replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)

exit if writing the key fails (no infinit loop)
print usage() everytime we get bad options

1 files changed, 81 insertions, 77 deletions

diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index cc879188aec..204ea2e65c0 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -14,7 +14,7 @@ Identity and host key generation and maintenance.
 */
 
 #include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.9 1999/11/20 10:02:53 markus Exp $");
+RCSID("$Id: ssh-keygen.c,v 1.10 1999/11/20 19:53:40 markus Exp $");
 
 #include "rsa.h"
 #include "ssh.h"
@@ -44,8 +44,9 @@ int quiet = 0;
 /* Flag indicating that we just want to see the key fingerprint */
 int print_fingerprint = 0;
 
-/* This is set to the identity file name if given on the command line. */
-char *identity_file = NULL;
+/* The identity file name, given on the command line or entered by the user. */
+char identity_file[1024];
+int have_identity = 0;
 
 /* This is set to the passphrase if given on the command line. */
 char *identity_passphrase = NULL;
@@ -56,51 +57,46 @@ char *identity_new_passphrase = NULL;
 /* This is set to the new comment if given on the command line. */
 char *identity_comment = NULL;
 
-/* Perform changing a passphrase.  The argument is the passwd structure
-   for the current user. */
+/* argv0 */
+extern char *__progname;
 
-char *
-get_filename(struct passwd *pw, const char *prompt)
+void
+ask_filename(struct passwd *pw, const char *prompt)
 {
-  char buf[1024], default_file[1024];
-
-  /* Read key file name. */
-  if (identity_file != NULL) {
-    return xstrdup(identity_file);
-  } else {
-    snprintf(default_file, sizeof default_file, "%s/%s",
-             pw->pw_dir, SSH_CLIENT_IDENTITY);
-    printf("%s (%s): ", prompt, default_file);
-    fflush(stdout);
-    if (fgets(buf, sizeof(buf), stdin) == NULL)
-      exit(1);
-    if (strchr(buf, '\n'))
-      *strchr(buf, '\n') = 0;
-    if (strcmp(buf, "") == 0)
-      return xstrdup(default_file);
-  }
-  return xstrdup(buf);
+  char buf[1024];
+  snprintf(identity_file, sizeof(identity_file), "%s/%s",
+           pw->pw_dir, SSH_CLIENT_IDENTITY);
+  printf("%s (%s): ", prompt, identity_file);
+  fflush(stdout);
+  if (fgets(buf, sizeof(buf), stdin) == NULL)
+    exit(1);
+  if (strchr(buf, '\n'))
+    *strchr(buf, '\n') = 0;
+  if (strcmp(buf, "") != 0)
+    strlcpy(identity_file, buf, sizeof(identity_file));
+  have_identity = 1;
 }
 
 void
 do_fingerprint(struct passwd *pw)
 {
-  char *file, *comment;
+  char *comment;
   RSA *public_key;
   struct stat st;
 
-  file = get_filename(pw, "Enter file in which the key is");
-  if (stat(file, &st) < 0)
+  if (!have_identity)
+    ask_filename(pw, "Enter file in which the key is");
+  if (stat(identity_file, &st) < 0)
     {
-      perror(file);
+      perror(identity_file);
       exit(1);
     }
   public_key = RSA_new();
-  if (!load_public_key(file, public_key, &comment)) {
+  if (!load_public_key(identity_file, public_key, &comment)) {
     char *cp, line[1024];
     BIGNUM *e, *n;
     int dummy, invalid = 0;
-    FILE *f = fopen(file, "r");
+    FILE *f = fopen(identity_file, "r");
     n = BN_new();
     e = BN_new();
     if (f && fgets(line, sizeof(line), f)) {
@@ -117,7 +113,7 @@ do_fingerprint(struct passwd *pw)
       invalid = 1;
     }
     if (invalid) {
-      printf("%s is not a valid key file.\n", file);
+      printf("%s is not a valid key file.\n", identity_file);
       BN_free(e);
       BN_free(n);
       exit(1);
@@ -131,29 +127,32 @@ do_fingerprint(struct passwd *pw)
   exit(0);
 }
 
+/* Perform changing a passphrase.  The argument is the passwd structure
+   for the current user. */
 
 void
 do_change_passphrase(struct passwd *pw)
 {
-  char *file, *comment;
+  char *comment;
   char *old_passphrase, *passphrase1, *passphrase2;
   struct stat st;
   RSA *private_key;
 
