tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-27 15:54:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2002/04/20 09:17:19

Browse Source 
[radix.c]
     rewrite using the buffer_* API, fixes overflow; ok deraadt@
This commit is contained in:
Damien Miller 2002-04-23 20:46:56 +10:00
parent 3b23566a5b
commit bad0e0162f
2 changed files with 94 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -9,6 +9,9 @@
- markus@cvs.openbsd.org 2002/04/20 09:14:58 - markus@cvs.openbsd.org 2002/04/20 09:14:58
[bufaux.c bufaux.h] [bufaux.c bufaux.h]
add buffer_{get,put}_short add buffer_{get,put}_short
- markus@cvs.openbsd.org 2002/04/20 09:17:19
[radix.c]
rewrite using the buffer_* API, fixes overflow; ok deraadt@
20020421 20020421
- (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0). - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0).
@ -8275,4 +8278,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.2064 2002/04/23 10:42:36 djm Exp $ $Id: ChangeLog,v 1.2065 2002/04/23 10:46:56 djm Exp $

240
radix.c
View File

@ -1,5 +1,6 @@
/* /*
* Copyright (c) 1999 Dug Song. All rights reserved. * Copyright (c) 1999 Dug Song. All rights reserved.
* Copyright (c) 2002 Markus Friedl. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -25,190 +26,131 @@
#include "includes.h" #include "includes.h"
#include "uuencode.h" #include "uuencode.h"
RCSID("$OpenBSD: radix.c,v 1.17 2001/11/19 19:02:16 mpech Exp $"); RCSID("$OpenBSD: radix.c,v 1.18 2002/04/20 09:17:19 markus Exp $");
#ifdef AFS #ifdef AFS
#include <krb.h> #include <krb.h>
#include <radix.h> #include <radix.h>
#include "bufaux.h"
typedef u_char my_u_char;
typedef u_int my_u_int32_t;
typedef u_short my_u_short;
/* Nasty macros from BIND-4.9.2 */
#define GETSHORT(s, cp) { \
my_u_char *t_cp = (my_u_char *)(cp); \
(s) = (((my_u_short)t_cp[0]) << 8) \
| (((my_u_short)t_cp[1])) \
; \
(cp) += 2; \
}
#define GETLONG(l, cp) { \
my_u_char *t_cp = (my_u_char *)(cp); \
(l) = (((my_u_int32_t)t_cp[0]) << 24) \
| (((my_u_int32_t)t_cp[1]) << 16) \
| (((my_u_int32_t)t_cp[2]) << 8) \
| (((my_u_int32_t)t_cp[3])) \
; \
(cp) += 4; \
}
#define PUTSHORT(s, cp) { \
my_u_short t_s = (my_u_short)(s); \
my_u_char *t_cp = (my_u_char *)(cp); \
*t_cp++ = t_s >> 8; \
*t_cp = t_s; \
(cp) += 2; \
}
#define PUTLONG(l, cp) { \
my_u_int32_t t_l = (my_u_int32_t)(l); \
my_u_char *t_cp = (my_u_char *)(cp); \
*t_cp++ = t_l >> 24; \
*t_cp++ = t_l >> 16; \
*t_cp++ = t_l >> 8; \
*t_cp = t_l; \
(cp) += 4; \
}
#define GETSTRING(s, p, p_l) { \
char *p_targ = (p) + p_l; \
char *s_c = (s); \
char *p_c = (p); \
while (*p_c && (p_c < p_targ)) { \
*s_c++ = *p_c++; \
} \
if (p_c == p_targ) { \
return 1; \
} \
*s_c = *p_c++; \
(p_l) = (p_l) - (p_c - (p)); \
(p) = p_c; \
}
int int
creds_to_radix(CREDENTIALS *creds, u_char *buf, size_t buflen) creds_to_radix(CREDENTIALS *creds, u_char *buf, size_t buflen)
{ {
char *p, *s; Buffer b;
int len; int ret;
char temp[2048];
p = temp; buffer_init(&b);
*p++ = 1; /* version */
s = creds->service; buffer_put_char(&b, 1); /* version */
while (*s)
*p++ = *s++; buffer_append(&b, creds->service, strlen(creds->service));
*p++ = *s; buffer_put_char(&b, '\0');
s = creds->instance; buffer_append(&b, creds->instance, strlen(creds->instance));
while (*s) buffer_put_char(&b, '\0');
*p++ = *s++; buffer_append(&b, creds->realm, strlen(creds->realm));
*p++ = *s; buffer_put_char(&b, '\0');
s = creds->realm; buffer_append(&b, creds->pname, strlen(creds->pname));
while (*s) buffer_put_char(&b, '\0');
*p++ = *s++; buffer_append(&b, creds->pinst, strlen(creds->pinst));
*p++ = *s; buffer_put_char(&b, '\0');
s = creds->pname;
while (*s)
*p++ = *s++;
*p++ = *s;
s = creds->pinst;
while (*s)
*p++ = *s++;
*p++ = *s;
/* Null string to repeat the realm. */ /* Null string to repeat the realm. */
