: %s\n", mailto); fprintf(mail, "Subject: Cron <%s@%s> %s\n", usernm, first_word(hostname, "."),