Index: lpc/cmds.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lpc/cmds.c,v retrieving revision 1.2 retrieving revision 1.2.4.1 diff -u -r1.2 -r1.2.4.1 --- cmds.c 1995/05/30 03:47:58 1.2 +++ cmds.c 1996/11/01 04:56:57 1.2.4.1 @@ -276,7 +276,7 @@ d1 = (struct dirent **)a; d2 = (struct dirent **)b; - if (c1 = strcmp((*d1)->d_name + 3, (*d2)->d_name + 3)) + if ((c1 = strcmp((*d1)->d_name + 3, (*d2)->d_name + 3))) return(c1); c1 = (*d1)->d_name[0]; c2 = (*d2)->d_name[0]; @@ -304,7 +304,7 @@ SD = _PATH_DEFSPOOL; printf("%s:\n", printer); - for (lp = line, cp = SD; *lp++ = *cp++; ) + for (lp = line, cp = SD; (*lp++ = *cp++); ) ; lp[-1] = '/'; @@ -591,7 +591,7 @@ cp1 = buf; while (--argc >= 0) { cp2 = *argv++; - while (*cp1++ = *cp2++) + while ((*cp1++ = *cp2++)) ; cp1[-1] = ' '; } @@ -814,7 +814,7 @@ fd = open(line, O_RDONLY); if (fd < 0 || flock(fd, LOCK_SH|LOCK_NB) == 0) { (void) close(fd); /* unlocks as well */ - printf("\tno daemon present\n"); + printf("\tprinter idle\n"); return; } (void) close(fd); Index: lpc/lpc.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lpc/lpc.c,v retrieving revision 1.1 retrieving revision 1.1.1.1.6.1 diff -u -r1.1 -r1.1.1.1.6.1 --- lpc.c 1994/05/26 05:21:54 1.1 +++ lpc.c 1996/11/01 04:57:02 1.1.1.1.6.1 @@ -171,7 +171,7 @@ longest = 0; nmatches = 0; found = 0; - for (c = cmdtab; p = c->c_name; c++) { + for (c = cmdtab; (p = c->c_name); c++) { for (q = name; *q == *p++; q++) if (*q == 0) /* exact match? */ return(c); Index: lpd/lpd.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lpd/lpd.c,v retrieving revision 1.1 retrieving revision 1.1.1.1.6.1 diff -u -r1.1 -r1.1.1.1.6.1 --- lpd.c 1994/05/26 05:21:52 1.1 +++ lpd.c 1996/11/01 04:57:09 1.1.1.1.6.1 @@ -176,6 +176,7 @@ } #define mask(s) (1 << ((s) - 1)) omask = sigblock(mask(SIGHUP)|mask(SIGINT)|mask(SIGQUIT)|mask(SIGTERM)); + (void) umask(07); signal(SIGHUP, mcleanup); signal(SIGINT, mcleanup); signal(SIGQUIT, mcleanup); @@ -190,6 +191,7 @@ syslog(LOG_ERR, "ubind: %m"); exit(1); } + (void) umask(0); sigsetmask(omask); FD_ZERO(&defreadfds); FD_SET(funix, &defreadfds); @@ -242,6 +244,10 @@ domain = AF_INET, fromlen = sizeof(frominet); s = accept(finet, (struct sockaddr *)&frominet, &fromlen); + if (frominet.sin_port == htons(20)) { + close(s); + continue; + } } if (s < 0) { if (errno != EINTR) @@ -459,9 +465,11 @@ register FILE *hostf; int first = 1; extern char *inet_ntoa(); + int good = 0; f->sin_port = ntohs(f->sin_port); - if (f->sin_family != AF_INET || f->sin_port >= IPPORT_RESERVED) + if (f->sin_family != AF_INET || f->sin_port >= IPPORT_RESERVED || + f->sin_port == htons(20)) fatal("Malformed from address"); /* Need real hostname for temporary filenames */ @@ -471,10 +479,24 @@ fatal("Host name for your address (%s) unknown", inet_ntoa(f->sin_addr)); - (void) strncpy(fromb, hp->h_name, sizeof(fromb)); + (void) strncpy(fromb, hp->h_name, sizeof(fromb) - 1); from[sizeof(fromb) - 1] = '\0'; from = fromb; + /* Check for spoof, ala rlogind */ + hp = gethostbyname(fromb); + if (!hp) + fatal("hostname for your address (%s) unknown", + inet_ntoa(f->sin_addr)); + for (; good == 0 && hp->h_addr_list[0] != NULL; hp->h_addr_list++) { + if (!bcmp(hp->h_addr_list[0], (caddr_t)&f->sin_addr, + sizeof(f->sin_addr))) + good = 1; + } + if (good == 0) + fatal("address for your hostname (%s) not matched", + inet_ntoa(f->sin_addr)); + hostf = fopen(_PATH_HOSTSEQUIV, "r"); again: if (hostf) { @@ -493,15 +515,3 @@ fatal("Your host does not have line printer access"); /*NOTREACHED*/ } - - - - - - - - - - - - Index: lpd/recvjob.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lpd/recvjob.c,v retrieving revision 1.2 retrieving revision 1.2.4.1 diff -u -r1.2 -r1.2.4.1 --- recvjob.c 1995/05/30 03:48:01 1.2 +++ recvjob.c 1996/11/01 04:57:17 1.2.4.1 @@ -170,7 +170,8 @@ * returns */ strcpy(cp + 6, from); - strcpy(tfname, cp); + strncpy(tfname, cp, sizeof tfname-1); + tfname[sizeof tfname-1] = '\0'; tfname[0] = 't'; if (!chksize(size)) { (void) write(1, "\2", 1); @@ -197,7 +198,8 @@ (void) write(1, "\2", 1); continue; } - (void) strcpy(dfname, cp); + (void) strncpy(dfname, cp, sizeof dfname-1); + dfname[sizeof dfname-1] = '\0'; if (index(dfname, '/')) frecverr("readjob: %s: illegal path name", dfname); Index: lpr/lpr.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lpr/lpr.c,v retrieving revision 1.2.4.2 retrieving revision 1.2.4.3 diff -u -r1.2.4.2 -r1.2.4.3 --- lpr.c 1995/10/09 08:39:17 1.2.4.2 +++ lpr.c 1996/10/26 01:16:37 1.2.4.3 @@ -481,7 +481,7 @@ register int len = 2; *p1++ = c; - while ((c = *p2++) != '\0') { + while ((c = *p2++) != '\0' && len < sizeof(buf)) { *p1++ = (c == '\n') ? ' ' : c; len++; } Index: lptest/lptest.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/lptest/lptest.c,v retrieving revision 1.1 retrieving revision 1.1.1.1.6.1 diff -u -r1.1 -r1.1.1.1.6.1 --- lptest.c 1994/05/26 05:21:55 1.1 +++ lptest.c 1996/11/01 04:57:50 1.1.1.1.6.1 @@ -48,7 +48,7 @@ /* * lptest -- line printer test program (and other devices). */ -void +int main(argc, argv) int argc; char **argv; Index: pac/pac.c =================================================================== RCS file: /home/freebsd/CVS/src/usr.sbin/lpr/pac/pac.c,v retrieving revision 1.2.4.1 retrieving revision 1.2.4.2 diff -u -r1.2.4.1 -r1.2.4.2 --- pac.c 1995/08/26 11:50:53 1.2.4.1 +++ pac.c 1996/11/01 04:57:52 1.2.4.2 @@ -98,7 +98,7 @@ static int qucmp __P((const void *, const void *)); static void rewrite __P((void)); -void +int main(argc, argv) int argc; char **argv;