diff options
| -rw-r--r-- | usr.bin/ssh/auth-krb4.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/auth-passwd.c | 19 | ||||
| -rw-r--r-- | usr.bin/ssh/auth-rhosts.c | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/auth-rsa.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/authfd.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/canohost.c | 19 | ||||
| -rw-r--r-- | usr.bin/ssh/channels.c | 46 | ||||
| -rw-r--r-- | usr.bin/ssh/config.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/login.c | 18 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-add.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-agent.c | 10 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 33 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 20 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 15 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 22 | ||||
| -rw-r--r-- | usr.bin/ssh/xmalloc.c | 8 |
16 files changed, 95 insertions, 149 deletions
diff --git a/usr.bin/ssh/auth-krb4.c b/usr.bin/ssh/auth-krb4.c index ba785786598..677a0f883d2 100644 --- a/usr.bin/ssh/auth-krb4.c +++ b/usr.bin/ssh/auth-krb4.c @@ -6,7 +6,7 @@ Kerberos v4 authentication and ticket-passing routines. - $Id: auth-krb4.c,v 1.2 1999/09/29 18:16:18 dugsong Exp $ + $Id: auth-krb4.c,v 1.3 1999/09/29 21:14:15 deraadt Exp $ */ #include "includes.h" @@ -130,7 +130,7 @@ int auth_kerberos_tgt(struct passwd *pw, const char *string) goto auth_kerberos_tgt_failure; } if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ - strcpy(creds.service, "krbtgt"); + strlcpy(creds.service, "krbtgt", sizeof creds.service); if (strcmp(creds.service, "krbtgt")) { log("Kerberos V4 tgt (%s%s%s@%s) rejected for uid %d", @@ -184,7 +184,7 @@ int auth_afs_token(char *server_user, uid_t uid, const char *string) return 0; } if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ - strcpy(creds.service, "afs"); + strlcpy(creds.service, "afs", sizeof creds.service); if (strncmp(creds.pname, "AFS ID ", 7) == 0) uid = atoi(creds.pname + 7); diff --git a/usr.bin/ssh/auth-passwd.c b/usr.bin/ssh/auth-passwd.c index 2b862b747e9..9d2e00fcbd0 100644 --- a/usr.bin/ssh/auth-passwd.c +++ b/usr.bin/ssh/auth-passwd.c @@ -15,7 +15,7 @@ the password is valid for the user. */ #include "includes.h" -RCSID("$Id: auth-passwd.c,v 1.2 1999/09/29 18:16:19 dugsong Exp $"); +RCSID("$Id: auth-passwd.c,v 1.3 1999/09/29 21:14:15 deraadt Exp $"); #ifdef HAVE_SCO_ETC_SHADOW # include <sys/security.h> @@ -110,8 +110,7 @@ int auth_password(const char *server_user, const char *password) chown(ticket, pw->pw_uid, pw->pw_gid); (void) gethostname(localhost, sizeof(localhost)); - (void) strncpy(phost, (char *)krb_get_phost(localhost), INST_SZ); - phost[INST_SZ-1] = 0; + (void) strlcpy(phost, (char *)krb_get_phost(localhost), INST_SZ); /* Now that we have a TGT, try to get a local "rcmd" ticket to ensure that we are not talking to a bogus Kerberos server. */ @@ -228,7 +227,7 @@ int auth_password(const char *server_user, const char *password) #endif /* HAVE_SECURID */ /* Save the encrypted password. */ - strncpy(correct_passwd, pw->pw_passwd, sizeof(correct_passwd)); + strlcpy(correct_passwd, pw->pw_passwd, sizeof(correct_passwd)); #ifdef HAVE_OSF1_C2_SECURITY osf1c2_getprpwent(correct_passwd, pw->pw_name, sizeof(correct_passwd)); @@ -241,7 +240,7 @@ int auth_password(const char *server_user, const char *password) struct pr_passwd *pr = getprpwnam(pw->pw_name); pr = getprpwnam(pw->pw_name); if (pr) - strncpy(correct_passwd, pr->ufld.fd_encrypt, sizeof(correct_passwd)); + strlcpy(correct_passwd, pr->ufld.fd_encrypt, sizeof(correct_passwd)); endprpwent(); } #else /* HAVE_SCO_ETC_SHADOW */ @@ -249,7 +248,7 @@ int auth_password(const char *server_user, const char *password) { struct spwd *sp = getspnam(pw->pw_name); if (sp) - strncpy(correct_passwd, sp->sp_pwdp, sizeof(correct_passwd)); + strlcpy(correct_passwd, sp->sp_pwdp, sizeof(correct_passwd)); endspent(); } #else /* HAVE_ETC_SHADOW */ @@ -257,7 +256,7 @@ int auth_password(const char *server_user, const char *password) { struct passwd_adjunct *sp = getpwanam(pw->pw_name); if (sp) - strncpy(correct_passwd, sp->pwa_passwd, sizeof(correct_passwd)); + strnlpy(correct_passwd, sp->pwa_passwd, sizeof(correct_passwd)); endpwaent(); } #else /* HAVE_ETC_SECURITY_PASSWD_ADJUNCT */ @@ -269,7 +268,8 @@ int auth_password(const char *server_user, const char *password) f = fopen("/etc/security/passwd", "r"); if (f) { - sprintf(looking_for_user, "%.190s:", server_user); + snprintf(looking_for_user, sizeof looking_for_user, "%.190s:", + server_user); while (fgets(line, sizeof(line), f)) { if (strchr(line, '\n')) @@ -286,9 +286,8 @@ int auth_password(const char *server_user, const char *password) ; if (strncmp(cp, "password = ", strlen("password = ")) == 0) { - strncpy(correct_passwd, cp + strlen("password = "), + strlcpy(correct_passwd, cp + strlen("password = "), sizeof(correct_passwd)); - correct_passwd[sizeof(correct_passwd) - 1] = 0; break; } } diff --git a/usr.bin/ssh/auth-rhosts.c b/usr.bin/ssh/auth-rhosts.c index 3ad2d5d8e45..9612e333e50 100644 --- a/usr.bin/ssh/auth-rhosts.c +++ b/usr.bin/ssh/auth-rhosts.c @@ -16,7 +16,7 @@ the login based on rhosts authentication. This file also processes */ #include "includes.h" -RCSID("$Id: auth-rhosts.c,v 1.2 1999/09/28 04:45:35 provos Exp $"); +RCSID("$Id: auth-rhosts.c,v 1.3 1999/09/29 21:14:15 deraadt Exp $"); #include "packet.h" #include "ssh.h" @@ -86,8 +86,7 @@ int check_rhosts_file(const char *filename, const char *hostname, continue; /* Empty line? */ case 1: /* Host name only. */ - strncpy(userbuf, server_user, sizeof(userbuf)); - userbuf[sizeof(userbuf) - 1] = 0; + strlcpy(userbuf, server_user, sizeof(userbuf)); break; case 2: /* Got both host and user name. */ @@ -207,7 +206,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user, rhosts_file_index++) { /* Check users .rhosts or .shosts. */ - sprintf(buf, "%.500s/%.100s", + snprintf(buf, sizeof buf, "%.500s/%.100s", pw->pw_dir, rhosts_files[rhosts_file_index]); if (stat(buf, &st) >= 0) break; @@ -286,7 +285,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user, rhosts_file_index++) { /* Check users .rhosts or .shosts. */ - sprintf(buf, "%.500s/%.100s", + snprintf(buf, sizeof buf, "%.500s/%.100s", pw->pw_dir, rhosts_files[rhosts_file_index]); if (stat(buf, &st) < 0) continue; /* No such file. */ diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c index a0cd3470816..5c58d4fb5a2 100644 --- a/usr.bin/ssh/auth-rsa.c +++ b/usr.bin/ssh/auth-rsa.c @@ -16,7 +16,7 @@ validity of the host key. */ #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.1 1999/09/28 04:45:35 provos Exp $"); +RCSID("$Id: auth-rsa.c,v 1.2 1999/09/29 21:14:15 deraadt Exp $"); #include "rsa.h" #include "packet.h" @@ -138,7 +138,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) BIGNUM *e, *n; /* Open the file containing the authorized keys. */ - sprintf(line, "%.500s/%.100s", pw->pw_dir, SSH_USER_PERMITTED_KEYS); + snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, + SSH_USER_PERMITTED_KEYS); /* Temporarily use the user's uid. */ temporarily_use_uid(pw->pw_uid); diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c index 77a2478191c..4bb3806a658 100644 --- a/usr.bin/ssh/authfd.c +++ b/usr.bin/ssh/authfd.c @@ -14,7 +14,7 @@ Functions for connecting the local authentication agent. */ #include "includes.h" -RCSID("$Id: authfd.c,v 1.2 1999/09/28 04:45:35 provos Exp $"); +RCSID("$Id: authfd.c,v 1.3 1999/09/29 21:14:15 deraadt Exp $"); #include "ssh.h" #include "rsa.h" @@ -47,7 +47,7 @@ ssh_get_authentication_fd() return -1; sunaddr.sun_family = AF_UNIX; - strncpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); + strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) diff --git a/usr.bin/ssh/canohost.c b/usr.bin/ssh/canohost.c index a30fbde7058..8bf35f01acc 100644 --- a/usr.bin/ssh/canohost.c +++ b/usr.bin/ssh/canohost.c @@ -14,7 +14,7 @@ Functions for returning the canonical host name of the remote site. */ #include "includes.h" -RCSID("$Id: canohost.c,v 1.1 1999/09/26 20:53:34 deraadt Exp $"); +RCSID("$Id: canohost.c,v 1.2 1999/09/29 21:14:16 deraadt Exp $"); #include "packet.h" #include "xmalloc.h" @@ -28,7 +28,7 @@ char *get_remote_hostname(int socket) struct sockaddr_in from; int fromlen, i; struct hostent *hp; - char name[512]; + char name[MAXHOSTNAMELEN]; /* Get IP address of client. */ fromlen = sizeof(from); @@ -36,7 +36,7 @@ char *get_remote_hostname(int socket) if (getpeername(socket, (struct sockaddr *)&from, &fromlen) < 0) { error("getpeername failed: %.100s", strerror(errno)); - strcpy(name, "UNKNOWN"); + strlcpy(name, "UNKNOWN", sizeof name); goto check_ip_options; } @@ -47,14 +47,13 @@ char *get_remote_hostname(int socket) { /* Got host name, find canonic host name. */ if (strchr(hp->h_name, '.') != 0) - strncpy(name, hp->h_name, sizeof(name)); + strlcpy(name, hp->h_name, sizeof(name)); else if (hp->h_aliases != 0 && hp->h_aliases[0] != 0 && strchr(hp->h_aliases[0], '.') != 0) - strncpy(name, hp->h_aliases[0], sizeof(name)); + strlcpy(name, hp->h_aliases[0], sizeof(name)); else - strncpy(name, hp->h_name, sizeof(name)); - name[sizeof(name) - 1] = '\0'; + strlcpy(name, hp->h_name, sizeof(name)); /* Convert it to all lowercase (which is expected by the rest of this software). */ @@ -72,7 +71,7 @@ char *get_remote_hostname(int socket) if (!hp) { log("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); - strcpy(name, inet_ntoa(from.sin_addr)); + strlcpy(name, inet_ntoa(from.sin_addr), sizeof name); goto check_ip_options; } /* Look for the address from the list of addresses. */ @@ -86,7 +85,7 @@ char *get_remote_hostname(int socket) /* Address not found for the host name. */ log("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", inet_ntoa(from.sin_addr), name); - strcpy(name, inet_ntoa(from.sin_addr)); + strlcpy(name, inet_ntoa(from.sin_addr), sizeof name); goto check_ip_options; } /* Address was found for the host name. We accept the host name. */ @@ -94,7 +93,7 @@ char *get_remote_hostname(int socket) else { /* Host name not found. Use ascii representation of the address. */ - strcpy(name, inet_ntoa(from.sin_addr)); + strlcpy(name, inet_ntoa(from.sin_addr), sizeof name); log("Could not reverse map address %.100s.", name); } diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 92316549d7f..e3c1ca782cd 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -16,11 +16,8 @@ arbitrary tcp/ip connections, and the authentication agent connection. */ #include "includes.h" -RCSID("$Id: channels.c,v 1.5 1999/09/29 18:16:19 dugsong Exp $"); +RCSID("$Id: channels.c,v 1.6 1999/09/29 21:14:16 deraadt Exp $"); -#ifndef HAVE_GETHOSTNAME -#include <sys/utsname.h> -#endif #include "ssh.h" #include "packet.h" #include "xmalloc.h" @@ -1061,11 +1058,7 @@ char *x11_create_display_inet(int screen_number) int display_number, port, sock; struct sockaddr_in sin; char buf[512]; -#ifdef HAVE_GETHOSTNAME - char hostname[257]; -#else - struct utsname uts; -#endif + char hostname[MAXHOSTNAMELEN]; for (display_number = options.x11_display_offset; display_number < MAX_DISPLAYS; display_number++) { @@ -1107,41 +1100,10 @@ char *x11_create_display_inet(int screen_number) } /* Set up a suitable value for the DISPLAY variable. */ -#ifdef HPSUX_NONSTANDARD_X11_KLUDGE - /* HPSUX has some special shared memory stuff in their X server, which - appears to be enable if the host name matches that of the local machine. - However, it can be circumvented by using the IP address of the local - machine instead. */ - if (gethostname(hostname, sizeof(hostname)) < 0) - fatal("gethostname: %.100s", strerror(errno)); - { - struct hostent *hp; - struct in_addr addr; - hp = gethostbyname(hostname); - if (!hp->h_addr_list[0]) - { - error("Could not server IP address for %.200d.", hostname); - packet_send_debug("Could not get server IP address for %.200d.", - hostname); - shutdown(sock, 2); - close(sock); - return NULL; - } - memcpy(&addr, hp->h_addr_list[0], sizeof(addr)); - sprintf(buf, "%.100s:%d.%d", inet_ntoa(addr), display_number, - screen_number); - } -#else /* HPSUX_NONSTANDARD_X11_KLUDGE */ -#ifdef HAVE_GETHOSTNAME if (gethostname(hostname, sizeof(hostname)) < 0) fatal("gethostname: %.100s", strerror(errno)); - sprintf(buf, "%.400s:%d.%d", hostname, display_number, screen_number); -#else /* HAVE_GETHOSTNAME */ - if (uname(&uts) < 0) - fatal("uname: %s", strerror(errno)); - sprintf(buf, "%.400s:%d.%d", uts.nodename, display_number, screen_number); -#endif /* HAVE_GETHOSTNAME */ -#endif /* HPSUX_NONSTANDARD_X11_KLUDGE */ + snprintf(buf, sizeof buf, "%.400s:%d.%d", hostname, + display_number, screen_number); /* Allocate a channel for the socket. */ (void)channel_allocate(SSH_CHANNEL_X11_LISTENER, sock, diff --git a/usr.bin/ssh/config.h b/usr.bin/ssh/config.h index 3c846117070..d99dfcc7545 100644 --- a/usr.bin/ssh/config.h +++ b/usr.bin/ssh/config.h @@ -250,9 +250,6 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } /* Define if you have the getdtablesize function. */ #define HAVE_GETDTABLESIZE 1 -/* Define if you have the gethostname function. */ -#define HAVE_GETHOSTNAME 1 - /* Define if you have the getrusage function. */ #define HAVE_GETRUSAGE 1 diff --git a/usr.bin/ssh/login.c b/usr.bin/ssh/login.c index 5fe7cfccba2..f1e2883f32e 100644 --- a/usr.bin/ssh/login.c +++ b/usr.bin/ssh/login.c @@ -18,7 +18,7 @@ on a tty. */ #include "includes.h" -RCSID("$Id: login.c,v 1.2 1999/09/29 18:16:19 dugsong Exp $"); +RCSID("$Id: login.c,v 1.3 1999/09/29 21:14:16 deraadt Exp $"); #ifdef HAVE_LIBUTIL_LOGIN #include <util.h> @@ -51,16 +51,19 @@ unsigned long get_last_login_time(uid_t uid, const char *name, int fd; #ifdef _PATH_LASTLOG - sprintf(lastlogfile, "%.200s/%.200s", _PATH_LASTLOG, name); + snprintf(lastlogfile, sizeof lastlogfile, "%.200s/%.200s", + _PATH_LASTLOG, name); #else #ifdef LASTLOG_FILE - sprintf(lastlogfile, "%.200s/%.200s", LASTLOG_FILE, name); + snprintf(lastlogfile, sizeof lastlogfile, "%.200s/%.200s", + LASTLOG_FILE, name); #else - sprintf(lastlogfile, "%.200s/%.200s", SSH_LASTLOG, name); + snprintf(lastlogfile, sizeof lastlogfile, "%.200s/%.200s", + SSH_LASTLOG, name); #endif #endif - strcpy(buf, ""); + buf[0] = '\0'; fd = open(lastlogfile, O_RDONLY); if (fd < 0) @@ -108,7 +111,7 @@ unsigned long get_last_login_time(uid_t uid, const char *logname, #endif #endif - strcpy(buf, ""); + buf[0] = '\0'; fd = open(lastlog, O_RDONLY); if (fd < 0) @@ -337,7 +340,8 @@ void record_login(int pid, const char *ttyname, const char *user, uid_t uid, strncpy(ll.ll_line, ttyname + 5, sizeof(ll.ll_line)); strncpy(ll.ll_host, host, sizeof(ll.ll_host)); #ifdef LASTLOG_IS_DIR - sprintf(lastlogfile, "%.100s/%.100s", lastlog, user); + snprintf(lastlogfile, sizeof lastlogfile, "%.100s/%.100s", + lastlog, user); fd = open(lastlogfile, O_WRONLY | O_CREAT, 0644); if (fd >= 0) { diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index f5cd92ba159..65bf4fbb2cc 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -14,7 +14,7 @@ Adds an identity to the authentication server, or removes an identity. */ #include "includes.h" -RCSID("$Id: ssh-add.c,v 1.3 1999/09/29 06:15:00 deraadt Exp $"); +RCSID("$Id: ssh-add.c,v 1.4 1999/09/29 21:14:16 deraadt Exp $"); #include "rsa.h" #include "ssh.h" @@ -110,7 +110,8 @@ add_file(const char *filename) /* Ask for a passphrase. */ if (getenv("DISPLAY") && !isatty(fileno(stdin))) { - sprintf(buf, "ssh-askpass '%sEnter passphrase for %.100s'", + snprintf(buf, sizeof buf, + "ssh-askpass '%sEnter passphrase for %.100s'", first ? "" : "You entered wrong passphrase. ", saved_comment); f = popen(buf, "r"); @@ -259,7 +260,7 @@ main(int ac, char **av) fprintf(stderr, "No user found with uid %d\n", (int)getuid()); exit(1); } - sprintf(buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY); + snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY); if (deleting) delete_file(buf); else diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 28713f2ba70..3c949eeb127 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -14,7 +14,7 @@ The authentication agent program. */ #include "includes.h" -RCSID("$Id: ssh-agent.c,v 1.3 1999/09/29 06:15:00 deraadt Exp $"); +RCSID("$Id: ssh-agent.c,v 1.4 1999/09/29 21:14:16 deraadt Exp $"); #include "ssh.h" #include "rsa.h" @@ -563,13 +563,13 @@ main(int ac, char **av) parent_pid = getpid(); - sprintf(socket_name, SSH_AGENT_SOCKET, parent_pid); + snprintf(socket_name, sizeof socket_name, SSH_AGENT_SOCKET, parent_pid); /* Fork, and have the parent execute the command. The child continues as the authentication agent. */ if (fork() != 0) { /* Parent - execute the given command. */ - sprintf(buf, "SSH_AUTHENTICATION_SOCKET=%s", socket_name); + snprintf(buf, sizeof buf, "SSH_AUTHENTICATION_SOCKET=%s", socket_name); putenv(buf); execvp(av[1], av + 1); perror(av[1]); @@ -584,7 +584,7 @@ main(int ac, char **av) } memset(&sunaddr, 0, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; - strncpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path)); + strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path)); if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0) { perror("bind"); @@ -643,7 +643,7 @@ main(int ac, char **av) if (fork() != 0) { /* Parent - execute the given command. */ close(sockets[0]); - sprintf(buf, "SSH_AUTHENTICATION_FD=%d", sockets[1]); + snprintf(buf, sizeof buf, "SSH_AUTHENTICATION_FD=%d", sockets[1]); putenv(buf); execvp(av[1], av + 1); perror(av[1]); diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 7bae7da4e68..995e7ffe168 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -14,11 +14,8 @@ Identity and host key generation and maintenance. */ #include "includes.h" -RCSID("$Id: ssh-keygen.c,v 1.4 1999/09/29 06:15:00 deraadt Exp $"); +RCSID("$Id: ssh-keygen.c,v 1.5 1999/09/29 21:14:16 deraadt Exp $"); -#ifndef HAVE_GETHOSTNAME -#include <sys/utsname.h> -#endif #include "rsa.h" #include "ssh.h" #include "xmalloc.h" @@ -78,7 +75,7 @@ do_change_passphrase(struct passwd *pw) if (strchr(buf, '\n')) *strchr(buf, '\n') = 0; if (strcmp(buf, "") == 0) - sprintf(buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY); + snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY); } /* Check if the file exists. */ @@ -197,7 +194,7 @@ do_change_comment(struct passwd *pw) if (strchr(buf, '\n')) *strchr(buf, '\n') = 0; if (strcmp(buf, "") == 0) - sprintf(buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY); + snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY); } /* Check if the file exists. */ @@ -314,11 +311,7 @@ main(int ac, char **av) int opt; struct stat st; FILE *f; -#ifdef HAVE_GETHOSTNAME - char hostname[257]; -#else - struct utsname uts; -#endif + char hostname[MAXHOSTNAMELEN]; extern int optind; extern char *optarg; @@ -341,7 +334,7 @@ main(int ac, char **av) } /* Create ~/.ssh directory if it doesn\'t already exist. */ - sprintf(buf, "%s/%s", pw->pw_dir, SSH_USER_DIR); + snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_USER_DIR); if (stat(buf, &st) < 0) if (mkdir(buf, 0755) < 0) error("Could not create directory '%s'.", buf); @@ -448,7 +441,7 @@ main(int ac, char **av) if (strchr(buf, '\n')) *strchr(buf, '\n') = 0; if (strcmp(buf, "") == 0) - sprintf(buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY); + snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY); } /* If the file aready exists, ask the user to confirm. */ @@ -494,26 +487,16 @@ main(int ac, char **av) edit this field. */ if (identity_comment) { - strncpy(buf2, identity_comment, sizeof(buf2)); - buf2[sizeof(buf2) - 1] = '\0'; + strlcpy(buf2, identity_comment, sizeof(buf2)); } else { -#ifdef HAVE_GETHOSTNAME if (gethostname(hostname, sizeof(hostname)) < 0) { perror("gethostname"); exit(1); } - sprintf(buf2, "%s@%s", pw->pw_name, hostname); -#else - if (uname(&uts) < 0) - { - perror("uname"); - exit(1); - } - sprintf(buf2, "%s@%s", pw->pw_name, uts.nodename); -#endif + snprintf(buf2, sizeof buf2, "%s@%s", pw->pw_name, hostname); } /* Save the key with the given passphrase and comment. */ diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 1dd225aa0a4..bb7802886cd 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada. */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.10 1999/09/29 18:27:23 dugsong Exp $"); +RCSID("$Id: ssh.c,v 1.11 1999/09/29 21:14:16 deraadt Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -171,6 +171,8 @@ rsh_connect(char *host, char *user, Buffer *command) /* Main program for the ssh client. */ +uid_t original_real_uid; + int main(int ac, char **av) { @@ -396,12 +398,6 @@ main(int ac, char **av) usage(); /*NOTREACHED*/ } - if (fwd_port < 1024 && original_real_uid != 0) - { - fprintf(stderr, - "Privileged ports can only be forwarded by root.\n"); - exit(1); - } add_local_forward(&options, fwd_port, buf, fwd_host_port); break; @@ -497,7 +493,7 @@ main(int ac, char **av) log_init(av[0], 1, debug_flag, quiet_flag, SYSLOG_FACILITY_USER); /* Read per-user configuration file. */ - sprintf(buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_CONFFILE); + snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_CONFFILE); read_config_file(buf, host, &options); /* Read systemwide configuration file. */ @@ -578,7 +574,7 @@ main(int ac, char **av) /* Now that we are back to our own permissions, create ~/.ssh directory if it doesn\'t already exist. */ - sprintf(buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR); + snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR); if (stat(buf, &st) < 0) if (mkdir(buf, 0755) < 0) error("Could not create directory '%.200s'.", buf); @@ -710,7 +706,7 @@ main(int ac, char **av) #ifdef XAUTH_PATH /* Try to get Xauthority information for the display. */ - sprintf(line, "%.100s list %.200s 2>/dev/null", + snprintf(line, sizeof line, "%.100s list %.200s 2>/dev/null", XAUTH_PATH, getenv("DISPLAY")); f = popen(line, "r"); if (f && fgets(line, sizeof(line), f) && @@ -728,11 +724,11 @@ main(int ac, char **av) { u_int32_t rand = 0; - strcpy(proto, "MIT-MAGIC-COOKIE-1"); + strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto); for (i = 0; i < 16; i++) { if (i % 4 == 0) rand = arc4random(); - sprintf(data + 2 * i, "%02x", rand & 0xff); + snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", rand & 0xff); rand >>= 8; } } diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index d40ca7a4d5c..e1ee8b2455a 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -15,7 +15,7 @@ login (authentication) dialog. */ #include "includes.h" -RCSID("$Id: sshconnect.c,v 1.5 1999/09/29 18:16:21 dugsong Exp $"); +RCSID("$Id: sshconnect.c,v 1.6 1999/09/29 21:14:16 deraadt Exp $"); #include <ssl/bn.h> #include "xmalloc.h" @@ -45,7 +45,7 @@ ssh_proxy_connect(const char *host, int port, uid_t original_real_uid, char portstring[100]; /* Convert the port number into a string. */ - sprintf(portstring, "%d", port); + snprintf(portstring, sizeof portstring, "%d", port); /* Build the final command string in the buffer by making the appropriate substitutions to the given proxy command. */ @@ -545,7 +545,8 @@ try_rsa_authentication(struct passwd *pw, const char *authfile, this work even if stdin has been redirected. If running in batch mode, we just use the empty passphrase, which will fail and return. */ - sprintf(buf, "Enter passphrase for RSA key '%.100s': ", comment); + snprintf(buf, sizeof buf, + "Enter passphrase for RSA key '%.100s': ", comment); if (may_ask_passphrase) passphrase = read_passphrase(buf, 0); else @@ -857,9 +858,9 @@ void send_afs_tokens(void) server_cell = p; /* Flesh out our credentials. */ - strcpy(creds.service, "afs"); + strlcpy(creds.service, "afs", sizeof creds.service); creds.instance[0] = '\0'; - strncpy(creds.realm, server_cell, REALM_SZ); + strlcpy(creds.realm, server_cell, REALM_SZ); memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ); creds.issue_date = ct.BeginTimestamp; creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp); @@ -934,7 +935,7 @@ void ssh_exchange_identification() fatal("Remote machine has too old SSH software version."); /* Send our own protocol version identification. */ - sprintf(buf, "SSH-%d.%d-%.100s\n", + snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION); if (write(connection_out, buf, strlen(buf)) != strlen(buf)) fatal("write: %.100s", strerror(errno)); @@ -965,7 +966,7 @@ int read_yes_or_no(const char *prompt, int defval) { /* Print a newline (the prompt probably didn\'t have one). */ fprintf(stderr, "\n"); - strcpy(buf, "no"); + strlcpy(buf, "no", sizeof buf); } /* Remove newline from response. */ if (strchr(buf, '\n')) diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 3d0d4a49e2f..c06feeaf6c6 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -18,7 +18,7 @@ agent connections. */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.5 1999/09/29 18:16:21 dugsong Exp $"); +RCSID("$Id: sshd.c,v 1.6 1999/09/29 21:14:16 deraadt Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -685,7 +685,7 @@ main(int ac, char **av) alarm(options.login_grace_time); /* Send our protocol version identification. */ - sprintf(buf, "SSH-%d.