Module Name: src Committed By: christos Date: Fri Jul 1 15:09:28 UTC 2011
Modified Files: src/lib/libtelnet: sra.c Log Message: - use defines for lengths - strlcpy/snprintf - KNK To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/lib/libtelnet/sra.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/lib/libtelnet/sra.c diff -u src/lib/libtelnet/sra.c:1.9 src/lib/libtelnet/sra.c:1.10 --- src/lib/libtelnet/sra.c:1.9 Thu Jun 30 21:15:27 2011 +++ src/lib/libtelnet/sra.c Fri Jul 1 11:09:28 2011 @@ -32,7 +32,7 @@ #ifdef notdef __FBSDID("$FreeBSD: src/contrib/telnet/libtelnet/sra.c,v 1.16 2002/05/06 09:48:02 markm Exp $"); #else -__RCSID("$NetBSD: sra.c,v 1.9 2011/07/01 01:15:27 joerg Exp $"); +__RCSID("$NetBSD: sra.c,v 1.10 2011/07/01 15:09:28 christos Exp $"); #endif #ifdef SRA @@ -65,7 +65,7 @@ IdeaData ik; extern int auth_debug_mode; -extern char *line; /* see sys_term.c */ +extern char *line; /* see sys_term.c */ static int sra_valid = 0; static int passwd_sent = 0; @@ -73,6 +73,8 @@ static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, AUTHTYPE_SRA, }; +#define SMALL_LEN 256 +#define XSMALL_LEN 513 #define SRA_KEY 0 #define SRA_USER 1 #define SRA_CONTINUE 2 @@ -87,16 +89,15 @@ Data(Authenticator *ap, int type, void *d, int c) { unsigned char *p = str_data + 4; - unsigned char *cd = (unsigned char *)d; + unsigned char *cd = d; if (c == -1) - c = strlen((char *)cd); + c = strlen(d); if (auth_debug_mode) { printf("%s:%d: [%d] (%d)", - str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", - str_data[3], - type, c); + str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", + str_data[3], type, c); printd(d, c); printf("\r\n"); } @@ -111,7 +112,7 @@ *p++ = SE; if (str_data[3] == TELQUAL_IS) printsub('>', &str_data[2], p - (&str_data[2])); - return(telnet_net_write(str_data, p - str_data)); + return telnet_net_write(str_data, p - str_data); } int @@ -122,21 +123,21 @@ else str_data[3] = TELQUAL_IS; - user = (char *)malloc(256); - xuser = (char *)malloc(513); - pass = (char *)malloc(256); - xpass = (char *)malloc(513); - passprompt = (char *)malloc(256); - xpassprompt = (char *)malloc(513); + user = malloc(SMALL_LEN); + xuser = malloc(XSMALL_LEN); + pass = malloc(SMALL_LEN); + xpass = malloc(XSMALL_LEN); + passprompt = malloc(SMALL_LEN); + xpassprompt = malloc(XSMALL_LEN); if (user == NULL || xuser == NULL || pass == NULL || xpass == - NULL || passprompt == NULL || xpassprompt == NULL) + NULL || passprompt == NULL || xpassprompt == NULL) return 0; /* malloc failed */ passwd_sent = 0; - genkeys(pka,ska); - return(1); + genkeys(pka, ska); + return 1; } /* client received a go-ahead for sra */ @@ -151,10 +152,10 @@ if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) { if (auth_debug_mode) printf("Not enough room for authentication data\r\n"); - return(0); + return 0; } - return(1); + return 1; } /* server received an IS -- could be SRA KEY, USER, or PASS */ @@ -184,40 +185,40 @@ printf("Not enough room\r\n"); return; } - memcpy(pkb,data,HEXKEYBYTES); + memcpy(pkb, data, HEXKEYBYTES); pkb[HEXKEYBYTES] = '\0'; - common_key(ska,pkb,&ik,&ck); + common_key(ska, pkb, &ik, &ck); return; case SRA_USER: /* decode KAB(u) */ - if (cnt > 512) /* Attempted buffer overflow */ + if (cnt > XSMALL_LEN - 1) /* Attempted buffer overflow */ break; - memcpy(xuser,data,cnt); + memcpy(xuser, data, cnt); xuser[cnt] = '\0'; - pk_decode(xuser,user,&ck); + pk_decode(xuser, user, &ck); auth_encrypt_user(user); #ifndef NOPAM (void)check_user(user, "*"); #endif - pk_encode(passprompt,xpassprompt,&ck); - Data(ap, SRA_CONTINUE, (void *)xpassprompt, 512); + pk_encode(passprompt, xpassprompt, &ck); + Data(ap, SRA_CONTINUE, xpassprompt, XSMALL_LEN - 1); return; case SRA_PASS: - if (cnt > 512) /* Attempted buffer overflow */ + if (cnt > XSMALL_LEN - 1) /* Attempted buffer overflow */ break; /* decode KAB(P) */ - memcpy(xpass,data,cnt); + memcpy(xpass, data, cnt); xpass[cnt] = '\0'; - pk_decode(xpass,pass,&ck); + pk_decode(xpass, pass, &ck); /* check user's password */ - valid = check_user(user,pass); + valid = check_user(user, pass); if(valid) { - /* PAM (via check_user()) may have changed 'user' */ + /* PAM (via check_user()) may have changed 'user' */ auth_encrypt_user(user); Data(ap, SRA_ACCEPT, (void *)0, 0); skey.data = ck; @@ -232,13 +233,9 @@ } } else { - pk_encode(passprompt,xpassprompt,&ck); - Data(ap, SRA_CONTINUE, (void *)xpassprompt, 512); -/* - Data(ap, SRA_REJECT, (void *)0, 0); - sra_valid = 0; - auth_finished(ap, AUTH_REJECT); -*/ + pk_encode(passprompt, xpassprompt, &ck); + Data(ap, SRA_CONTINUE, (void *)xpassprompt, + XSMALL_LEN - 1); if (auth_debug_mode) { printf("SRA user failed\r\n"); } @@ -259,7 +256,7 @@ void sra_reply(Authenticator *ap, unsigned char *data, int cnt) { - char uprompt[256],tuser[256]; + char uprompt[SMALL_LEN], tuser[SMALL_LEN]; Session_Key skey; size_t i; @@ -275,33 +272,34 @@ } return; } - memcpy(pkb,data,HEXKEYBYTES); - pkb[HEXKEYBYTES] = '\0'; + memcpy(pkb, data, HEXKEYBYTES); + pkb[HEXKEYBYTES] = '\0'; - common_key(ska,pkb,&ik,&ck); + common_key(ska, pkb, &ik, &ck); enc_user: /* encode user */ - memset(tuser,0,sizeof(tuser)); - sprintf(uprompt,"User (%s): ",UserNameRequested); - if (telnet_gets(uprompt,tuser,255,1) == NULL) { + memset(tuser, 0, sizeof(tuser)); + snprintf(uprompt, sizeof(uprompt), "User (%s): ", + UserNameRequested); + if (telnet_gets(uprompt, tuser, SMALL_LEN - 1, 1) == NULL) { printf("\n"); exit(1); } if (tuser[0] == '\n' || tuser[0] == '\r' ) - strcpy(user,UserNameRequested); + strlcpy(user, UserNameRequested, SMALL_LEN); else { /* telnet_gets leaves the newline on */ - for(i=0;i<sizeof(tuser);i++) { + for(i = 0; i < sizeof(tuser); i++) { if (tuser[i] == '\n') { tuser[i] = '\0'; break; } } - strcpy(user,tuser); + strlcpy(user, tuser, SMALL_LEN); } - pk_encode(user,xuser,&ck); + pk_encode(user, xuser, &ck); /* send it off */ if (auth_debug_mode) @@ -319,21 +317,21 @@ printf("[ SRA login failed ]\r\n"); goto enc_user; } - if (cnt > 512) { + if (cnt > XSMALL_LEN - 1) { break; } else if (cnt > 0) { - (void)memcpy(xpassprompt,data,cnt); + (void)memcpy(xpassprompt, data, cnt); pk_decode(xpassprompt, passprompt, &ck); } else { - (void)strcpy(passprompt, "Password: "); + (void)strlcpy(passprompt, "Password: ", SMALL_LEN); } /* encode password */ - memset(pass,0,256); - if (telnet_gets(passprompt,pass,255,0) == NULL) { + memset(pass, 0, SMALL_LEN); + if (telnet_gets(passprompt, pass, SMALL_LEN - 1, 0) == NULL) { printf("\n"); exit(1); } - pk_encode(pass,xpass,&ck); + pk_encode(pass, xpass, &ck); /* send it off */ if (auth_debug_mode) printf("Sent KAB(P)\r\n"); @@ -348,7 +346,7 @@ case SRA_REJECT: printf("[ SRA refuses authentication ]\r\n"); printf("Trying plaintext login:\r\n"); - auth_finished(0,AUTH_REJECT); + auth_finished(0, AUTH_REJECT); return; case SRA_ACCEPT: @@ -371,38 +369,38 @@ sra_status(Authenticator *ap __unused, char *name, size_t len, int level) { if (level < AUTH_USER) - return(level); + return level; if (UserNameRequested && sra_valid) { strlcpy(name, UserNameRequested, len); - return(AUTH_VALID); + return AUTH_VALID; } else - return(AUTH_USER); + return AUTH_USER; } -#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} -#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} +#define BUMP(buf, len) while (*(buf)) { ++(buf), --(len); } +#define ADDC(buf, len, c) if ((len) > 0) { *(buf)++ = (c); --(len); } void -sra_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) +sra_printsub(unsigned