value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
sendmail flags on the command line.
Also allow "from" to be set in mailrc.
Use sendmail's "-t" flag when executing sendmail instead of specifying
the list of recipients in argv. The "-f" flag will be used to set
the from address if specified.
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
with argv behind getopt()'s back we can just treat the remainder
of argv[] after option processing as the file name for -f. It is
not possible to use -f in sending mode so there is no ambiguity.
OK tobias@
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms
empty bodies. useful for sending mails from crontabs.
from rivo nurges <rix at estpak dot ee>, with missing 'skipempty'
documentation and usage update from me
ok millert@
o Style nits
o Use const to silent stupid -Wall warnings
o strnc{py,at} -> strlc{py,at}
o Use strpbrk() instead of homegrown anyof()
o Use NULL instead of #defines with 0 cast to a pointer
This still could use a proper audit
Instead, routines responsible to gathering user input (or in some
cases outputting data) catch the signals and set flags as needed.
Because of this some handlers are install without the SA_RESTART
flag so syscalls are not restarted and we can check the flag. All
signal handlers are now safe.
This should make the flow of control a bit more grokable but the
code is still ugly.
constant). These are not security holes but it is worth fixing
them anyway both for robustness and so folks looking for examples
in the tree are not misled into doing something potentially dangerous.
Furthermore, it is a bad idea to assume that pathnames will not
include '%' in them and that error routines don't return strings
with '%' in them (especially in light of the possibility of locales).
replace panic() with calls to err()/errx()
use S_IS* instead of doing by hand with S_IF*.
Use TIMESPEC_TO_TIMEVAL() and gettimeofday instead of time(2)
Use _POSIX_VDISABLE, not 0
Kill register
- handle long lines safely (from NetBSD)
- use puts/fputs and putchar/putc when it makes sense
- use err/errx and warn/warnx when it makes sense
- make return() and sizeof() style consisten
- some more buffer safety
