1  /*
2   * percent_x() takes a string and performs %<char> expansions. It aborts the
3   * program when the expansion would overflow the output buffer. The result
4   * of %<char> expansion may be passed on to a shell process. For this
5   * reason, characters with a special meaning to shells are replaced by
6   * underscores.
7   *
8   * Diagnostics are reported through syslog(3).
9   *
10   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
11   */
12 
13 /* System libraries. */
14 
15 #include <stdio.h>
16 #include <syslog.h>
17 #include <string.h>
18 #include <unistd.h>
19 
20 extern void exit();
21 
22 /* Local stuff. */
23 
24 #include "tcpd.h"
25 
26 /* percent_x - do %<char> expansion, abort if result buffer is too small */
27 
28 char   *percent_x(result, result_len, string, request)
29 char   *result;
30 int     result_len;
31 char   *string;
32 struct request_info *request;
33 {
34     char   *bp = result;
35     char   *end = result + result_len - 1;	/* end of result buffer */
36     char   *expansion;
37     int     expansion_len;
38     static char ok_chars[] = "1234567890!@%-_=+:,./\
39 abcdefghijklmnopqrstuvwxyz\
40 ABCDEFGHIJKLMNOPQRSTUVWXYZ";
41     char   *str = string;
42     char   *cp;
43     int     ch;
44 
45     /*
46      * Warning: we may be called from a child process or after pattern
47      * matching, so we cannot use clean_exit() or tcpd_jump().
48      */
49 
50     while (*str) {
51 	if (*str == '%' && (ch = str[1]) != 0) {
52 	    str += 2;
53 	    expansion =
54 		ch == 'a' ? eval_hostaddr(request->client) :
55 		ch == 'A' ? eval_hostaddr(request->server) :
56 		ch == 'c' ? eval_client(request) :
57 		ch == 'd' ? eval_daemon(request) :
58 		ch == 'h' ? eval_hostinfo(request->client) :
59 		ch == 'H' ? eval_hostinfo(request->server) :
60 		ch == 'n' ? eval_hostname(request->client) :
61 		ch == 'N' ? eval_hostname(request->server) :
62 		ch == 'p' ? eval_pid(request) :
63 		ch == 's' ? eval_server(request) :
64 		ch == 'u' ? eval_user(request) :
65 		ch == '%' ? "%" : (tcpd_warn("unrecognized %%%c", ch), "");
66 	    for (cp = expansion; *(cp += strspn(cp, ok_chars)); /* */ )
67 		*cp = '_';
68 	    expansion_len = cp - expansion;
69 	} else {
70 	    expansion = str++;
71 	    expansion_len = 1;
72 	}
73 	if (bp + expansion_len >= end) {
74 	    tcpd_warn("percent_x: expansion too long: %.30s...", result);
75 	    sleep(5);
76 	    exit(0);
77 	}
78 	memcpy(bp, expansion, expansion_len);
79 	bp += expansion_len;
80     }
81     *bp = 0;
82     return (result);
83 }
84