%d-%.100s\n", + snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION); if (write(sock_out, buf, strlen(buf)) != strlen(buf)) fatal("Could not write ident string."); @@ -1477,7 +1477,8 @@ void do_authenticated(struct passwd *pw) /* Setup to always have a local .Xauthority. */ xauthfile = xmalloc(MAXPATHLEN); - sprintf(xauthfile, "/tmp/Xauth%d_%d", pw->pw_uid, getpid()); + snprintf(xauthfile, MAXPATHLEN, "/tmp/Xauth%d_%d", + pw->pw_uid, getpid()); break; #else /* XAUTH_PATH */ @@ -1782,7 +1783,7 @@ void do_exec_pty(const char *command, int ptyfd, int ttyfd, &from); /* Check if .hushlogin exists. */ - sprintf(line, "%.200s/.hushlogin", pw->pw_dir); + snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir); quiet_login = stat(line, &st) >= 0; /* If the user has logged in before, display the time of last login. @@ -1898,7 +1899,7 @@ void child_set_env(char ***envp, unsigned int *envsizep, const char *name, /* Allocate space and format the variable in the appropriate slot. */ env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1); - sprintf(env[i], "%s=%s", name, value); + snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value); } /* Reads environment variables from the given file and adds/overrides them @@ -2155,11 +2156,12 @@ void do_child(const char *command, struct passwd *pw, const char *term, child_set_env(&env, &envsize, "TZ", getenv("TZ")); #ifdef MAIL_SPOOL_DIRECTORY - sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, pw->pw_name); + snprintf(buf, sizeof buf, "%.200s/%.50s", + MAIL_SPOOL_DIRECTORY, pw->pw_name); child_set_env(&env, &envsize, "MAIL", buf); #else /* MAIL_SPOOL_DIRECTORY */ #ifdef HAVE_TILDE_NEWMAIL - sprintf(buf, "%.200s/newmail", pw->pw_dir); + snprintf(buf, sizeof buf, "%.200s/newmail", pw->pw_dir); child_set_env(&env, &envsize, "MAIL", buf); #endif /* HAVE_TILDE_NEWMAIL */ #endif /* MAIL_SPOOL_DIRECTORY */ @@ -2191,7 +2193,7 @@ void do_child(const char *command, struct passwd *pw, const char *term, } /* Set SSH_CLIENT. */ - sprintf(buf, "%.50s %d %d", + snprintf(buf, sizeof buf, "%.50s %d %d", get_remote_ipaddr(), get_remote_port(), options.port); child_set_env(&env, &envsize, "SSH_CLIENT", buf); @@ -2226,7 +2228,7 @@ void do_child(const char *command, struct passwd *pw, const char *term, else if (auth_get_fd() >= 0) { - sprintf(buf, "%d", auth_get_fd()); + snprintf(buf, sizeof buf, "%d", auth_get_fd()); child_set_env(&env, &envsize, SSH_AUTHFD_ENV_NAME, buf); } @@ -2235,7 +2237,7 @@ void do_child(const char *command, struct passwd *pw, const char *term, read_environment_file(&env, &envsize, "/etc/environment"); /* Read $HOME/.ssh/environment. */ - sprintf(buf, "%.200s/.ssh/environment", pw->pw_dir); + snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); read_environment_file(&env, &envsize, buf); /* If debugging, dump the environment to stderr. */ diff --git a/usr.bin/ssh/xmalloc.c b/usr.bin/ssh/xmalloc.c index b50959a9d27..0203843c6ee 100644 --- a/usr.bin/ssh/xmalloc.c +++ b/usr.bin/ssh/xmalloc.c @@ -15,7 +15,7 @@ failure (they call fatal if they encounter an error). */ #include "includes.h" -RCSID("$Id: xmalloc.c,v 1.1 1999/09/26 20:53:38 deraadt Exp $"); +RCSID("$Id: xmalloc.c,v 1.2 1999/09/29 21:14:16 deraadt Exp $"); #include "ssh.h" @@ -54,7 +54,9 @@ void xfree(void *ptr) char *xstrdup(const char *str) { - char *cp = xmalloc(strlen(str) + 1); - strcpy(cp, str); + int len = strlen(str) + 1; + + char *cp = xmalloc(len); + strlcpy(cp, str, len); return cp; } |