Control: tags -1 + patch
Hello!
I make a trivial "make it compile" patch for pidentd so that it builds
against openssl 1.1.0 (from experimental). Please see attachment.
Please note that this has only been compile-tested. No run-time testing.
No security guarantees included. Review carefully.
While at it I also couldn't resist adding some missing includes which
kills of a few undeclared warnings. None of the added includes are
really openssl related.
There are a bunch of compiler warnings still and this one in particular
looks extra nasty:
[...]
gcc -g -O2 -fdebug-prefix-map=/data/pidentd-3.0.19.ds1=.
-fstack-protector-strong -Wformat -Werror=format-security -DHAVE_CONFIG_H
-Wdate-time -D_FORTIFY_SOURCE=2 -I/usr/include/openssl
-DPATH_SYSCONFDIR=\"/etc\" -I. -I./src -c -o idecrypt.o idecrypt.c
In file included from /usr/include/string.h:635:0,
from idecrypt.c:17:
In function 'memcpy',
inlined from 'decrypt_packet' at idecrypt.c:164:5:
/usr/include/x86_64-linux-gnu/bits/string3.h:53:10: warning: call to
__builtin___memcpy_chk will always overflow destination buffer
return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'memcpy',
inlined from 'decrypt_packet' at idecrypt.c:165:5:
/usr/include/x86_64-linux-gnu/bits/string3.h:53:10: warning: call to
__builtin___memcpy_chk will always overflow destination buffer
return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[...]
Copying a 'struct sockaddr_gen' (which is a union of struct sockaddr,
sockaddr_in and sockaddr_in6) into a buffer of size uint32_t using the
sources size as the chunk size to copy..... :/
This should probably be fixed in pdes.h to use the same struct instead
of hard-coding uint32_t, but I guess all users of that should then also
be reviewed.
Regards,
Andreas Henriksson
diff -urip pidentd-3.0.19.ds1/src/idecrypt.c pidentd-3.0.19.ds1+openssl110/src/idecrypt.c
--- pidentd-3.0.19.ds1/src/idecrypt.c 2001-04-23 20:40:15.000000000 +0000
+++ pidentd-3.0.19.ds1+openssl110/src/idecrypt.c 2016-11-01 09:59:59.561479722 +0000
@@ -15,6 +15,7 @@
#include "config.h"
#include <string.h>
+#include <stdlib.h>
#ifdef HAVE_LIBDES
@@ -119,7 +120,7 @@ decrypt_packet(unsigned char *packet)
{
keybuf[sizeof(keybuf)-1] = '\0';
des_string_to_key(keybuf, &key_bin);
- des_set_key(&key_bin, sched);
+ DES_set_key(&key_bin, &sched);
for (i = 0, j = 0; i < 24; i += 3, j += 4)
@@ -131,19 +132,19 @@ decrypt_packet(unsigned char *packet)
des_ecb_encrypt((des_cblock *)&(r.longs[4]),
(des_cblock *)&(r.longs[4]),
- sched, DES_DECRYPT);
+ &sched, DES_DECRYPT);
r.longs[4] ^= r.longs[2];
r.longs[5] ^= r.longs[3];
des_ecb_encrypt((des_cblock *)&(r.longs[2]),
(des_cblock *)&(r.longs[2]),
- sched, DES_DECRYPT);
+ &sched, DES_DECRYPT);
r.longs[2] ^= r.longs[0];
r.longs[3] ^= r.longs[1];
des_ecb_encrypt((des_cblock *)&(r.longs[0]),
(des_cblock *)&(r.longs[0]),
- sched, DES_DECRYPT);
+ &sched, DES_DECRYPT);
for (i = 1; i < 6; i++)
{
diff -urip pidentd-3.0.19.ds1/src/k_linux.c pidentd-3.0.19.ds1+openssl110/src/k_linux.c
--- pidentd-3.0.19.ds1/src/k_linux.c 2016-11-01 10:07:36.000000000 +0000
+++ pidentd-3.0.19.ds1+openssl110/src/k_linux.c 2016-11-01 09:50:49.881486632 +0000
@@ -18,6 +18,7 @@
#include <syslog.h>
#include <errno.h>
#include <unistd.h>
+#include <string.h>
#include <sys/types.h>
#include <sys/param.h>
diff -urip pidentd-3.0.19.ds1/src/main.c pidentd-3.0.19.ds1+openssl110/src/main.c
--- pidentd-3.0.19.ds1/src/main.c 2016-11-01 10:07:36.000000000 +0000
+++ pidentd-3.0.19.ds1+openssl110/src/main.c 2016-11-01 09:58:18.769480989 +0000
@@ -23,6 +23,8 @@
#endif
#include <signal.h>
+#include <grp.h>
+
#include "pidentd.h"
#if defined(HAVE_LIBTHREAD) && defined(HAVE_THR_SETCONCURRENCY)
diff -urip pidentd-3.0.19.ds1/src/pdes.c pidentd-3.0.19.ds1+openssl110/src/pdes.c
--- pidentd-3.0.19.ds1/src/pdes.c 2000-05-21 19:07:05.000000000 +0000
+++ pidentd-3.0.19.ds1+openssl110/src/pdes.c 2016-11-01 09:54:51.865483590 +0000
@@ -101,7 +101,7 @@ pdes_init(char *keyfile)
keybuf[sizeof(keybuf)-1] = '\0';
des_string_to_key(keybuf, &key_bin);
- des_set_key(&key_bin, sched);
+ DES_set_key(&key_bin, &sched);
return 0;
}
@@ -137,19 +137,19 @@ pdes_encrypt(struct kernel *kp,
r.longs[0] ^= r.longs[i];
des_ecb_encrypt((des_cblock *)&(r.longs[0]), (des_cblock *)&(r.longs[0]),
- sched, DES_ENCRYPT);
+ &sched, DES_ENCRYPT);
r.longs[2] ^= r.longs[0];
r.longs[3] ^= r.longs[1];
des_ecb_encrypt((des_cblock *)&(r.longs[2]), (des_cblock *)&(r.longs[2]),
- sched, DES_ENCRYPT);
+ &sched, DES_ENCRYPT);
r.longs[4] ^= r.longs[2];
r.longs[5] ^= r.longs[3];
des_ecb_encrypt((des_cblock *)&(r.longs[4]), (des_cblock *)&(r.longs[4]),
- sched, DES_ENCRYPT);
+ &sched, DES_ENCRYPT);
for (i = 0, j = 0; i < 24; i+=3, j+=4)
{
