diff options
author | Artur Grabowski <art@cvs.openbsd.org> | 1997-12-09 07:57:43 +0000 |
---|---|---|
committer | Artur Grabowski <art@cvs.openbsd.org> | 1997-12-09 07:57:43 +0000 |
commit | eded21a00a253859f474c1bcca5d418a3c82948f (patch) | |
tree | 94e38e1e18679c1a1a5af56a04c549d26eb42255 | |
parent | 49ac4cb4369b59297c067ed22daacd240c981029 (diff) |
Removed one expliotable hole, one possibly exploitable hole, many buffer
overflows and lots of unchecked pointers. Tags are nice too.
71 files changed, 435 insertions, 129 deletions
diff --git a/kerberosIV/krb/base64.c b/kerberosIV/krb/base64.c index 4c67412fc64..2a7b9438253 100644 --- a/kerberosIV/krb/base64.c +++ b/kerberosIV/krb/base64.c @@ -1,3 +1,4 @@ +/* $OpenBSD: base64.c,v 1.2 1997/12/09 07:57:09 art Exp $ */ /* $KTH: base64.c,v 1.1 1997/08/27 22:41:56 joda Exp $ */ /* @@ -60,6 +61,9 @@ int base64_encode(const void *data, int size, char **str) unsigned char *q; p = s = (char*)malloc(size*4/3+4); + if (p == NULL || data == NULL || str == NULL) + return -1; + q = (unsigned char*)data; i=0; for(i = 0; i < size;){ diff --git a/kerberosIV/krb/check_time.c b/kerberosIV/krb/check_time.c index fb00538256d..ac5d9d8d0a0 100644 --- a/kerberosIV/krb/check_time.c +++ b/kerberosIV/krb/check_time.c @@ -1,3 +1,4 @@ +/* $OpenBSD: check_time.c,v 1.2 1997/12/09 07:57:10 art Exp $ */ /* $KTH: check_time.c,v 1.4 1997/04/01 08:18:18 joda Exp $ */ /* diff --git a/kerberosIV/krb/cr_err_reply.c b/kerberosIV/krb/cr_err_reply.c index e2890e9be0d..ea95e8e4121 100644 --- a/kerberosIV/krb/cr_err_reply.c +++ b/kerberosIV/krb/cr_err_reply.c @@ -1,3 +1,4 @@ +/* $OpenBSD: cr_err_reply.c,v 1.3 1997/12/09 07:57:10 art Exp $ */ /* $KTH: cr_err_reply.c,v 1.9 1997/04/01 08:18:19 joda Exp $ */ /* diff --git a/kerberosIV/krb/create_auth_reply.c b/kerberosIV/krb/create_auth_reply.c index 0c2fc35cb8d..0ad7fda733a 100644 --- a/kerberosIV/krb/create_auth_reply.c +++ b/kerberosIV/krb/create_auth_reply.c @@ -1,3 +1,4 @@ +/* $OpenBSD: create_auth_reply.c,v 1.3 1997/12/09 07:57:11 art Exp $ */ /* $KTH: create_auth_reply.c,v 1.11 1997/04/01 08:18:20 joda Exp $ */ /* diff --git a/kerberosIV/krb/create_ciph.c b/kerberosIV/krb/create_ciph.c index ab5a41f8232..65d9bbc0be4 100644 --- a/kerberosIV/krb/create_ciph.c +++ b/kerberosIV/krb/create_ciph.c @@ -1,3 +1,4 @@ +/* $OpenBSD: create_ciph.c,v 1.3 1997/12/09 07:57:11 art Exp $ */ /* $KTH: create_ciph.c,v 1.9 1997/04/01 08:18:20 joda Exp $ */ diff --git a/kerberosIV/krb/create_death_packet.c b/kerberosIV/krb/create_death_packet.c index c6fd5ecc60c..fb1c54488d7 100644 --- a/kerberosIV/krb/create_death_packet.c +++ b/kerberosIV/krb/create_death_packet.c @@ -1,3 +1,4 @@ +/* $OpenBSD: create_death_packet.c,v 1.3 1997/12/09 07:57:11 art Exp $ */ /* $KTH: create_death_packet.c,v 1.8 1997/04/01 08:18:21 joda Exp $ */ /* diff --git a/kerberosIV/krb/create_ticket.c b/kerberosIV/krb/create_ticket.c index 7f355b52589..8c74a2a654a 100644 --- a/kerberosIV/krb/create_ticket.c +++ b/kerberosIV/krb/create_ticket.c @@ -1,3 +1,4 @@ +/* $OpenBSD: create_ticket.c,v 1.3 1997/12/09 07:57:12 art Exp $ */ /* $KTH: create_ticket.c,v 1.12 1997/04/01 08:18:21 joda Exp $ */ /* diff --git a/kerberosIV/krb/debug_decl.c b/kerberosIV/krb/debug_decl.c index b96afa63baf..22c38023f52 100644 --- a/kerberosIV/krb/debug_decl.c +++ b/kerberosIV/krb/debug_decl.c @@ -1,3 +1,4 @@ +/* $OpenBSD: debug_decl.c,v 1.3 1997/12/09 07:57:12 art Exp $ */ /* $KTH: debug_decl.c,v 1.7 1997/10/28 15:44:00 bg Exp $ */ /* diff --git a/kerberosIV/krb/decomp_ticket.c b/kerberosIV/krb/decomp_ticket.c index d1c3b7a8e18..f9c3205ab52 100644 --- a/kerberosIV/krb/decomp_ticket.c +++ b/kerberosIV/krb/decomp_ticket.c @@ -1,3 +1,4 @@ +/* $OpenBSD: decomp_ticket.c,v 1.4 1997/12/09 07:57:13 art Exp $ */ /* $KTH: decomp_ticket.c,v 1.16 1997/04/01 08:18:22 joda Exp $ */ /* diff --git a/kerberosIV/krb/dest_tkt.c b/kerberosIV/krb/dest_tkt.c index 18f2f9a84a4..b530cd01bcb 100644 --- a/kerberosIV/krb/dest_tkt.c +++ b/kerberosIV/krb/dest_tkt.c @@ -1,3 +1,4 @@ +/* $OpenBSD: dest_tkt.c,v 1.3 1997/12/09 07:57:13 art Exp $ */ /* $KTH: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $ */ /* diff --git a/kerberosIV/krb/encrypt_ktext.c b/kerberosIV/krb/encrypt_ktext.c index 89b78ec455f..95d1348b0fc 100644 --- a/kerberosIV/krb/encrypt_ktext.c +++ b/kerberosIV/krb/encrypt_ktext.c @@ -1,3 +1,4 @@ +/* $OpenBSD: encrypt_ktext.c,v 1.2 1997/12/09 07:57:14 art Exp $ */ /* $KTH: encrypt_ktext.c,v 1.4 1997/04/01 08:18:26 joda Exp $ */ /* diff --git a/kerberosIV/krb/et_list.c b/kerberosIV/krb/et_list.c index 380c1b5d48a..68fe5ca0a77 100644 --- a/kerberosIV/krb/et_list.c +++ b/kerberosIV/krb/et_list.c @@ -1,3 +1,4 @@ +/* $OpenBSD: et_list.c,v 1.2 1997/12/09 07:57:14 art Exp $ */ /* $KTH: et_list.c,v 1.12 1997/05/13 09:45:01 bg Exp $ */ /* diff --git a/kerberosIV/krb/get_ad_tkt.c b/kerberosIV/krb/get_ad_tkt.c index 98c9349daf2..54f8fc36cf3 100644 --- a/kerberosIV/krb/get_ad_tkt.c +++ b/kerberosIV/krb/get_ad_tkt.c @@ -1,3 +1,4 @@ +/* $OpenBSD: get_ad_tkt.c,v 1.3 1997/12/09 07:57:15 art Exp $ */ /* $KTH: get_ad_tkt.c,v 1.16 1997/05/30 17:43:34 bg Exp $ */ /* diff --git a/kerberosIV/krb/get_cred.c b/kerberosIV/krb/get_cred.c index 03d38bf4fce..b9679519a86 100644 --- a/kerberosIV/krb/get_cred.c +++ b/kerberosIV/krb/get_cred.c @@ -1,3 +1,4 @@ +/* $OpenBSD: get_cred.c,v 1.3 1997/12/09 07:57:15 art Exp $ */ /* $KTH: get_cred.c,v 1.6 1997/05/30 17:38:29 bg Exp $ */ /* @@ -41,7 +42,7 @@ krb_get_cred(char *service, /* Service name */ int tf_status; /* return value of tf function calls */ CREDENTIALS cr; - if (c == 0) + if (c == NULL) c = &cr; /* Open ticket file and lock it for shared reading */ diff --git a/kerberosIV/krb/get_default_principal.c b/kerberosIV/krb/get_default_principal.c index 01054df3167..a2569e306c2 100644 --- a/kerberosIV/krb/get_default_principal.c +++ b/kerberosIV/krb/get_default_principal.c @@ -1,3 +1,4 @@ +/* $OpenBSD: get_default_principal.c,v 1.2 1997/12/09 07:57:16 art Exp $ */ /* $KTH: get_default_principal.c,v 1.10 1997/04/01 08:18:28 joda Exp $ */ /* @@ -66,8 +67,9 @@ krb_get_default_principal(char *name, char *instance, char *realm) return -1; } - strcpy(name, pw->pw_name); - strcpy(instance, ""); + strncpy(name, pw->pw_name, ANAME_SZ); + name[ANAME_SZ-1] = '\0'; + strncpy(instance, "", 2); krb_get_lrealm(realm, 1); if(strcmp(name, "root") == 0){ @@ -80,7 +82,7 @@ krb_get_default_principal(char *name, char *instance, char *realm) if(p){ strncpy (name, p, ANAME_SZ); name[ANAME_SZ - 1] = '\0'; - strcpy(instance, "root"); + strncpy(instance, "root", 5); } } return 1; diff --git a/kerberosIV/krb/get_host.c b/kerberosIV/krb/get_host.c index 8e62ceedf3e..519795019b6 100644 --- a/kerberosIV/krb/get_host.c +++ b/kerberosIV/krb/get_host.c @@ -1,3 +1,4 @@ +/* $OpenBSD: get_host.c,v 1.2 1997/12/09 07:57:16 art Exp $ */ /* $KTH: get_host.c,v 1.31 1997/09/26 17:42:37 joda Exp $ */ /* @@ -52,13 +53,20 @@ free_hosts(struct host_list *h) { struct host_list *t; while(h){ - if(h->this->realm) + if(h->this->realm != NULL) + { free(h->this->realm); - if(h->this->host) + h->this->realm = NULL; + } + if(h->this->host != NULL) + { free(h->this->host); + h->this->host = NULL; + } t = h; h = h->next; free(t); + t=NULL; } } @@ -67,6 +75,10 @@ parse_address(char *address, enum krb_host_proto *proto, char **host, int *port) { char *p, *q; int default_port = krb_port; + + if (proto == NULL || address == NULL || port == NULL || host == NULL) + return -1; + *proto = PROTO_UDP; if(strncmp(address, "http://", 7) == 0){ p = address + 7; @@ -77,9 +89,9 @@ parse_address(char *address, enum krb_host_proto *proto, char **host, int *port) if(p){ char prot[32]; struct protoent *pp; - strncpy(prot, address, p - address); - prot[p - address] = 0; - if((pp = getprotobyname(prot))){ + strncpy(prot, address, MIN(p - address, 32)); + prot[ MIN(p - address, 32) ] = '\0'; + if((pp = getprotobyname(prot)) != NULL ){ switch(pp->p_proto){ case IPPROTO_UDP: *proto = PROTO_UDP; @@ -99,10 +111,12 @@ parse_address(char *address, enum krb_host_proto *proto, char **host, int *port) p = address; } q = strchr(p, ':'); - if(q){ + if(q != NULL){ *host = (char*)malloc(q - p + 1); + if (*host == NULL) + return -1; strncpy(*host, p, q - p); - (*host)[q - p] = 0; + (*host)[q - p] = '\0'; q++; { struct servent *sp = getservbyname(q, NULL); @@ -128,10 +142,15 @@ add_host(char *realm, char *address, int admin, int validate) struct krb_host *host; struct host_list *p, **last = &hosts; host = (struct krb_host*)malloc(sizeof(struct krb_host)); - parse_address(address, &host->proto, &host->host, &host->port); + if (host == NULL) + return 1; + if (parse_address(address, &host->proto, &host->host, &host->port)) + return 1; if(validate && gethostbyname(host->host) == NULL){ free(host->host); + host->host = NULL; free(host); + host = NULL; return 1; } host->admin = admin; @@ -141,13 +160,31 @@ add_host(char *realm, char *address, int admin, int validate) host->proto == p->this->proto && host->port == p->this->port){ free(host->host); + host->host = NULL; free(host); + host = NULL; return 1; } last = &p->next; } host->realm = strdup(realm); + if (host->realm == NULL){ + free(host->host); + host->host = NULL; + free(host); + host = NULL; + return 1; + } p = (struct host_list*)malloc(sizeof(struct host_list)); + if (p == NULL){ + free(host->realm); + host->realm==NULL; + free(host->host); + host->host = NULL; + free(host); + host = NULL; + return 1; + } p->this = host; p->next = NULL; *last = p; @@ -155,7 +192,6 @@ add_host(char *realm, char *address, int admin, int validate) } - static int read_file(const char *filename, const char *r) { @@ -165,12 +201,16 @@ read_file(const char *filename, const char *r) char scratch[1024]; int n; int nhosts = 0; + FILE *f; + + if (filename == NULL) + return -1; - FILE *f = fopen(filename, "r"); + f = fopen(filename, "r"); if(f == NULL) return -1; while(fgets(line, sizeof(line), f)){ - n = sscanf(line, "%s %s admin %s", realm, address, scratch); + n = sscanf(line, "%1024s %1024s admin %1024s", realm, address, scratch); if(n == 2 || n == 3){ if(strcmp(realm, r)) continue; @@ -190,7 +230,7 @@ init_hosts(char *realm) char *dir = getenv("KRBCONFDIR"); krb_port = ntohs(k_getportbyname (KRB_SERVICE, NULL, htons(KRB_PORT))); - if(dir){ + if(dir && getuid() != geteuid()){ char file[MAXPATHLEN]; if(k_concat(file, sizeof(file), dir, "/krb.conf", NULL) == 0) read_file(file, realm); @@ -206,6 +246,9 @@ srv_find_realm(char *realm, char *proto, char *service) char *domain; struct dns_reply *r; struct resource_record *rr; + + if (proto == NULL || realm == NULL || service == NULL) + return; k_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL); @@ -217,6 +260,7 @@ srv_find_realm(char *realm, char *proto, char *service) r = dns_lookup(domain, "txt"); if(r == NULL){ free(domain); + domain = NULL; return; } for(rr = r->head; rr; rr = rr->next){ @@ -235,6 +279,7 @@ srv_find_realm(char *realm, char *proto, char *service) } dns_free_data(r); free(domain); + domain = NULL; } struct krb_host* @@ -246,7 +291,7 @@ krb_get_host(int nth, char *realm, int admin) /* quick optimization */ if(realm && realm[0]){ strncpy(orealm, realm, sizeof(orealm) - 1); - orealm[sizeof(orealm) - 1] = 0; + orealm[sizeof(orealm) - 1] = '\0'; }else{ int ret = krb_get_lrealm(orealm, 1); if(ret != KSUCCESS) @@ -268,7 +313,7 @@ krb_get_host(int nth, char *realm, int admin) servers */ char host[REALM_SZ + sizeof("kerberos-XXXXX..")]; int i = 0; - sprintf(host, "kerberos.%s.", orealm); + snprintf(host, sizeof(host), "kerberos.%s.", orealm); add_host(orealm, host, 1, 1); do{ i++; @@ -294,7 +339,8 @@ krb_get_krbhst(char *host, char *realm, int nth) struct krb_host *p = krb_get_host(nth, realm, 0); if(p == NULL) return KFAILURE; - strcpy(host, p->host); + strncpy(host, p->host, MAXHOSTNAMELEN); + host[MAXHOSTNAMELEN-1] = '\0'; return KSUCCESS; } @@ -304,6 +350,7 @@ krb_get_admhst(char *host, char *realm, int nth) struct krb_host *p = krb_get_host(nth, realm, 1); if(p == NULL) return KFAILURE; - strcpy(host, p->host); + strncpy(host, p->host, MAXHOSTNAMELEN); + host[MAXHOSTNAMELEN-1] = '\0'; return KSUCCESS; } diff --git a/kerberosIV/krb/get_in_tkt.c b/kerberosIV/krb/get_in_tkt.c index 393f25b8ab5..716cf573917 100644 --- a/kerberosIV/krb/get_in_tkt.c +++ b/kerberosIV/krb/get_in_tkt.c @@ -1,3 +1,4 @@ +/* $OpenBSD: get_in_tkt.c,v 1.6 1997/12/09 07:57:16 art Exp $ */ /* $KTH: get_in_tkt.c,v 1.19 1997/10/03 21:51:42 joda Exp $ */ /* @@ -56,6 +57,7 @@ passwd_to_5key(char *user, char *instance, char *realm, void *passwd, des_string_to_key(p, key); memset(p, 0, len); free(p); + p = NULL; return 0; } @@ -95,7 +97,7 @@ krb_get_pw_in_tkt(char *user, char *instance, char *realm, char *service, int code; /* Only request password once! */ - if (!password) { + if (password == NULL) { if (des_read_pw_string(pword, sizeof(pword)-1, "Password: ", 0)){ memset(pword, 0, sizeof(pword)); return INTK_BADPW; diff --git a/kerberosIV/krb/get_krbrlm.c b/kerberosIV/krb/get_krbrlm.c index d771fa878eb..11de4231b19 100644 --- a/kerberosIV/krb/get_krbrlm.c +++ b/kerberosIV/krb/get_krbrlm.c @@ -1,3 +1,4 @@ +/* $OpenBSD: get_krbrlm.c,v 1.9 1997/12/09 07:57:17 art Exp $ */ /* $KTH: get_krbrlm.c,v 1.16 1997/05/02 01:26:22 assar Exp $ */ /* @@ -50,7 +51,8 @@ krb_get_lrealm_f(char *r, int n, const char *fname) char *p = buf + strspn(buf, " \t"); p[strcspn(p, " \t\r\n")] = 0; p[REALM_SZ - 1] = 0; - strcpy(r, p); + strncpy(r, p, REALM_SZ); + r[REALM_SZ-1] = '\0'; if (*p != '#') ret = KSUCCESS; } @@ -71,7 +73,7 @@ krb_get_lrealm(char *r, int n) return(KFAILURE); /* Temporary restriction */ /* First try user specified file */ - if (dir != 0) { + if (dir != 0 && getuid() != geteuid()) { char fname[MAXPATHLEN]; if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) if (krb_get_lrealm_f(r, n, fname) == KSUCCESS) @@ -92,7 +94,8 @@ krb_get_lrealm(char *r, int n) k_gethostname(hostname, sizeof(hostname)); t = krb_realmofhost(hostname); if (t) { - strcpy (r, t); + strncpy (r, t, REALM_SZ); + r[REALM_SZ-1] = '\0'; return KSUCCESS; } t = strchr(hostname, '.'); @@ -114,7 +117,9 @@ char * krb_get_default_realm(void) { static char local_realm[REALM_SZ]; /* local kerberos realm */ - if (krb_get_lrealm(local_realm, 1) != KSUCCESS) - strcpy(local_realm, "NO.DEFAULT.REALM"); + if (krb_get_lrealm(local_realm, 1) != KSUCCESS){ + strncpy(local_realm, "NO.DEFAULT.REALM", REALM_SZ); + local_realm[REALM_SZ-1] = '\0'; + } return local_realm; } diff --git a/kerberosIV/krb/get_svc_in_tkt.c b/kerberosIV/krb/get_svc_in_tkt.c index 13171952f42..1f6e73e04fb 100644 --- a/kerberosIV/krb/get_svc_in_tkt.c +++ b/kerberosIV/krb/get_svc_in_tkt.c @@ -1,3 +1,4 @@ +/* $OpenBSD: get_svc_in_tkt.c,v 1.3 1997/12/09 07:57:17 art Exp $ */ /* $KTH: get_svc_in_tkt.c,v 1.8 1997/03/23 03:53:09 joda Exp $ */ /* diff --git a/kerberosIV/krb/get_tf_fullname.c b/kerberosIV/krb/get_tf_fullname.c index 893f49506c8..0ed02a501ec 100644 --- a/kerberosIV/krb/get_tf_fullname.c +++ b/kerberosIV/krb/get_tf_fullname.c @@ -1,3 +1,4 @@ +/* $OpenBSD: get_tf_fullname.c,v 1.4 1997/12/09 07:57:18 art Exp $ */ /* $KTH: get_tf_fullname.c,v 1.6 1997/03/23 03:53:10 joda Exp $ */ /* @@ -50,13 +51,19 @@ krb_get_tf_fullname(char *ticket_file, char *name, char *instance, char *realm) ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS)) return (tf_status); - if (name) - strcpy(name, c.pname); - if (instance) - strcpy(instance, c.pinst); + if (name != NULL){ + strncpy(name, c.pname, ANAME_SZ); + name[ANAME_SZ-1] = '\0'; + } + if (instance != NULL){ + strncpy(instance, c.pinst, INST_SZ); + instance[INST_SZ-1] = '\0'; + } if ((tf_status = tf_get_cred(&c)) == KSUCCESS) { - if (realm) - strcpy(realm, c.realm); + if (realm != NULL){ + strncpy(realm, c.realm, REALM_SZ); + realm[REALM_SZ-1] = '\0'; + } } else { if (tf_status == EOF) diff --git a/kerberosIV/krb/get_tf_realm.c b/kerberosIV/krb/get_tf_realm.c index fb02f775085..f4b1e71c428 100644 --- a/kerberosIV/krb/get_tf_realm.c +++ b/kerberosIV/krb/get_tf_realm.c @@ -1,3 +1,4 @@ +/* $OpenBSD: get_tf_realm.c,v 1.3 1997/12/09 07:57:18 art Exp $ */ /* $KTH: get_tf_realm.c,v 1.5 1997/03/23 03:53:10 joda Exp $ */ /* diff --git a/kerberosIV/krb/getaddrs.c b/kerberosIV/krb/getaddrs.c index d58e2f67af5..1e7d7d2e672 100644 --- a/kerberosIV/krb/getaddrs.c +++ b/kerberosIV/krb/getaddrs.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getaddrs.c,v 1.3 1997/12/09 07:57:18 art Exp $ */ /* $KTH: getaddrs.c,v 1.20 1997/11/09 06:13:32 assar Exp $ */ /* @@ -65,20 +66,25 @@ k_get_all_addrs (struct in_addr **l) struct ifconf ifconf; int num, j; char *p; + + if (l == NULL) + return -1; fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) - return -1; + return -1; ifconf.ifc_len = sizeof(buf); ifconf.ifc_buf = buf; - if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0) - return -1; + if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0){ + close (fd); + return -1; + } num = ifconf.ifc_len / sizeof(struct ifreq); *l = malloc(num * sizeof(struct in_addr)); if(*l == NULL) { - close (fd); - return -1; + close (fd); + return -1; } j = 0; @@ -92,12 +98,14 @@ k_get_all_addrs (struct in_addr **l) if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0) { close (fd); free (*l); + *l = NULL; return -1; } if (ifr->ifr_flags & IFF_UP) { if(ioctl(fd, SIOCGIFADDR, ifr) < 0) { close (fd); free (*l); + *l = NULL; return -1; } (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr; @@ -107,7 +115,12 @@ k_get_all_addrs (struct in_addr **l) p = p + sz; } if (j != num) - *l = realloc (*l, j * sizeof(struct in_addr)); + if ((*l = realloc (*l, j * sizeof(struct in_addr))) == NULL) + { + close(fd); + return -1; + } + close (fd); return j; } diff --git a/kerberosIV/krb/getrealm.c b/kerberosIV/krb/getrealm.c index 91878e8817a..b4c8b6fbcbf 100644 --- a/kerberosIV/krb/getrealm.c +++ b/kerberosIV/krb/getrealm.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getrealm.c,v 1.7 1997/12/09 07:57:19 art Exp $ */ /* $KTH: getrealm.c,v 1.26 1997/10/08 22:51:13 joda Exp $ */ /* @@ -100,7 +101,7 @@ open_krb_realms(void) const char *dir = getenv("KRBCONFDIR"); /* First try user specified file */ - if (dir != 0) { + if (dir != 0 && getuid() != geteuid()) { char fname[MAXPATHLEN]; if(k_concat(fname, sizeof(fname), dir, "/krb.realms", NULL) == 0) @@ -116,41 +117,44 @@ open_krb_realms(void) } static int -file_find_realm(const char *phost, const char *domain, char *ret_realm) +file_find_realm(const char *phost, const char *domain, + char *ret_realm, size_t ret_realm_sz) { FILE *trans_file; char buf[1024]; - char trans_host[MAXHOSTNAMELEN]; - char trans_realm[REALM_SZ]; int ret = -1; if ((trans_file = open_krb_realms()) == NULL) return -1; - while (fgets(buf, sizeof(buf), trans_file)) { + while (fgets(buf, sizeof(buf), trans_file) != NULL) { char *save = NULL; - char *tok = strtok_r(buf, " \t\r\n", &save); - if(tok == NULL) - continue; - strncpy(trans_host, tok, MAXHOSTNAMELEN); - trans_host[MAXHOSTNAMELEN - 1] = 0; + char *tok; + char *tmp_host; + char *tmp_realm; + + tok = strtok_r(buf, " \t\r\n", &save); + if(tok == NULL) + continue; + tmp_host = tok; tok = strtok_r(NULL, " \t\r\n", &save); if(tok == NULL) continue; - strcpy(trans_realm, tok); - trans_realm[REALM_SZ - 1] = 0; - if (!strcasecmp(trans_host, phost)) { + tmp_realm = tok; + if (strcasecmp(tmp_host, phost) == 0) { /* exact match of hostname, so return the realm */ - strcpy(ret_realm, trans_realm); + strncpy(ret_realm, tmp_realm, ret_realm_sz); + ret_realm[ret_realm_sz - 1] = '\0'; ret = 0; break; } - if ((trans_host[0] == '.') && domain) { + if ((tmp_host[0] == '.') && domain) { const char *cp = domain; do { - if(strcasecmp(trans_host, domain) == 0){ + if(strcasecmp(tmp_host, domain) == 0){ /* domain match, save for later */ - strcpy(ret_realm, trans_realm); + strncpy(ret_realm, tmp_realm, ret_realm_sz); + ret_realm[ret_realm_sz - 1] = '\0'; ret = 0; break; } @@ -173,7 +177,7 @@ krb_realmofhost(const char *host) domain = strchr(phost, '.'); - if(file_find_realm(phost, domain, ret_realm) == 0) + if(file_find_realm(phost, domain, ret_realm, sizeof(ret_realm)) == 0) return ret_realm; if(dns_find_realm(phost, ret_realm) >= 0) diff --git a/kerberosIV/krb/getst.c b/kerberosIV/krb/getst.c index a7c5a031b19..ff7af988cfe 100644 --- a/kerberosIV/krb/getst.c +++ b/kerberosIV/krb/getst.