-  file = get_filename(pw, "Enter file in which the key is");
+  if (!have_identity)
+    ask_filename(pw, "Enter file in which the key is");
   /* Check if the file exists. */
-  if (stat(file, &st) < 0)
+  if (stat(identity_file, &st) < 0)
     {
-      perror(file);
+      perror(identity_file);
       exit(1);
     }
   
   /* Try to load the public key from the file the verify that it is
      readable and of the proper format. */
   public_key = RSA_new();
-  if (!load_public_key(file, public_key, NULL))
+  if (!load_public_key(identity_file, public_key, NULL))
     {
-      printf("%s is not a valid key file.\n", file);
+      printf("%s is not a valid key file.\n", identity_file);
       exit(1);
     }
   /* Clear the public key since we are just about to load the whole file. */
@@ -161,14 +160,14 @@ do_change_passphrase(struct passwd *pw)
 
   /* Try to load the file with empty passphrase. */
   private_key = RSA_new();
-  if (!load_private_key(file, "", private_key, &comment)) {
+  if (!load_private_key(identity_file, "", private_key, &comment)) {
     /* Read passphrase from the user. */
     if (identity_passphrase)
       old_passphrase = xstrdup(identity_passphrase);
     else
       old_passphrase = read_passphrase("Enter old passphrase: ", 1);
     /* Try to load using the passphrase. */
-    if (!load_private_key(file, old_passphrase, private_key, &comment))
+    if (!load_private_key(identity_file, old_passphrase, private_key, &comment))
       {
 	memset(old_passphrase, 0, strlen(old_passphrase));
 	xfree(old_passphrase);
@@ -209,10 +208,10 @@ do_change_passphrase(struct passwd *pw)
     }
 
   /* Save the file using the new passphrase. */
-  if (!save_private_key(file, passphrase1, private_key, comment))
+  if (!save_private_key(identity_file, passphrase1, private_key, comment))
     {
       printf("Saving the key failed: %s: %s.\n",
-	     file, strerror(errno));
+	     identity_file, strerror(errno));
       memset(passphrase1, 0, strlen(passphrase1));
       xfree(passphrase1);
       RSA_free(private_key);
@@ -234,33 +233,34 @@ do_change_passphrase(struct passwd *pw)
 void
 do_change_comment(struct passwd *pw)
 {
-  char new_comment[1024], *file, *comment;
+  char new_comment[1024], *comment;
   RSA *private_key;
   char *passphrase;
   struct stat st;
   FILE *f;
   char *tmpbuf;
 
-  file = get_filename(pw, "Enter file in which the key is");
+  if (!have_identity)
+    ask_filename(pw, "Enter file in which the key is");
   /* Check if the file exists. */
-  if (stat(file, &st) < 0)
+  if (stat(identity_file, &st) < 0)
     {
-      perror(file);
+      perror(identity_file);
       exit(1);
     }
   
   /* Try to load the public key from the file the verify that it is
      readable and of the proper format. */
   public_key = RSA_new();
-  if (!load_public_key(file, public_key, NULL))
+  if (!load_public_key(identity_file, public_key, NULL))
     {
-      printf("%s is not a valid key file.\n", file);
+      printf("%s is not a valid key file.\n", identity_file);
       exit(1);
     }
 
   private_key = RSA_new();
   /* Try to load the file with empty passphrase. */
-  if (load_private_key(file, "", private_key, &comment))
+  if (load_private_key(identity_file, "", private_key, &comment))
     passphrase = xstrdup("");
   else
     {
@@ -273,7 +273,7 @@ do_change_comment(struct passwd *pw)
 	else
 	  passphrase = read_passphrase("Enter passphrase: ", 1);
       /* Try to load using the passphrase. */
-      if (!load_private_key(file, passphrase, private_key, &comment))
+      if (!load_private_key(identity_file, passphrase, private_key, &comment))
 	{
 	  memset(passphrase, 0, strlen(passphrase));
 	  xfree(passphrase);
@@ -304,10 +304,10 @@ do_change_comment(struct passwd *pw)
     }
       
   /* Save the file using the new passphrase. */
-  if (!save_private_key(file, passphrase, private_key, new_comment))
+  if (!save_private_key(identity_file, passphrase, private_key, new_comment))
     {
       printf("Saving the key failed: %s: %s.\n",
-	     file, strerror(errno));
+	     identity_file, strerror(errno));
       memset(passphrase, 0, strlen(passphrase));
       xfree(passphrase);
       RSA_free(private_key);
@@ -322,12 +322,11 @@ do_change_comment(struct passwd *pw)
 
