NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/47098: mail(1): SEGV with bad globbed file argument
>Number: 47098
>Category: bin
>Synopsis: mail(1): SEGV with bad globbed file argument
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Oct 20 21:25:00 +0000 2012
>Originator: Steffen "Daode" Nurpmeso
>Release: 6.0_RC2
>Organization:
>Environment:
>Description:
outof(): expand() may return NULL, but that isn't checked - SEGV.
>How-To-Repeat:
echo au | mail -s boom '"./bautz'
>Fix:
Use S-nail(1).
.-------)
diff --git a/src/usr.bin/mail/names.c b/src/usr.bin/mail/names.c
index f5e5d58..fc214aa 100644
--- a/src/usr.bin/mail/names.c
+++ b/src/usr.bin/mail/names.c
@@ -347,6 +347,12 @@ outof(struct name *names, FILE *fo, struct header *hp)
free_child(pid);
} else {
int f;
+ if (fname == NULL) {
+ warnx("Filename expansion of %s failed",
+ np->n_name);
+ senderr++;
+ goto cant;
+ }
if ((fout = Fopen(fname, "a")) == NULL) {
warn("%s", fname);
senderr++;
Home |
Main Index |
Thread Index |
Old Index