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getst.c,v 1.3 1997/12/09 07:57:19 art Exp $ */ /* $KTH: getst.c,v 1.6 1997/03/23 03:53:11 joda Exp $ */ /* diff --git a/kerberosIV/krb/k_concat.c b/kerberosIV/krb/k_concat.c index 354c8ddcb49..341bc19d71d 100644 --- a/kerberosIV/krb/k_concat.c +++ b/kerberosIV/krb/k_concat.c @@ -1,3 +1,4 @@ +/* $OpenBSD: k_concat.c,v 1.2 1997/12/09 07:57:20 art Exp $ */ /* $KTH: k_concat.c,v 1.5 1997/05/02 08:56:39 joda Exp $ */ /* @@ -87,11 +88,13 @@ k_vmconcat (char **s, size_t max_len, va_list args) if(max_len && len + n > max_len){ free(p); + p = NULL; return 0; } q = realloc(p, len + n); if(q == NULL){ free(p); + p = NULL; return 0; } p = q; @@ -113,4 +116,3 @@ k_mconcat (char **s, size_t max_len, ...) va_end(args); return ret; } - diff --git a/kerberosIV/krb/k_flock.c b/kerberosIV/krb/k_flock.c index 6891dbc3845..790c2dbcaa6 100644 --- a/kerberosIV/krb/k_flock.c +++ b/kerberosIV/krb/k_flock.c @@ -1,3 +1,4 @@ +/* $OpenBSD: k_flock.c,v 1.2 1997/12/09 07:57:20 art Exp $ */ /* $KTH: k_flock.c,v 1.8 1997/04/01 08:18:30 joda Exp $ */ /* diff --git a/kerberosIV/krb/k_gethostname.c b/kerberosIV/krb/k_gethostname.c index 78e64acdd22..f95f59bfbb4 100644 --- a/kerberosIV/krb/k_gethostname.c +++ b/kerberosIV/krb/k_gethostname.c @@ -1,3 +1,4 @@ +/* $OpenBSD: k_gethostname.c,v 1.2 1997/12/09 07:57:21 art Exp $ */ /* $KTH: k_gethostname.c,v 1.10 1997/03/23 03:53:12 joda Exp $ */ /* @@ -36,5 +37,4 @@ int k_gethostname(char *name, int namelen) { return gethostname(name, namelen); - } diff --git a/kerberosIV/krb/k_getport.c b/kerberosIV/krb/k_getport.c index be4c2f534f1..a1f691f2155 100644 --- a/kerberosIV/krb/k_getport.c +++ b/kerberosIV/krb/k_getport.c @@ -1,3 +1,4 @@ +/* $OpenBSD: k_getport.c,v 1.2 1997/12/09 07:57:21 art Exp $ */ /* $KTH: k_getport.c,v 1.10 1997/04/01 08:18:30 joda Exp $ */ /* diff --git a/kerberosIV/krb/k_getsockinst.c b/kerberosIV/krb/k_getsockinst.c index 89468812dec..f36c3264b3e 100644 --- a/kerberosIV/krb/k_getsockinst.c +++ b/kerberosIV/krb/k_getsockinst.c @@ -1,3 +1,4 @@ +/* $OpenBSD: k_getsockinst.c,v 1.2 1997/12/09 07:57:22 art Exp $ */ /* $KTH: k_getsockinst.c,v 1.10 1997/05/02 14:29:17 assar Exp $ */ /* @@ -52,6 +53,9 @@ k_getsockinst(int fd, char *inst, size_t inst_size) int len = sizeof(addr); struct hostent *hnam; + if (inst == NULL) + return -1; + if (getsockname(fd, (struct sockaddr *)&addr, &len) < 0) goto fail; diff --git a/kerberosIV/krb/k_localtime.c b/kerberosIV/krb/k_localtime.c index 09fb165c158..36f26df2b2a 100644 --- a/kerberosIV/krb/k_localtime.c +++ b/kerberosIV/krb/k_localtime.c @@ -1,3 +1,4 @@ +/* $OpenBSD: k_localtime.c,v 1.3 1997/12/09 07:57:22 art Exp $ */ /* $KTH: k_localtime.c,v 1.7 1997/04/01 08:18:31 joda Exp $ */ /* diff --git a/kerberosIV/krb/kdc_reply.c b/kerberosIV/krb/kdc_reply.c index 3561955847f..9e2805e4892 100644 --- a/kerberosIV/krb/kdc_reply.c +++ b/kerberosIV/krb/kdc_reply.c @@ -1,3 +1,4 @@ +/* $OpenBSD: kdc_reply.c,v 1.2 1997/12/09 07:57:22 art Exp $ */ /* $KTH: kdc_reply.c,v 1.9 1997/04/15 21:52:14 assar Exp $ */ /* @@ -46,6 +47,9 @@ int kdc_reply_cred(KTEXT cip, CREDENTIALS *cred) { unsigned char *p = cip->dat; + + if (cred == NULL || p == NULL) + return KFAILURE; memcpy(cred->session, p, 8); p += 8; diff --git a/kerberosIV/krb/kntoln.c b/kerberosIV/krb/kntoln.c index 8d63ac7f1d9..f7f28c98181 100644 --- a/kerberosIV/krb/kntoln.c +++ b/kerberosIV/krb/kntoln.c @@ -1,3 +1,4 @@ +/* $OpenBSD: kntoln.c,v 1.3 1997/12/09 07:57:23 art Exp $ */ /* $KTH: kntoln.c,v 1.7 1997/03/23 03:53:12 joda Exp $ */ /* @@ -54,6 +55,9 @@ krb_kntoln(AUTH_DAT *ad, char *lname) { static char lrealm[REALM_SZ] = ""; + if (ad == NULL || lname == NULL) + return KFAILURE; + if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) return(KFAILURE); @@ -61,7 +65,8 @@ krb_kntoln(AUTH_DAT *ad, char *lname) return(KFAILURE); if (strcmp(ad->prealm, lrealm)) return(KFAILURE); - strcpy(lname, ad->pname); + strncpy(lname, ad->pname, ANAME_SZ); + lname[ANAME_SZ-1] = '\0'; return(KSUCCESS); } @@ -91,9 +96,9 @@ extern int errno; static char lrealm[REALM_SZ] = ""; -an_to_ln(ad,lname) -AUTH_DAT *ad; -char *lname; +int +an_to_ln(AUTH_DAT *ad, + char *lname) { static DBM *aname = NULL; char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2]; @@ -125,17 +130,22 @@ strcmp(ad->prealm,lrealm)) { return(KFAILURE); } /* Got it! */ - strcpy(lname,val.dptr); + strncpy(lname, val.dptr, ANAME_SZ); + lname[ANAME_SZ-1] = '\0'; return(KSUCCESS); - } else strcpy(lname,ad->pname); + } else{ + strncpy(lname, ad->pname, ANAME_SZ); + lname[ANAME_SZ-1] = '\0'; + } return(KSUCCESS); } -an_to_a(ad, str) - AUTH_DAT *ad; - char *str; +int +an_to_a(AUTH_DAT *ad, + char *str) { - strcpy(str, ad->pname); + strncpy(str, ad->pname, ANAME_SZ); + str[ANAME_SZ-1] = '\0'; if(*ad->pinst) { strcat(str, "."); strcat(str, ad->pinst); @@ -148,20 +158,23 @@ an_to_a(ad, str) * Parse a string of the form "user[.instance][@realm]" * into a struct AUTH_DAT. */ - -a_to_an(str, ad) - AUTH_DAT *ad; - char *str; +int +a_to_an(cahr *str, AUTH_DAT *ad) { char *buf = (char *)malloc(strlen(str)+1); char *rlm, *inst, *princ; + if (buf == NULL) + return KFAILURE; + if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) { free(buf); + buf = NULL; return(KFAILURE); } /* destructive string hacking is more fun.. */ - strcpy(buf, str); + strncpy(buf, str, strlen(str)+1); + buf[strlen(str)] = '\0'; if (rlm = index(buf, '@')) { *rlm++ = '\0'; @@ -175,6 +188,7 @@ a_to_an(str, ad) if (rlm) strcpy(ad->prealm, rlm); else strcpy(ad->prealm, lrealm); free(buf); + buf = NULL; return(KSUCCESS); } #endif diff --git a/kerberosIV/krb/krb_check_auth.c b/kerberosIV/krb/krb_check_auth.c index ddb52d6a9f0..47b8e546ef2 100644 --- a/kerberosIV/krb/krb_check_auth.c +++ b/kerberosIV/krb/krb_check_auth.c @@ -1,3 +1,4 @@ +/* $OpenBSD: krb_check_auth.c,v 1.2 1997/12/09 07:57:23 art Exp $ */ /* $KTH: krb_check_auth.c,v 1.4 1997/04/01 08:18:33 joda Exp $ */ /* diff --git a/kerberosIV/krb/krb_equiv.c b/kerberosIV/krb/krb_equiv.c index 8dcc7184853..ccc3972a109 100644 --- a/kerberosIV/krb/krb_equiv.c +++ b/kerberosIV/krb/krb_equiv.c @@ -1,3 +1,4 @@ +/* $OpenBSD: krb_equiv.c,v 1.4 1997/12/09 07:57:24 art Exp $ */ /* $KTH: krb_equiv.c,v 1.13 1997/04/01 08:18:33 joda Exp $ */ /* diff --git a/kerberosIV/krb/krb_err_txt.c b/kerberosIV/krb/krb_err_txt.c index 18eb61bba8c..01fbb0afc9c 100644 --- a/kerberosIV/krb/krb_err_txt.c +++ b/kerberosIV/krb/krb_err_txt.c @@ -1,3 +1,4 @@ +/* $OpenBSD: krb_err_txt.c,v 1.3 1997/12/09 07:57:24 art Exp $ */ /* $KTH: krb_err_txt.c,v 1.12 1997/04/02 05:37:10 joda Exp $ */ /* diff --git a/kerberosIV/krb/krb_get_in_tkt.c b/kerberosIV/krb/krb_get_in_tkt.c index 4910e1fe052..b959d224438 100644 --- a/kerberosIV/krb/krb_get_in_tkt.c +++ b/kerberosIV/krb/krb_get_in_tkt.c @@ -1,3 +1,4 @@ +/* $OpenBSD: krb_get_in_tkt.c,v 1.3 1997/12/09 07:57:25 art Exp $ */ /* $KTH: krb_get_in_tkt.c,v 1.22 1997/08/23 15:49:11 joda Exp $ */ /* diff --git a/kerberosIV/krb/kuserok.c b/kerberosIV/krb/kuserok.c index 6908354e5fe..45e6ce0028b 100644 --- a/kerberosIV/krb/kuserok.c +++ b/kerberosIV/krb/kuserok.c @@ -1,3 +1,4 @@ +/* $OpenBSD: kuserok.c,v 1.4 1997/12/09 07:57:26 art Exp $ */ /* $KTH: kuserok.c,v 1.21 1997/04/01 08:18:35 joda Exp $ */ /* @@ -89,19 +90,26 @@ krb_kuserok(char *name, char *instance, char *realm, char *luser) char file[MAXPATHLEN]; struct stat st; + if (luser == NULL) + return NOTOK; + pwd = getpwnam(luser); if(pwd == NULL) return NOTOK; + if(krb_get_lrealm(lrealm, 1)) return NOTOK; + if(pwd->pw_uid != 0 && strcmp(name, luser) == 0 && strcmp(instance, "") == 0 && strcmp(realm, lrealm) == 0) return OK; - strcpy(file, pwd->pw_dir); - strcat(file, "/.klogin"); - + strncpy(file, pwd->pw_dir, MAXPATHLEN); + file[MAXPATHLEN-1] = '\0'; + strncat(file, "/.klogin", MAXPATHLEN); + file[MAXPATHLEN-1] = '\0'; + f = fopen(file, "r"); if(f == NULL) return NOTOK; @@ -136,7 +144,10 @@ krb_kuserok(char *name, char *instance, char *realm, char *luser) if(strcmp(instance, finst)) continue; if(frealm[0] == 0) - strcpy(frealm, lrealm); + { + strncpy(frealm, lrealm, REALM_SZ); + frealm[REALM_SZ-1] = '\0'; + } if(strcmp(realm, frealm)) continue; fclose(f); diff --git a/kerberosIV/krb/lifetime.c b/kerberosIV/krb/lifetime.c index 1795bade304..3a02f1a4a01 100644 --- a/kerberosIV/krb/lifetime.c +++ b/kerberosIV/krb/lifetime.c @@ -1,3 +1,4 @@ +/* $OpenBSD: lifetime.c,v 1.4 1997/12/09 07:57:26 art Exp $ */ /* $KTH: lifetime.c,v 1.9 1997/05/02 14:29:18 assar Exp $ */ /* @@ -177,6 +178,9 @@ krb_atime_to_life(char *atime) int colon = 0, plus = 0; int n = 0; + if (atime == NULL) + return 0; + if (strcasecmp(atime, "forever") == 0) return(TKTLIFENOEXPIRE); diff --git a/kerberosIV/krb/logging.c b/kerberosIV/krb/logging.c index 46c7ba2c998..68ad7074d8d 100644 --- a/kerberosIV/krb/logging.c +++ b/kerberosIV/krb/logging.c @@ -1,3 +1,4 @@ +/* $OpenBSD: logging.c,v 1.2 1997/12/09 07:57:27 art Exp $ */ /* $KTH: logging.c,v 1.14 1997/05/11 09:01:40 assar Exp $ */ /* @@ -87,7 +88,10 @@ krb_openlog(struct krb_log_facility *f, FILE *file, krb_log_func_t func) { - strcpy(f->filename, filename); + if (f == NULL) + return KFAILURE; + strncpy(f->filename, filename, MAXPATHLEN); + f->filename[MAXPATHLEN-1] = '\0'; f->file = file; f->func = func; return KSUCCESS; diff --git a/kerberosIV/krb/lsb_addr_comp.c b/kerberosIV/krb/lsb_addr_comp.c index 6e1c11fed0b..da93c97ff6f 100644 --- a/kerberosIV/krb/lsb_addr_comp.c +++ b/kerberosIV/krb/lsb_addr_comp.c @@ -1,3 +1,4 @@ +/* $OpenBSD: lsb_addr_comp.c,v 1.2 1997/12/09 07:57:27 art Exp $ */ /* $KTH: lsb_addr_comp.c,v 1.9 1997/04/01 08:18:37 joda Exp $ */ /* diff --git a/kerberosIV/krb/mk_auth.c b/kerberosIV/krb/mk_auth.c index 343f05acc80..196e085e782 100644 --- a/kerberosIV/krb/mk_auth.c +++ b/kerberosIV/krb/mk_auth.c @@ -1,3 +1,4 @@ +/* $OpenBSD: mk_auth.c,v 1.2 1997/12/09 07:57:28 art Exp $ */ /* $KTH: mk_auth.c,v 1.4 1997/04/01 08:18:35 joda Exp $ */ /* @@ -63,11 +64,15 @@ krb_mk_auth(int32_t options, char realrealm[REALM_SZ]; int ret; unsigned char *p; + char *tmp; if (options & KOPT_DONT_CANON) - strncpy(realinst, instance, sizeof(realinst)); + tmp = instance; else - strncpy(realinst, krb_get_phost (instance), sizeof(realinst)); + tmp = krb_get_phost (instance); + + strncpy(realinst, tmp, sizeof(realinst)); + realinst[sizeof(realinst) - 1] = '\0'; if (realm == NULL) { ret = krb_get_lrealm (realrealm, 1); diff --git a/kerberosIV/krb/mk_err.c b/kerberosIV/krb/mk_err.c index 1a28e4d178a..a245d1bbd84 100644 --- a/kerberosIV/krb/mk_err.c +++ b/kerberosIV/krb/mk_err.c @@ -1,3 +1,4 @@ +/* $OpenBSD: mk_err.c,v 1.3 1997/12/09 07:57:28 art Exp $ */ /* $KTH: mk_err.c,v 1.6 1997/03/23 03:53:14 joda Exp $ */ /* diff --git a/kerberosIV/krb/mk_priv.c b/kerberosIV/krb/mk_priv.c index 6075f361b1f..bc6ae0eb50a 100644 --- a/kerberosIV/krb/mk_priv.c +++ b/kerberosIV/krb/mk_priv.c @@ -1,3 +1,4 @@ +/* $OpenBSD: mk_priv.c,v 1.4 1997/12/09 07:57:29 art Exp $ */ /* $KTH: mk_priv.c,v 1.18 1997/04/01 08:18:37 joda Exp $ */ /* @@ -93,6 +94,9 @@ krb_mk_priv(void *in, void *out, u_int32_t length, u_int32_t src_addr; u_int32_t len; + if (p == NULL) + return 0; + p += krb_put_int(KRB_PROT_VERSION, p, 1); p += krb_put_int(AUTH_MSG_PRIVATE, p, 1); diff --git a/kerberosIV/krb/mk_req.c b/kerberosIV/krb/mk_req.c index 7219fa957ff..e00a1badd61 100644 --- a/kerberosIV/krb/mk_req.c +++ b/kerberosIV/krb/mk_req.c @@ -1,3 +1,4 @@ +/* $OpenBSD: mk_req.c,v 1.3 1997/12/09 07:57:29 art Exp $ */ /* $KTH: mk_req.c,v 1.17 1997/05/30 17:42:38 bg Exp $ */ /* @@ -155,8 +156,10 @@ krb_mk_req(KTEXT authent, char *service, char *instance, char *realm, */ retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0); - if (retval == KSUCCESS) + if (retval == KSUCCESS){ strncpy(myrealm, realm, REALM_SZ); + myrealm[REALM_SZ-1] = '\0'; + } else retval = krb_get_tf_realm(TKT_FILE, myrealm); diff --git a/kerberosIV/krb/mk_safe.c b/kerberosIV/krb/mk_safe.c index 1f2abc91244..6d6192978b9 100644 --- a/kerberosIV/krb/mk_safe.c +++ b/kerberosIV/krb/mk_safe.c @@ -1,3 +1,4 @@ +/* $OpenBSD: mk_safe.c,v 1.4 1997/12/09 07:57:30 art Exp $ */ /* $KTH: mk_safe.c,v 1.21 1997/04/19 23:18:03 joda Exp $ */ /* @@ -89,6 +90,9 @@ krb_mk_safe(void *in, void *out, u_int32_t length, des_cblock *key, unsigned char *start; u_int32_t src_addr; + if (p == NULL) + return 0; + p += krb_put_int(KRB_PROT_VERSION, p, 1); p += krb_put_int(AUTH_MSG_SAFE, p, 1); diff --git a/kerberosIV/krb/month_sname.c b/kerberosIV/krb/month_sname.c index 32542c27501..f0625360575 100644 --- a/kerberosIV/krb/month_sname.c +++ b/kerberosIV/krb/month_sname.c @@ -1,3 +1,4 @@ +/* $OpenBSD: month_sname.c,v 1.3 1997/12/09 07:57:30 art Exp $ */ /* $KTH: month_sname.c,v 1.5 1997/03/23 03:53:14 joda Exp $ */ /* diff --git a/kerberosIV/krb/name2name.c b/kerberosIV/krb/name2name.c index aa847057353..05da49ab1d5 100644 --- a/kerberosIV/krb/name2name.c +++ b/kerberosIV/krb/name2name.c @@ -1,3 +1,4 @@ +/* $OpenBSD: name2name.c,v 1.2 1997/12/09 07:57:31 art Exp $ */ /* $KTH: name2name.c,v 1.15 1997/04/30 04:30:36 assar Exp $ */ /* @@ -51,6 +52,9 @@ krb_name_to_name(const char *host, char *phost, size_t phost_size) struct hostent *hp; struct in_addr adr; const char *tmp; + + if (phost == NULL || phost_size == 0) + return 1; adr.s_addr = inet_addr(host); hp = gethostbyname(host); diff --git a/kerberosIV/krb/netread.c b/kerberosIV/krb/netread.c index 0149aba2635..03dab7a7faf 100644 --- a/kerberosIV/krb/netread.c +++ b/kerberosIV/krb/netread.c @@ -1,3 +1,4 @@ +/* $OpenBSD: netread.c,v 1.3 1997/12/09 