From 0e653ffc6ab98c7351f50e511206213cdf47d6b5 Mon Sep 17 00:00:00 2001 From: ngie Date: Wed, 19 Jul 2017 20:29:07 +0000 Subject: [PATCH] MFC r269550: r269550 (by peter): Check gethostname(2) return code - but even if it succeeds it may not null terminate. Temporarily use "From: $user@$hostname" rather than "From: $user". The latter exposes incompatible behavior if using dma(8). sendmail(8) (and other alternatives) canonify either form on submission (even if masquerading), but dma will leak a non-compliant address to the internet. git-svn-id: svn://svn.freebsd.org/base/stable/10@321244 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- usr.sbin/cron/cron/do_command.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/usr.sbin/cron/cron/do_command.c b/usr.sbin/cron/cron/do_command.c index 7a8d48af2..4d7c1f439 100644 --- a/usr.sbin/cron/cron/do_command.c +++ b/usr.sbin/cron/cron/do_command.c @@ -484,14 +484,17 @@ child_process(e, u) auto char mailcmd[MAX_COMMAND]; auto char hostname[MAXHOSTNAMELEN]; - (void) gethostname(hostname, MAXHOSTNAMELEN); + if (gethostname(hostname, MAXHOSTNAMELEN) == -1) + hostname[0] = '\0'; + hostname[sizeof(hostname) - 1] = '\0'; (void) snprintf(mailcmd, sizeof(mailcmd), MAILARGS, MAILCMD); if (!(mail = cron_popen(mailcmd, "w", e))) { warn("%s", MAILCMD); (void) _exit(ERROR_EXIT); } - fprintf(mail, "From: %s (Cron Daemon)\n", usernm); + fprintf(mail, "From: Cron Daemon <%s@%s>\n", + usernm, hostname); fprintf(mail, "To: %s\n", mailto); fprintf(mail, "Subject: Cron <%s@%s> %s\n", usernm, first_word(hostname, "."), -- 2.42.0