On Wed, 30 Dec 2020 15:34:34 +1100, Ross L Richardson wrote:
> auth_mkvalue(3) may return NULL (if no memory is available), but
> login_passwd.c and friends use the return value without checking.
Yes, that should be checked. In the case of login_passwd.c there
is really no reason to use auth_mkvalue(3) at all as there is nothing
that needs to be escaped. I think the simplest approach is to send
a reject message if there is a memory allocation error.
- todd
Index: login_passwd/login_passwd.c
===
RCS file: /cvs/src/libexec/login_passwd/login_passwd.c,v
retrieving revision 1.18
diff -u -p -u -r1.18 login_passwd.c
--- login_passwd/login_passwd.c 15 May 2020 17:25:39 - 1.18
+++ login_passwd/login_passwd.c 30 Dec 2020 16:05:30 -
@@ -121,7 +121,7 @@ main(int argc, char *argv[])
}
if (wheel != NULL && strcmp(wheel, "yes") != 0) {
fprintf(back, BI_VALUE " errormsg %s\n",
- auth_mkvalue("you are not in group wheel"));
+ "you are not in group wheel");
fprintf(back, BI_REJECT "\n");
exit(1);
}
Index: login_radius/login_radius.c
===
RCS file: /cvs/src/libexec/login_radius/login_radius.c,v
retrieving revision 1.9
diff -u -p -u -r1.9 login_radius.c
--- login_radius/login_radius.c 27 Apr 2017 20:55:52 - 1.9
+++ login_radius/login_radius.c 30 Dec 2020 16:01:26 -
@@ -183,19 +183,29 @@ main(int argc, char **argv)
strcmp(service, "login") ? challenge : NULL, password, );
if (c == 0) {
- if (*challenge == '\0')
+ if (*challenge == '\0') {
(void)fprintf(back, BI_AUTH "\n");
- else {
- (void)fprintf(back, BI_VALUE " challenge %s\n",
- auth_mkvalue(challenge));
- (void)fprintf(back, BI_CHALLENGE "\n");
+ exit(0);
+ } else {
+ char *val = auth_mkvalue(challenge);
+ if (val != NULL) {
+ (void)fprintf(back, BI_VALUE " challenge %s\n",
+ val);
+ (void)fprintf(back, BI_CHALLENGE "\n");
+ exit(0);
+ }
+ emsg = "unable to allocate memory";
+ }
+ }
+ if (emsg != NULL) {
+ if (strcmp(service, "login") == 0) {
+ (void)fprintf(stderr, "%s\n", emsg);
+ } else {
+ emsg = auth_mkvalue(emsg);
+ (void)fprintf(back, BI_VALUE " errormsg %s\n",
+ emsg ? emsg : "unable to allocate memory");
}
- exit(0);
}
- if (emsg && strcmp(service, "login") == 0)
- (void)fprintf(stderr, "%s\n", emsg);
- else if (emsg)
- (void)fprintf(back, "value errormsg %s\n", auth_mkvalue(emsg));
if (strcmp(service, "challenge") == 0) {
(void)fprintf(back, BI_SILENT "\n");
exit(0);
Index: login_skey/login_skey.c
===
RCS file: /cvs/src/libexec/login_skey/login_skey.c,v
retrieving revision 1.28
diff -u -p -u -r1.28 login_skey.c
--- login_skey/login_skey.c 28 Jun 2019 13:32:53 - 1.28
+++ login_skey/login_skey.c 30 Dec 2020 16:04:16 -
@@ -157,8 +157,14 @@ main(int argc, char *argv[])
case MODE_CHALLENGE:
haskey = (skeychallenge2(fd, , user, challenge) == 0);
strlcat(challenge, "\nS/Key Password:", sizeof(challenge));
- fprintf(back, BI_VALUE " challenge %s\n",
- auth_mkvalue(challenge));
+ cp = auth_mkvalue(challenge);
+ if (cp == NULL) {
+ (void)fprintf(back, BI_VALUE " errormsg %s\n",
+ "unable to allocate memory");
+ (void)fprintf(back, BI_REJECT "\n");
+ exit(1);
+ }
+ fprintf(back, BI_VALUE " challenge %s\n", cp);
fprintf(back, BI_CHALLENGE "\n");
if (haskey) {
fprintf(back, BI_FDPASS "\n");
Index: login_token/login_token.c
===
RCS file: /cvs/src/libexec/login_token/login_token.c,v
retrieving revision 1.16
diff -u -p -u -r1.16 login_token.c
--- login_token/login_token.c 28 Jun 2019 13:32:53 - 1.16
+++ login_token/login_token.c 30 Dec 2020 16:04:31 -
@@ -152,8 +152,14 @@ main(int argc, char *argv[])
tt->proper);
(void)sigprocmask(SIG_UNBLOCK, , NULL);
if (mode == 1) {
-