07:57:31 art Exp $ */ /* $KTH: netread.c,v 1.7 1997/06/19 23:56:44 assar Exp $ */ /* @@ -39,6 +40,9 @@ krb_net_read (int fd, void *v, size_t len) int cc, len2 = 0; char *buf = v; + if (buf == NULL) + return -1; + do { cc = read(fd, buf, len); if (cc < 0) diff --git a/kerberosIV/krb/netwrite.c b/kerberosIV/krb/netwrite.c index edd2d80b476..ff7c22820d1 100644 --- a/kerberosIV/krb/netwrite.c +++ b/kerberosIV/krb/netwrite.c @@ -1,3 +1,4 @@ +/* $OpenBSD: netwrite.c,v 1.3 1997/12/09 07:57:32 art Exp $ */ /* $KTH: netwrite.c,v 1.8 1997/06/19 23:56:25 assar Exp $ */ /* @@ -39,6 +40,9 @@ krb_net_write(int fd, const void *v, size_t len) int wrlen = len; const char *buf = (const char*)v; + if (buf == NULL) + return -1; + do { cc = write(fd, buf, wrlen); if (cc < 0) diff --git a/kerberosIV/krb/one.c b/kerberosIV/krb/one.c index d43b2840e08..f1b726e11f3 100644 --- a/kerberosIV/krb/one.c +++ b/kerberosIV/krb/one.c @@ -1,3 +1,4 @@ +/* $OpenBSD: one.c,v 1.3 1997/12/09 07:57:32 art Exp $ */ /* Copyright (C) 1989 by the Massachusetts Institute of Technology diff --git a/kerberosIV/krb/parse_name.c b/kerberosIV/krb/parse_name.c index 281a3389391..6c7f3366f66 100644 --- a/kerberosIV/krb/parse_name.c +++ b/kerberosIV/krb/parse_name.c @@ -1,3 +1,4 @@ +/* $OpenBSD: parse_name.c,v 1.2 1997/12/09 07:57:33 art Exp $ */ /* $KTH: parse_name.c,v 1.4 1997/04/01 08:18:39 joda Exp $ */ /* @@ -47,11 +48,15 @@ krb_parse_name(const char *fullname, krb_principal *principal) char *ns, *np; enum {n, i, r} pos = n; int quote = 0; + + if (principal == NULL) + return KFAILURE; + ns = np = principal->name; - principal->name[0] = 0; - principal->instance[0] = 0; - principal->realm[0] = 0; + principal->name[0] = '\0'; + principal->instance[0] = '\0'; + principal->realm[0] = '\0'; for(p = fullname; *p; p++){ if(np - ns == ANAME_SZ - 1) /* XXX they have the same size */ @@ -75,7 +80,7 @@ krb_parse_name(const char *fullname, krb_principal *principal) *np++ = *p; } *np = 0; - if(quote || principal->name[0] == 0) + if(quote || principal->name[0] == '\0') return KNAME_FMT; return KSUCCESS; } @@ -86,10 +91,14 @@ kname_parse(char *np, char *ip, char *rp, char *fullname) krb_principal p; int ret; if((ret = krb_parse_name(fullname, &p)) == 0){ - strcpy(np, p.name); - strcpy(ip, p.instance); - if(p.realm[0]) - strcpy(rp, p.realm); + strncpy(np, p.name, ANAME_SZ); + np[ANAME_SZ-1] = '\0'; + strncpy(ip, p.instance, INST_SZ); + ip[INST_SZ-1] = '\0'; + if(p.realm[0] != '\0'){ + strncpy(rp, p.realm, REALM_SZ); + rp[REALM_SZ-1] = '\0'; + } } return ret; } @@ -104,7 +113,7 @@ k_isname(char *s) char c; int backslash = 0; - if (!*s) + if (s[0] == '\0') return 0; if (strlen(s) > ANAME_SZ - 1) return 0; @@ -177,7 +186,7 @@ k_isrealm(char *s) char c; int backslash = 0; - if (!*s) + if (s[0] == '\0') return 0; if (strlen(s) > REALM_SZ - 1) return 0; diff --git a/kerberosIV/krb/rd_err.c b/kerberosIV/krb/rd_err.c index c1024ace9e3..38508825873 100644 --- a/kerberosIV/krb/rd_err.c +++ b/kerberosIV/krb/rd_err.c @@ -1,3 +1,4 @@ +/* $OpenBSD: rd_err.c,v 1.3 1997/12/09 07:57:33 art Exp $ */ /* $KTH: rd_err.c,v 1.8 1997/04/01 08:18:40 joda Exp $ */ /* @@ -63,6 +64,9 @@ krb_rd_err(u_char *in, u_int32_t in_length, int32_t *code, MSG_DAT *m_data) unsigned char pvno, type; int little_endian; + if (p == NULL) + return KFAILURE; + pvno = *p++; if(pvno != KRB_PROT_VERSION) return RD_AP_VERSION; diff --git a/kerberosIV/krb/rd_priv.c b/kerberosIV/krb/rd_priv.c index 9c8c6327dcf..efba87e8014 100644 --- a/kerberosIV/krb/rd_priv.c +++ b/kerberosIV/krb/rd_priv.c @@ -1,3 +1,4 @@ +/* $OpenBSD: rd_priv.c,v 1.4 1997/12/09 07:57:33 art Exp $ */ /* $KTH: rd_priv.c,v 1.24 1997/05/14 17:53:29 joda Exp $ */ /* @@ -75,6 +76,9 @@ krb_rd_priv(void *in, u_int32_t in_length, unsigned char pvno, type; + if (p == NULL) + return KFAILURE; + pvno = *p++; if(pvno != KRB_PROT_VERSION) return RD_AP_VERSION; diff --git a/kerberosIV/krb/rd_req.c b/kerberosIV/krb/rd_req.c index adcbabe8937..2072c0519e1 100644 --- a/kerberosIV/krb/rd_req.c +++ b/kerberosIV/krb/rd_req.c @@ -1,3 +1,4 @@ +/* $OpenBSD: rd_req.c,v 1.5 1997/12/09 07:57:34 art Exp $ */ /* $KTH: rd_req.c,v 1.24 1997/05/11 11:05:28 assar Exp $ */ /* @@ -217,9 +218,12 @@ krb_rd_req(KTEXT authent, /* The received message */ return(RD_AP_UNDEC); if ((status = krb_set_key((char*)skey, 0))) return(status); - strcpy(st_rlm, realm); - strcpy(st_nam, service); - strcpy(st_inst, instance); + strncpy(st_rlm, realm, REALM_SZ); + st_rlm[REALM_SZ-1] = '\0'; + strncpy(st_nam, service, SNAME_SZ); + st_nam[SNAME_SZ-1] = '\0'; + strncpy(st_inst, instance, INST_SZ); + st_inst[INST_SZ-1] = '\0'; } tkt->length = *p++; diff --git a/kerberosIV/krb/rd_safe.c b/kerberosIV/krb/rd_safe.c index 90d97b06365..eb66c799237 100644 --- a/kerberosIV/krb/rd_safe.c +++ b/kerberosIV/krb/rd_safe.c @@ -1,3 +1,4 @@ +/* $OpenBSD: rd_safe.c,v 1.4 1997/12/09 07:57:34 art Exp $ */ /* $KTH: rd_safe.c,v 1.24 1997/04/19 23:18:20 joda Exp $ */ /* @@ -55,6 +56,9 @@ void fixup_quad_cksum(void *start, size_t len, des_cblock *key, void *new_checksum, void *old_checksum, int little) { + if (old_checksum == NULL || new_checksum == NULL) + return; + des_quad_cksum((des_cblock*)start, (des_cblock*)new_checksum, len, 2, key); if(HOST_BYTE_ORDER){ if(little){ @@ -117,6 +121,8 @@ krb_rd_safe(void *in, u_int32_t in_length, des_cblock *key, u_int32_t src_addr; int delta_t; + if (p == NULL) + return KFAILURE; pvno = *p++; if(pvno != KRB_PROT_VERSION) diff --git a/kerberosIV/krb/read_service_key.c b/kerberosIV/krb/read_service_key.c index 5bee36177f2..1960c255950 100644 --- a/kerberosIV/krb/read_service_key.c +++ b/kerberosIV/krb/read_service_key.c @@ -1,3 +1,4 @@ +/* $OpenBSD: read_service_key.c,v 1.3 1997/12/09 07:57:35 art Exp $ */ /* $KTH: read_service_key.c,v 1.8 1997/03/23 03:53:16 joda Exp $ */ /* @@ -73,7 +74,10 @@ read_service_key(char *service, /* Service Name */ int stab; if ((stab = open(file, O_RDONLY, 0)) < 0) - return(KFAILURE); + return KFAILURE; + + if (instance == NULL) + return KFAILURE; wcard = (instance[0] == '*') && (instance[1] == '\0'); @@ -83,15 +87,15 @@ read_service_key(char *service, /* Service Name */ /* Vers number */ if (read(stab, &vno, 1) != 1) { close(stab); - return(KFAILURE); + return KFAILURE; } /* Key */ if (read(stab,key,8) != 8) { close(stab); - return(KFAILURE); + return KFAILURE; } /* Is this the right service */ - if (strcmp(serv,service)) + if (service != NULL && strcmp(serv,service)) continue; /* How about instance */ if (!wcard && strcmp(inst,instance)) @@ -99,7 +103,7 @@ read_service_key(char *service, /* Service Name */ if (wcard) strncpy(instance,inst,INST_SZ); /* Is this the right realm */ - if (strcmp(rlm,realm)) + if (realm != NULL && strcmp(rlm,realm)) continue; /* How about the key version