+2000-04-27 Nalin Dahyabhai <nalin@redhat.com>
+
+ * krshd.c (doit): Don't overflow buffer "cmdbuf".
+
Fri Mar 12 19:01:35 1999 Tom Yu <tlyu@mit.edu>
* Makefile.in (kshd): Add $(LOGINLIBS).
strcpy((char *) cmdbuf + offst, kprogdir);
cp = copy + 3 + offst;
+ cmdbuf[sizeof(cmdbuf) - 1] = '\0';
if (auth_sys == KRB5_RECVAUTH_V4) {
- strcat(cmdbuf, "/v4rcp");
+ strncat(cmdbuf, "/v4rcp", sizeof(cmdbuf) - 1 - strlen(cmdbuf));
} else {
- strcat(cmdbuf, "/rcp");
+ strncat(cmdbuf, "/rcp", sizeof(cmdbuf) - 1 - strlen(cmdbuf));
}
if (stat((char *)cmdbuf + offst, &s) >= 0)
- strcat(cmdbuf, cp);
+ strncat(cmdbuf, cp, sizeof(cmdbuf) - 1 - strlen(cmdbuf));
else
- strcpy(cmdbuf, copy);
+ strncpy(cmdbuf, copy, sizeof(cmdbuf) - 1 - strlen(cmdbuf));
free(copy);
}
#endif
+2000-04-28 Ken Raeburn <raeburn@mit.edu>
+ Nalin Dahyabhai <nalin@redhat.com>
+
+ * kuserok.c (kuserok): Don't overflow buffer "pbuf".
+
+2000-04-28 Tom Yu <tlyu@mit.edu>
+
+ * rd_req.c (krb_rd_req): Fix some uses of strcpy().
+
Thu Apr 15 20:18:38 1999 Tom Yu <tlyu@mit.edu>
* g_cnffile.c (krb__get_srvtabname): Fix to actually extract
if ((pwd = getpwnam(luser)) == NULL) {
return(NOTOK);
}
- (void) strcpy(pbuf, pwd->pw_dir);
- (void) strcat(pbuf, "/.klogin");
+ if (strlen (pwd->pw_dir) + sizeof ("/.klogin") >= sizeof (pbuf))
+ return NOTOK;
+ (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1);
+ pbuf[sizeof(pbuf) - 1] = '\0';
+ (void) strncat(pbuf, "/.klogin", sizeof(pbuf) - 1 - strlen(pbuf));
if (access(pbuf, F_OK)) { /* not accessible */
/*
Kerberos used to encrypt ticket */
int status;
+ tkt->mbz = req_id->mbz = 0;
+
if (authent->length <= 0)
return(RD_AP_MODIFIED);
mutual = 0;
#endif /* lint */
s_kvno = *ptr++; /* get server key version */
- (void) strcpy(realm,ptr); /* And the realm of the issuing KDC */
- ptr += strlen(ptr) + 1; /* skip the realm "hint" */
+ (void) strncpy(realm,ptr,REALM_SZ); /* And the realm of the issuing KDC */
+ realm[REALM_SZ-1] = '\0';
+ ptr += strlen(realm) + 1; /* skip the realm "hint" */
/*
* If "fn" is NULL, key info should already be set; don't
#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED);
ptr = (char *) req_id->dat;
- (void) strcpy(r_aname,ptr); /* Authentication name */
+ (void) strncpy(r_aname,ptr,ANAME_SZ); /* Authentication name */
+ r_aname[ANAME_SZ-1] = '\0';
ptr += strlen(r_aname)+1;
check_ptr();
- (void) strcpy(r_inst,ptr); /* Authentication instance */
+ (void) strncpy(r_inst,ptr,INST_SZ); /* Authentication instance */
+ r_inst[INST_SZ-1] = '\0';
ptr += strlen(r_inst)+1;
check_ptr();
- (void) strcpy(r_realm,ptr); /* Authentication name */
+ (void) strncpy(r_realm,ptr,REALM_SZ); /* Authentication name */
+ r_realm[REALM_SZ-1] = '\0';
ptr += strlen(r_realm)+1;
check_ptr();
memcpy((char *)&ad->checksum, ptr, 4); /* Checksum */
+2000-04-28 Nalin Dahyabhai <nalin@redhat.com>
+
+ * conv_princ.c (krb5_425_conv_principal): Don't overflow buffer
+ "buf".