   /* Save the public key in text format in a file with the same name but
      .pub appended. */
-  file = xrealloc(file, strlen(file) + 5);
-  strcat(file, ".pub");
-  f = fopen(file, "w");
+  strlcat(identity_file, ".pub", sizeof(identity_file));
+  f = fopen(identity_file, "w");
   if (!f)
     {
-      printf("Could not save your public key in %s\n", file);
+      printf("Could not save your public key in %s\n", identity_file);
       exit(1);
     }
   fprintf(f, "%d ", BN_num_bits(public_key->n));
@@ -345,6 +344,14 @@ do_change_comment(struct passwd *pw)
   exit(0);
 }
 
+void
+usage(void)
+{
+  printf("ssh-keygen version %s\n", SSH_VERSION);
+  printf("Usage: %s [-b bits] [-p] [-c] [-f file] [-P pass] [-N new-pass] [-C comment]\n", __progname);
+  exit(1);
+}
+
 /* Main program for key management. */
 
 int
@@ -352,7 +359,7 @@ main(int ac, char **av)
 {
   char buf[16384], buf2[1024], *passphrase1, *passphrase2;
   struct passwd *pw;
-  char *file, *tmpbuf;
+  char *tmpbuf;
   int opt;
   struct stat st;
   FILE *f;
@@ -411,7 +418,8 @@ main(int ac, char **av)
 	  break;
 
 	case 'f':
-	  identity_file = optarg;
+	  strlcpy(identity_file, optarg, sizeof(identity_file));
+	  have_identity = 1;
 	  break;
 	  
 	case 'P':
@@ -432,20 +440,18 @@ main(int ac, char **av)
 
 	case '?':
 	default:
-	  printf("ssh-keygen version %s\n", SSH_VERSION);
-	  printf("Usage: %s [-b bits] [-p] [-c] [-f file] [-P pass] [-N new-pass] [-C comment]\n", av[0]);
-	  exit(1);
+	  usage();
 	}
     }
   if (optind < ac)
     {
       printf("Too many arguments.\n");
-      exit(1);
+      usage();
     }
   if (change_passphrase && change_comment)
     {
       printf("Can only have one of -p and -c.\n");
-      exit(1);
+      usage();
     }
 
   if (print_fingerprint)
@@ -471,14 +477,13 @@ main(int ac, char **av)
   public_key = RSA_new();
   rsa_generate_key(private_key, public_key, bits);
 
- ask_file_again:
-
-  file = get_filename(pw, "Enter file in which to save the key");
+  if (!have_identity)
+    ask_filename(pw, "Enter file in which to save the key");
 
   /* If the file aready exists, ask the user to confirm. */
-  if (stat(file, &st) >= 0)
+  if (stat(identity_file, &st) >= 0)
     {
-      printf("%s already exists.\n", file);
+      printf("%s already exists.\n", identity_file);
       printf("Overwrite (y/n)? ");
       fflush(stdout);
       if (fgets(buf2, sizeof(buf2), stdin) == NULL)
@@ -531,14 +536,13 @@ main(int ac, char **av)
     }
 
   /* Save the key with the given passphrase and comment. */
-  if (!save_private_key(file, passphrase1, private_key, buf2))
+  if (!save_private_key(identity_file, passphrase1, private_key, buf2))
     {
       printf("Saving the key failed: %s: %s.\n",
-	     file, strerror(errno));
+	     identity_file, strerror(errno));
       memset(passphrase1, 0, strlen(passphrase1));
       xfree(passphrase1);
-      xfree(file);
-      goto ask_file_again;
+      exit(1);
     }
   /* Clear the passphrase. */
   memset(passphrase1, 0, strlen(passphrase1));
@@ -549,7 +553,7 @@ main(int ac, char **av)
   arc4random_stir();
 
   if (!quiet)
-    printf("Your identification has been saved in %s.\n", file);
+    printf("Your identification has been saved in %s.\n", identity_file);
 
   /* Display the public key on the screen. */
   if (!quiet) {
@@ -565,11 +569,11 @@ main(int ac, char **av)
 
   /* Save the public key in text format in a file with the same name but
      .pub appended. */
-  strcat(file, ".pub");
-  f = fopen(file, "w");
+  strlcat(identity_file, ".pub", sizeof(identity_file));
+  f = fopen(identity_file, "w");
   if (!f)
     {
-      printf("Could not save your public key in %s\n", file);
+      printf("Could not save your public key in %s\n", identity_file);
       exit(1);
     }
   fprintf(f, "%d ", BN_num_bits(public_key->n));
@@ -582,7 +586,7 @@ main(int ac, char **av)
   fclose(f);
 
   if (!quiet)
-    printf("Your public key has been saved in %s\n", file);
+    printf("Your public key has been saved in %s\n", identity_file);
   
   exit(0);
 }