number */ @@ -107,7 +111,7 @@ read_service_key(char *service, /* Service Name */ continue; close(stab); - return(KSUCCESS); + return KSUCCESS; } /* Can't find the requested service */ diff --git a/kerberosIV/krb/realm_parse.c b/kerberosIV/krb/realm_parse.c index 8ce892c1835..18c46921790 100644 --- a/kerberosIV/krb/realm_parse.c +++ b/kerberosIV/krb/realm_parse.c @@ -1,3 +1,4 @@ +/* $OpenBSD: realm_parse.c,v 1.2 1997/12/09 07:57:35 art Exp $ */ /* $KTH: realm_parse.c,v 1.10 1997/06/01 03:14:50 assar Exp $ */ /* @@ -55,6 +56,8 @@ realm_parse(char *realm, int length, const char *file) p = strtok_r(tr, " \t\n\r", &unused); if(p && strcasecmp(p, realm) == 0){ fclose(F); + if (realm == NULL) + return -1; strncpy(realm, p, length); return 0; } @@ -73,7 +76,7 @@ krb_realm_parse(char *realm, int length) const char *dir = getenv("KRBCONFDIR"); /* First try user specified file */ - if (dir != 0) { + if (dir != 0 && getuid() != geteuid()) { char fname[MAXPATHLEN]; if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) diff --git a/kerberosIV/krb/recvauth.c b/kerberosIV/krb/recvauth.c index 70e3df67f79..d4a360f3cdb 100644 --- a/kerberosIV/krb/recvauth.c +++ b/kerberosIV/krb/recvauth.c @@ -1,3 +1,4 @@ +/* $OpenBSD: recvauth.c,v 1.4 1997/12/09 07:57:36 art Exp $ */ /* $KTH: recvauth.c,v 1.18 1997/07/05 01:35:15 assar Exp $ */ /* diff --git a/kerberosIV/krb/resolve.c b/kerberosIV/krb/resolve.c index 2fe607d13af..c9c85e2c659 100644 --- a/kerberosIV/krb/resolve.c +++ b/kerberosIV/krb/resolve.c @@ -1,3 +1,4 @@ +/* $OpenBSD: resolve.c,v 1.2 1997/12/09 07:57:36 art Exp $ */ /* $KTH: resolve.c,v 1.12 1997/10/28 15:37:39 bg Exp $ */ /* @@ -84,18 +85,26 @@ void dns_free_data(struct dns_reply *r) { struct resource_record *rr; - if(r->q.domain) + if(r->q.domain){ free(r->q.domain); + r->q.domain = NULL; + } for(rr = r->head; rr;){ struct resource_record *tmp = rr; - if(rr->domain) + if(rr->domain){ free(rr->domain); - if(rr->u.data) + rr->domain = NULL; + } + if(rr->u.data){ free(rr->u.data); + rr->u.data = NULL; + } rr = rr->next; free(tmp); + tmp = NULL; } free (r); + r = NULL; } static struct dns_reply* @@ -109,6 +118,10 @@ parse_reply(unsigned char *data, int len) struct resource_record **rr; r = (struct dns_reply*)malloc(sizeof(struct dns_reply)); + + if (r == NULL) + return NULL; + memset(r, 0, sizeof(struct dns_reply)); p = data; @@ -170,7 +183,8 @@ parse_reply(unsigned char *data, int len) (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + strlen(host)); (*rr)->u.mx->preference = (p[0] << 8) | p[1]; - strcpy((*rr)->u.mx->domain, host); + strncpy((*rr)->u.mx->domain, host, MAXHOSTNAMELEN); + (*rr)->u.mx->domain[MAXHOSTNAMELEN-1] = '\0'; break; } case T_SRV:{ @@ -185,7 +199,8 @@ parse_reply(unsigned char *data, int len) (*rr)->u.srv->priority = (p[0] << 8) | p[1]; (*rr)->u.srv->weight = (p[2] << 8) | p[3]; (*rr)->u.srv->port = (p[4] << 8) | p[5]; - strcpy((*rr)->u.srv->target, host); + strncpy((*rr)->u.srv->target, host, MAXHOSTNAMELEN); + (*rr)->u.srv->target[MAXHOSTNAMELEN-1] = '\0'; break; } case T_TXT:{ diff --git a/kerberosIV/krb/rw.c b/kerberosIV/krb/rw.c index 7ee546050a2..f032f83b2e7 100644 --- a/kerberosIV/krb/rw.c +++ b/kerberosIV/krb/rw.c @@ -1,3 +1,4 @@ +/* $OpenBSD: rw.c,v 1.2 1997/12/09 07:57:37 art Exp $ */ /* $KTH: rw.c,v 1.8 1997/04/01 08:18:44 joda Exp $ */ /* @@ -51,6 +52,9 @@ krb_get_int(void *f, u_int32_t *to, int size, int lsb) int i; unsigned char *from = (unsigned char *)f; + if (from == NULL) + return 0; + *to = 0; if(lsb){ for(i = size-1; i >= 0; i--) @@ -67,6 +71,10 @@ krb_put_int(u_int32_t from, void *to, int size) { int i; unsigned char *p = (unsigned char *)to; + + if (p == NULL) + return 0; + for(i = size - 1; i >= 0; i--){ p[i] = from & 0xff; from >>= 8; @@ -81,6 +89,10 @@ int krb_get_address(void *from, u_int32_t *to) { unsigned char *p = (unsigned char*)from; + + if (from == NULL || p == NULL) + return 0; + *to = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); return 4; } @@ -94,6 +106,8 @@ krb_put_address(u_int32_t addr, void *to) int krb_put_string(char *from, void *to) { + if (to == NULL || from == NULL) + return 0; strcpy((char *)to, from); return strlen(from) + 1; } @@ -109,6 +123,9 @@ krb_get_nir(void *from, char *name, char *instance, char *realm) { char *p = (char *)from; + if (p == NULL) + return 0; + p += krb_get_string(p, name); p += krb_get_string(p, instance); if(realm) @@ -120,6 +137,9 @@ int krb_put_nir(char *name, char *instance, char *realm, void *to) { char *p = (char *)to; + if (p == NULL) + return 0; + p += krb_put_string(name, p); p += krb_put_string(instance, p); if(realm) diff --git a/kerberosIV/krb/save_credentials.c b/kerberosIV/krb/save_credentials.c index d9ef94b449d..186640d008d 100644 --- a/kerberosIV/krb/save_credentials.c +++ b/kerberosIV/krb/save_credentials.c @@ -1,3 +1,4 @@ +/* $OpenBSD: save_credentials.c,v 1.3 1997/12/09 07:57:38 art Exp $ */ /* $KTH: save_credentials.c,v 1.5 1997/03/23 03:53:17 joda Exp $ */ /* diff --git a/kerberosIV/krb/send_to_kdc.c b/kerberosIV/krb/send_to_kdc.c index f7a5865ad93..3f04c5865d1 100644 --- a/kerberosIV/krb/send_to_kdc.c +++ b/kerberosIV/krb/send_to_kdc.c @@ -1,3 +1,4 @@ +/* $OpenBSD: send_to_kdc.c,v 1.5 1997/12/09 07:57:38 art Exp $ */ /* $KTH: send_to_kdc.c,v 1.47 1997/11/07 17:31:38 bg Exp $ */ /* @@ -91,8 +92,10 @@ send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm) * If "realm" is non-null, use that, otherwise get the * local realm. */ - if (realm) - strcpy(lrealm, realm); + if (realm != NULL){ + strncpy(lrealm, realm, REALM_SZ); + lrealm[REALM_SZ-1] = '\0'; + } else if (krb_get_lrealm(lrealm,1)) { if (krb_debug) @@ -163,6 +166,7 @@ send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm) retval = SKDC_RETRY; rtn: free(hosts); + hosts = NULL; return(retval); } @@ -210,6 +214,8 @@ static int udptcp_recv(void *buf, size_t len, KTEXT rpkt) static int url_parse(const char *url, char *host, size_t len, short *port) { const char *p; + if (url == NULL || host == NULL) + return -1; if(strncmp(url, "http://", 7)) return -1; url += 7; @@ -232,17 +238,24 @@ static int url_parse(const char *url, char *host, size_t len, short *port) static int http_connect(int s, struct sockaddr_in *adr) { char *proxy = getenv(PROXY_VAR); - char host[MAXHOSTNAMELEN + 1]; + char host[MAXHOSTNAMELEN]; short port; struct hostent *hp; struct sockaddr_in sin; + + if (adr == NULL) + return -1; + if(proxy == NULL) return tcp_connect(s, adr); + if(url_parse(proxy, host, sizeof(host), &port) < 0) return -1; + hp = gethostbyname(host); if(hp == NULL) return -1; + memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; memcpy(&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr)); @@ -257,19 +270,27 @@ static int http_send(int s, struct sockaddr_in* adr, KTEXT