+
2000-02-01 Ken Raeburn <raeburn@mit.edu>
* init_ctx.c (init_common): Renamed from krb5_init_context, now
if (retval == 0 && full_name && full_name[0]) {
instance = full_name[0];
} else {
- strcpy(buf, instance);
+ strncpy(buf, instance, sizeof(buf));
+ buf[sizeof(buf) - 1] = '\0';
retval = krb5_get_realm_domain(context, realm, &domain);
if (retval)
return retval;
for (cp = domain; *cp; cp++)
if (isupper(*cp))
*cp = tolower(*cp);
- strcat(buf, ".");
- strcat(buf, domain);
+ strncat(buf, ".", sizeof(buf) - 1 - strlen(buf));
+ strncat(buf, domain, sizeof(buf) - 1 - strlen(buf));
krb5_xfree(domain);
}
instance = buf;
+2000-04-28 Nalin Dahyabhai <nalin@redhat.com>
+
+ * kuserok.c (krb5_kuserok): Don't overflow buffer "pbuf".
+
Thu Mar 25 18:45:48 1999 Tom Yu <tlyu@mit.edu>
* promptusr.c (krb5_os_get_tty_uio): getchar() returns int, not
if ((pwd = getpwnam(luser)) == NULL) {
return(FALSE);
}
- (void) strcpy(pbuf, pwd->pw_dir);
- (void) strcat(pbuf, "/.k5login");
+ (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1);
+ pbuf[sizeof(pbuf) - 1] = '\0';
+ (void) strncat(pbuf, "/.k5login", sizeof(pbuf) - 1 - strlen(pbuf));
if (access(pbuf, F_OK)) { /* not accessible */
/*
+2000-04-28 Ken Raeburn <raeburn@mit.edu>
+ Nalin Dahyabhai <nalin@redhat.com>
+
+ * syslog.c (vsyslog): Use strncpy and strncat instead of strcpy
+ and strcat when adding to buffer "tbuf". If calling vsprintf,
+ abort if it appears to have overrun the buffer.
+
Mon Jun 10 21:51:35 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* syslog.c: Change _WINDOWS to _MSDOS, and add check for _WIN32.
(void)sprintf(tbuf, "<%d>%.15s ", pri, ctime(&now) + 4);
for (p = tbuf; *p; ++p);
if (LogTag) {
- (void)strcpy(p, LogTag);
+ (void)strncpy(p, LogTag, sizeof(tbuf) - 1 - (p - tbuf));
for (; *p; ++p);
}
if (LogStat & LOG_PID) {
}
(void)vsprintf(p, fmt_cpy, ap);
+ /* Bounds checking?? If a system doesn't have syslog, we
+ probably can't rely on it having vsnprintf either. Try not
+ to let a buffer overrun be exploited. */
+ if (strlen (tbuf) >= sizeof (tbuf))
+ abort ();
/* output the message to the local logger */
if (send(LogFile, tbuf, cnt = strlen(tbuf), 0) >= 0 ||
if ((fd = open(CONSOLE, O_WRONLY, 0)) < 0)
return;
(void)alarm((u_int)0);
- (void)strcat(tbuf, "\r");
+ tbuf[sizeof(tbuf) - 1] = '\0';
+ (void)strncat(tbuf, "\r", sizeof(tbuf) - 1 - strlen(tbuf));
p = strchr(tbuf, '>') + 1;
(void)write(fd, p, cnt + 1 - (p - tbuf));
(void)close(fd);
projects / thirdparty / krb5.git / commitdiff