char *data, int cnt, unsigned char *ubuf, int buflen) { - char lbuf[32]; + char lbuf[32], *buf = (char *)ubuf; int i; - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buf[buflen - 1] = '\0'; /* make sure its NULL terminated */ buflen -= 1; switch(data[3]) { case SRA_CONTINUE: - strncpy((char *)buf, " CONTINUE ", buflen); + strncpy(buf, " CONTINUE ", buflen); goto common; case SRA_REJECT: /* Rejected (reason might follow) */ - strncpy((char *)buf, " REJECT ", buflen); + strncpy(buf, " REJECT ", buflen); goto common; case SRA_ACCEPT: /* Accepted (name might follow) */ - strncpy((char *)buf, " ACCEPT ", buflen); + strncpy(buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); @@ -416,25 +414,25 @@ break; case SRA_KEY: /* Authentication data follows */ - strncpy((char *)buf, " KEY ", buflen); + strncpy(buf, " KEY ", buflen); goto common2; case SRA_USER: - strncpy((char *)buf, " USER ", buflen); + strncpy(buf, " USER ", buflen); goto common2; case SRA_PASS: - strncpy((char *)buf, " PASS ", buflen); + strncpy(buf, " PASS ", buflen); goto common2; default: - sprintf(lbuf, " %d (unknown)", data[3]); - strncpy((char *)buf, lbuf, buflen); + snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]); + strncpy(buf, lbuf, buflen); common2: BUMP(buf, buflen); for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); - strncpy((char *)buf, lbuf, buflen); + snprintf(lbuf, sizeof(lbuf), " %d", data[i]); + strncpy(buf, lbuf, buflen); BUMP(buf, buflen); } break; @@ -461,7 +459,7 @@ const char *ttyn; ttyn = ttyname; - if (strncmp(ttyn, _PATH_DEV, sizeof(_PATH_DEV)-1) == 0) + if (strncmp(ttyn, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) ttyn += sizeof(_PATH_DEV) - 1; return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE); @@ -476,25 +474,25 @@ if (isroot(name) && !rootterm(line)) { - crypt("AA","*"); /* Waste some time to simulate success */ - return(0); + crypt("AA", "*"); /* Waste some time to simulate success */ + return 0; } if (getpwnam_r(name, &pws, pwbuf, sizeof(pwbuf), &pw) == 0 && pw != NULL) { if (pw->pw_shell == NULL) { - return(0); + return 0; } salt = pw->pw_passwd; xpasswd = crypt(cred, salt); /* The strcmp does not catch null passwords! */ if (*pw->pw_passwd == '\0' || strcmp(xpasswd, pw->pw_passwd)) { - return(0); + return 0; } - return(1); + return 1; } - return(0); + return 0; } #else /* !NOPAM */ @@ -505,7 +503,7 @@ * getting their username and password through an encrypted channel. */ -#define COPY_STRING(s) (s ? strdup(s):NULL) +#define COPY_STRING(s) (s ? strdup(s) : NULL) struct cred_t { const char *uname; @@ -514,12 +512,12 @@ typedef struct cred_t cred_t; static int -auth_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata) +auth_conv(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata) { int i; - cred_t *cred = (cred_t *) appdata; - struct pam_response *reply = - malloc(sizeof(struct pam_response) * num_msg); + cred_t *cred = appdata; + struct pam_response *reply = malloc(sizeof(*reply) * num_msg); if (reply == NULL) return PAM_BUF_ERR; @@ -532,7 +530,7 @@ /* PAM frees resp. */ break; case PAM_PROMPT_ECHO_OFF: /* assume want password */ - (void)strlcpy(passprompt, msg[i]->msg, 256); + (void)strlcpy(passprompt, msg[i]->msg, SMALL_LEN); reply[i].resp_retcode = PAM_SUCCESS; reply[i].resp = COPY_STRING(cred->pass); /* PAM frees resp. */ @@ -600,9 +598,9 @@ * point of view, the template user is always passed * back as a changed value of the PAM_USER item. */ - if ((e = pam_get_item(pamh, PAM_USER, &item)) == + if ((e = pam_get_item(pamh, PAM_USER, &item)) == PAM_SUCCESS) { - strcpy(name, item); + strlcpy(name, item, SMALL_LEN); } else syslog(LOG_ERR, "Couldn't get PAM_USER: %s", pam_strerror(pamh, e));