pkt) base64_encode(pkt->dat, pkt->length, &str); if(getenv(PROXY_VAR)){ - asprintf(&msg, "GET http://%s:%d/%s HTTP/1.0\r\n\r\n", - inet_ntoa(adr->sin_addr), - ntohs(adr->sin_port), - str); + if (asprintf(&msg, "GET http://%s:%d/%s HTTP/1.0\r\n\r\n", + inet_ntoa(adr->sin_addr), + ntohs(adr->sin_port), + str) == -1) + return -1; }else - asprintf(&msg, "GET %s HTTP/1.0\r\n\r\n", str); + if (asprintf(&msg, "GET %s HTTP/1.0\r\n\r\n", str) == -1){ + free(str); + str = NULL; + return -1; + } free(str); + str = NULL; if(send(s, msg, strlen(msg), 0) != strlen(msg)){ free(msg); + msg = NULL; return -1; } free(msg); + msg = NULL; return 0; } @@ -282,12 +303,19 @@ static int http_recv(void *buf, size_t len, KTEXT rpkt) p = strstr(tmp, "\r\n\r\n"); if(p == NULL){ free(tmp); + tmp = NULL; return -1; } p += 4; + if (p >= tmp+len){ + free(tmp); + tmp = NULL; + return -1; + } memcpy(rpkt->dat, p, (tmp + len) - p); rpkt->length = (tmp + len) - p; free(tmp); + tmp = NULL; return 0; } diff --git a/kerberosIV/krb/sendauth.c b/kerberosIV/krb/sendauth.c index 96ff7c30ba5..d0c71d3e1b4 100644 --- a/kerberosIV/krb/sendauth.c +++ b/kerberosIV/krb/sendauth.c @@ -1,3 +1,4 @@ +/* $OpenBSD: sendauth.c,v 1.4 1997/12/09 07:57:38 art Exp $ */ /* $KTH: sendauth.c,v 1.15 1997/04/18 14:11:36 joda Exp $ */ /* @@ -148,6 +149,8 @@ krb_sendauth(int32_t options, /* bit-pattern of options */ else strncpy (inst, krb_get_phost(instance), sizeof(inst)); + inst[sizeof(inst)-1] = '\0'; + ret = krb_get_cred (service, inst, realm, cred); if (ret != KSUCCESS) return ret; diff --git a/kerberosIV/krb/stime.c b/kerberosIV/krb/stime.c index b3f5ce270ec..7102a3b8853 100644 --- a/kerberosIV/krb/stime.c +++ b/kerberosIV/krb/stime.c @@ -1,3 +1,4 @@ +/* $OpenBSD: stime.c,v 1.2 1997/12/09 07:57:39 art Exp $ */ /* $KTH: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $ */ /* diff --git a/kerberosIV/krb/str2key.c b/kerberosIV/krb/str2key.c index 8e967a63610..8aebe070afd 100644 --- a/kerberosIV/krb/str2key.c +++ b/kerberosIV/krb/str2key.c @@ -1,3 +1,4 @@ +/* $OpenBSD: str2key.c,v 1.5 1997/12/09 07:57:39 art Exp $ */ /* $KTH: str2key.c,v 1.10 1997/03/23 03:53:19 joda Exp $ */ /* This defines the Andrew string_to_key function. It accepts a password @@ -11,7 +12,7 @@ static void mklower(char *s) { - for (; *s; s++) + for (; s[0] != '\0'; s++) if ('A' <= *s && *s <= 'Z') *s = *s - 'A' + 'a'; } @@ -26,10 +27,11 @@ afs_cmu_StringToKey (char *str, char *cell, des_cblock *key) int i; int passlen; - memset (key, 0, sizeof(key)); + memset(key, 0, sizeof(key)); memset(password, 0, sizeof(password)); strncpy (password, cell, 8); + password[8] = '\0'; passlen = strlen (str); if (passlen > 8) passlen = 8; @@ -70,6 +72,7 @@ afs_transarc_StringToKey (char *str, char *cell, des_cblock *key) int passlen; strncpy (password, str, sizeof(password)); + password[sizeof(password)-1] = '\0'; if ((passlen = strlen (password)) < sizeof(password)-1) strncat (password, cell, sizeof(password)-passlen); if ((passlen = strlen(password)) > sizeof(password)) passlen = sizeof(password); diff --git a/kerberosIV/krb/strtok_r.c b/kerberosIV/krb/strtok_r.c index 30c4874d469..8da8c9d57a0 100644 --- a/kerberosIV/krb/strtok_r.c +++ b/kerberosIV/krb/strtok_r.c @@ -1,3 +1,4 @@ +/* $OpenBSD: strtok_r.c,v 1.2 1997/12/09 07:57:40 art Exp $ */ /* $KTH: strtok_r.c,v 1.4 1997/05/19 03:05:47 assar Exp $ */ /* diff --git a/kerberosIV/krb/tf_util.c b/kerberosIV/krb/tf_util.c index f37c2f242d6..70c75f0f493 100644 --- a/kerberosIV/krb/tf_util.c +++ b/kerberosIV/krb/tf_util.c @@ -1,3 +1,4 @@ +/* $OpenBSD: tf_util.c,v 1.3 1997/12/09 07:57:40 art Exp $ */ /* $KTH: tf_util.c,v 1.25 1997/11/04 09:44:28 bg Exp $ */ /* diff --git a/kerberosIV/krb/tkt_string.c b/kerberosIV/krb/tkt_string.c index 5bc67e2562c..2795995035e 100644 --- a/kerberosIV/krb/tkt_string.c +++ b/kerberosIV/krb/tkt_string.c @@ -1,3 +1,4 @@ +/* $OpenBSD: tkt_string.c,v 1.5 1997/12/09 07:57:41 art Exp $ */ /* $KTH: tkt_string.c,v 1.11 1997/10/24 10:18:07 assar Exp $ */ /* @@ -44,7 +45,7 @@ tkt_string(void) { char *env; - if (!*krb_ticket_string) { + if (krb_ticket_string[0] == '\0') { if ((env = getenv("KRBTKFILE"))) { strncpy(krb_ticket_string, env, sizeof(krb_ticket_string)-1); diff --git a/kerberosIV/krb/unparse_name.c b/kerberosIV/krb/unparse_name.c index e7cde58fda7..2b74e030156 100644 --- a/kerberosIV/krb/unparse_name.c +++ b/kerberosIV/krb/unparse_name.c @@ -1,3 +1,4 @@ +/* $OpenBSD: unparse_name.c,v 1.2 1997/12/09 07:57:41 art Exp $ */ /* $KTH: unparse_name.c,v 1.7 1997/04/01 08:18:46 joda Exp $ */ /* @@ -59,11 +60,13 @@ krb_unparse_name_r(krb_principal *pr, char *fullname) { quote_string("'@\\", pr->name, fullname); if(pr->instance[0]){ - strcat(fullname, "."); + strncat(fullname, ".", MAXPATHLEN); + fullname[MAXPATHLEN-1] = '\0'; quote_string("@\\", pr->instance, fullname + strlen(fullname)); } if(pr->realm[0]){ - strcat(fullname, "@"); + strncat(fullname, "@", MAXPATHLEN); + fullname[MAXPATHLEN-1] = '\0'; quote_string("\\", pr->realm, fullname + strlen(fullname)); } return fullname; @@ -75,11 +78,16 @@ krb_unparse_name_long_r(char *name, char *instance, char *realm, { krb_principal pr; memset(&pr, 0, sizeof(pr)); - strcpy(pr.name, name); - if(instance) - strcpy(pr.instance, instance); - if(realm) - strcpy(pr.realm, realm); + strncpy(pr.name, name, ANAME_SZ-1); + pr.name[ANAME_SZ-1] = '\0'; + if(instance != NULL){ + strncpy(pr.instance, instance, INST_SZ-1); + pr.instance[INST_SZ-1] = '\0'; + } + if(realm != NULL){ + strncpy(pr.realm, realm, REALM_SZ-1); + pr.realm[REALM_SZ-1] = '\0'; + } return krb_unparse_name_r(&pr, fullname); } @@ -96,10 +104,15 @@ krb_unparse_name_long(char *name, char *instance, char *realm) { krb_principal pr; memset(&pr, 0, sizeof(pr)); - strcpy(pr.name, name); - if(instance) - strcpy(pr.instance, instance); - if(realm) - strcpy(pr.realm, realm); + strncpy(pr.name, name, ANAME_SZ-1); + pr.name[ANAME_SZ-1] = '\0'; + if(instance != NULL){ + strncpy(pr.instance, instance, INST_SZ-1); + pr.instance[INST_SZ-1] = '\0'; + } + if(realm != NULL){ + strncpy(pr.realm, realm, REALM_SZ-1); + pr.realm[REALM_SZ-1] = '\0'; + } return krb_unparse_name(&pr); } diff --git a/kerberosIV/krb/util.c b/kerberosIV/krb/util.c index b187276ffd7..334e6079337 100644 --- a/kerberosIV/krb/util.c +++ b/kerberosIV/krb/util.c @@ -1,3 +1,4 @@ +/* $OpenBSD: util.c,v 1.2 1997/12/09 07:57:42 art Exp $ */ /* $KTH: util.c,v 1.6 1996/10/05 00:18:34 joda Exp $ */ /* diff --git a/kerberosIV/krb/verify_user.c b/kerberosIV/krb/verify_user.c index 0058a00a64f..55175d3af42 100644 --- a/kerberosIV/krb/verify_user.c +++ b/kerberosIV/krb/verify_user.c @@ -1,3 +1,4 @@ +/* $OpenBSD: verify_user.c,v 1.2 1997/12/09 07:57:42 art Exp $ */ /* $KTH: verify_user.c,v 1.8 1997/04/01 08:18:46 joda Exp $ */ /* |