overflow patches that were "near" to where these operations are taking
place. The buffer overflows are from OpenBSD. The setuid/seteuid patches
are from NetBSD by way of OpenBSD (they changed them a little), at least from
my read of the tree.
This is the first of a series of OpenBSD lpr/et al merges. It (and them)
should be merged back into 2.2 and/or 2.1 (if requested) branches when they
have been shaken out in -current.
Obtained from: OpenBSD
the hostname into. In theory the bind library should do this, but
in practice the limites between system defines and bind defines make
an attack using this vector possible. These patches have been in
use on my systems for three months now, so I am fairly confident about
them. I plan on commiting this to 2.2 and 2.1 in the near future,
as well as many other patches of this nature.
Rev 1.4 deraadt: (partial from full commit, other files not done yet)
proactive bounds checking; help from millert
Rev 1.5 millert:
Possible buf oflow.
Plus minor style nits to keep the style police happy (I hope)
Obtained from: OpenBSD
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
From NetBSD via OpenBSD to fix NetBSD PR #506
More descriptive message for printer status
(OpenBSD: 1.2)
Various warnings cleaned up (OpenBSD: 1.4)
lpc/lpc.c:
Various warnings cleaned up (OpenBSD: 1.3)
lpd/lpd.c:
Remove trailing blank lines (OpenBSD: 1.2)
Potential umask problem with creating /dev/printer
(OpenBSD: 1.4 and 1.5)
Ftp bounce attack (untested on FreeBSD)
(OpenBSD: 1.6, 1.8, 1.9)
Fencepost in strncpy
(OpenBSD: 1.6)
lpd/printjob.c:
Fix from freebsd for waiting for an exiting filter, that
appears not in the FreeBSD CVS tree.
(OpenBSD: 1.6)
lpd/recvjob.c:
Buffer overflow protection: use strncpy rather than strcpy.
(OpenBSD: 1.3)
lpr/lpr.c:
NetBSD change of return type for main()
(OpenBSD: 1.2)
Restrict time running as root
(OpenBSD: 1.7)
Use getcwd rather than getwd (from NetBSD)
Use snprintf rather than sprintf
(OpenBSD: 1.8)
Minor tweak to end of loop and buffer overflow sanity. card()
overflow already in FreeBSD
(OpenBSD: 1.9)
lptest/lptest.c:
void -> int return type of main, from NetBSD via OpenBSD
(OpenBSD: 1.2)
pac/pac.c:
void -> int return type of main, from NetBSD via OpenBSD
(OpenBSD: 1.3)
Obtained from: OpenBSD
buffer which could be made to lead to a root shell. This patch is
OpenBSD's solution to the problem, and will silently truncate the
output rather than overflow the buffer.
Obtained from: OpenBSD
having a hosts.lpd(5) manpage and some references to it from
within lpd(8) might help here. Close PR docs/1277
Submitted by: andreas@knobel.gun.de (Andreas Klemm)
orthogonal with the rest of the system (you can now use either -PPS or
-P PS), and makes the parser more intelligible. The only drawback is
that the old semantics for the -i flag in case a non-numeric argument
is following are no longer fully supported (only if -i is the very
last arg at all), since getopt(3) doesn't support the discticnction
between numeric and non-numeric arguments.
Make lpr also understand dashes as input pseudo filenames. This
finally makes lp(1) fully comply with Posix.2.
The removed files are no longer needed, they are actually labelled as
``Use only if you are not 4.4BSD''. (Yeah, the ol' crufty printcap.c
is really gone!)
Properly declare all external objects in files ending in .h, as
opposed to embed them into files ending in .c.
surprising how many trivial errors there have been... :-)
Some more cleanup is needed, but i'd like to separate the Lite2 changes
from other work, that's why this goes into a different commit.
People with serial printers should see whether i have broken the stty-
style printcap options (i hope not).
Inspired by: Sergey Shkonda <serg@bcs1.bcs.zaporizhzhe.ua>
man pages up to mdoc guidelines and fix some minor formatting glitches.
Also fixed a number of man pages to not abuse the .Xr macro to
display functions and path names and a lot of other junk.
printjob.c: Use termios instead of sgtty structs and ioctls; remove
support for fs/fc/xs/xc capabilities, and replace them with the ms
capability (stty-like words, instead of octal bit patterns).
modes.c: Modified from stty's file, parses comma-seperated list of
tty modes (e.g., "cs8,-paren,-opost").
Reviewed by: rgrimes, joerg
interface set at 57600 baud, and I found out the hard way that lpd doesn't
know about speeds greater than 38400, even though <sys/ttydev.h> also
permits 57600 and 115200 baud. Fix this by adding B57600 and B115200 to the
'bauds' table. (The Apple printer worked properly once I did this, BTW. :)
is writeable (by the real uid). if it is, lpr assumes that the file
can be unlinked. lpr does not check for directories with S_ISVTX set
Reviewed by: dima
>Number: 368
>Category: bin
>Synopsis: Lpd doesn't log errors after failed exec
>Description:
If an exec done by lpd fails, nothing is sent to the system log
indicating what went wrong. This is because lpd closes all of
the file descriptors before doing the exec, thus closing the syslog
file descriptor in the process.
[Fix applied]
Submitted by: pritc003@maroon.tc.umn.edu
This command is required to exist in terms of compatibility with the
Posix 1003.2 specification. It actually invokes the lpr service with
the proper options.