*p++ = '\0'; buffer_put_char(&b, '\0');
PUTLONG(creds->issue_date, p); buffer_put_int(&b, creds->issue_date);
{ buffer_put_int(&b, krb_life_to_time(creds->issue_date,
u_int endTime; creds->lifetime));
endTime = (u_int) krb_life_to_time(creds->issue_date, buffer_append(&b, creds->session, sizeof(creds->session));
creds->lifetime); buffer_put_short(&b, creds->kvno);
PUTLONG(endTime, p);
/* 32 bit size + data */
buffer_put_string(&b, creds->ticket_st.dat,
sizeof(creds->ticket_st.length));
ret = uuencode(buffer_ptr(&b), buffer_len(&b), (char *)buf, buflen);
buffer_free(&b);
return ret;
} }
memcpy(p, &creds->session, sizeof(creds->session)); #define GETSTRING(b, t, tlen) \
p += sizeof(creds->session); do { \
int i; \
PUTSHORT(creds->kvno, p); for (i = 0; i < tlen; i++) { \
PUTLONG(creds->ticket_st.length, p); if (buffer_len(b) == 0) \
goto done; \
memcpy(p, creds->ticket_st.dat, creds->ticket_st.length); t[i] = buffer_get_char(b); \
p += creds->ticket_st.length; if (t[i] == '\0') \
len = p - temp; break; \
} \
return (uuencode((u_char *)temp, len, (char *)buf, buflen)); if (t[i] != '\0') \
} goto done; \
} while(0)
int int
radix_to_creds(const char *buf, CREDENTIALS *creds) radix_to_creds(const char *buf, CREDENTIALS *creds)
{ {
Buffer b;
char c, version, *space, *p;
u_int endTime;
int len, blen, ret;
char *p; ret = 0;
int len, tl; blen = strlen(buf);
char version;
char temp[2048];
len = uudecode(buf, (u_char *)temp, sizeof(temp)); /* sanity check for size */
if (len < 0) if (blen > 8192)
return 0; return 0;
p = temp; buffer_init(&b);
space = buffer_append_space(&b, blen);
/* check version and length! */ /* check version and length! */
len = uudecode(buf, space, blen);
if (len < 1) if (len < 1)
return 0; goto done;
version = *p;
p++;
len--;
GETSTRING(creds->service, p, len); version = buffer_get_char(&b);
GETSTRING(creds->instance, p, len);
GETSTRING(creds->realm, p, len); GETSTRING(&b, creds->service, sizeof creds->service);
GETSTRING(&b, creds->instance, sizeof creds->instance);
GETSTRING(&b, creds->realm, sizeof creds->realm);
GETSTRING(&b, creds->pname, sizeof creds->pname);
GETSTRING(&b, creds->pinst, sizeof creds->pinst);
if (buffer_len(&b) == 0)
goto done;
GETSTRING(creds->pname, p, len);
GETSTRING(creds->pinst, p, len);
/* Ignore possibly different realm. */ /* Ignore possibly different realm. */
while (*p && len) while (buffer_len(&b) > 0 && (c = buffer_get_char(&b)) != '\0')
p++, len--; ;
if (len == 0)
return 0;
p++, len--;
/* Enough space for remaining fixed-length parts? */ if (buffer_len(&b) == 0)
if (len < (4 + 4 + sizeof(creds->session) + 2 + 4)) goto done;
return 0;
GETLONG(creds->issue_date, p); creds->issue_date = buffer_get_int(&b);
len -= 4;
{ endTime = buffer_get_int(&b);
u_int endTime;
GETLONG(endTime, p);
len -= 4;
creds->lifetime = krb_time_to_life(creds->issue_date, endTime); creds->lifetime = krb_time_to_life(creds->issue_date, endTime);
}
memcpy(&creds->session, p, sizeof(creds->session)); len = buffer_len(&b);
p += sizeof(creds->session); if (len < sizeof(creds->session))
len -= sizeof(creds->session); goto done;
memcpy(&creds->session, buffer_ptr(&b), sizeof(creds->session));
buffer_consume(&b, sizeof(creds->session));
GETSHORT(creds->kvno, p); creds->kvno = buffer_get_short(&b);
len -= 2;
GETLONG(creds->ticket_st.length, p);
len -= 4;
tl = creds->ticket_st.length; p = buffer_get_string(&b, &len);
if (tl < 0 || tl > len || tl > sizeof(creds->ticket_st.dat)) if (len < 0 || len > sizeof(creds->ticket_st.dat))
return 0; goto done;
memcpy(&creds->ticket_st.dat, p, len);
creds->ticket_st.length = len;
memcpy(creds->ticket_st.dat, p, tl); ret = 1;
p += tl; done:
len -= tl; buffer_free(&b);
return ret;
return 1;
} }
#endif /* AFS */ #endif /* AFS */