1 diff -urN anubis-3.6.2/src/auth.c anubis-3.6.2-fix/src/auth.c
2 --- anubis-3.6.2/src/auth.c Wed Dec 4 22:43:34 2002
3 +++ anubis-3.6.2-fix/src/auth.c Wed Feb 25 20:29:40 2004
6 ************************/
8 +#define USERNAME_C "USERID :"
10 +/* If the reply matches sscanf expression
12 + "%*[^:]: USERID :%*[^:]:%s"
14 + and the length of "%s" part does not exceed size-1 bytes,
15 + copies this part to USERNAME and returns 0. Otherwise,
19 +ident_extract_username(char *reply, char *username, size_t size)
23 + p = strchr (reply, ':');
27 + || strncmp (p + 2, USERNAME_C, sizeof (USERNAME_C) - 1))
29 + p += 2 + sizeof (USERNAME_C) - 1;
30 + p = strchr (p, ':');
34 + if (strlen (p) >= size)
36 + strcpy(username, p);
40 +/* If the reply matches sscanf expression
42 + "%*[^ ] %*[^ ] %*[^ ] %*[^ ] %*[^ ] %s"
44 + and the length of "%s" part does not exceed size-1 bytes,
45 + copies this part to USERNAME and returns 0. Otherwise,
49 +crypt_extract_username(char *reply, char *username, size_t size)
53 +#define skip_word(c) while (*c && (*c) != ' ') c++
55 + /* Skip five words */
56 + for (i = 0; i < 5; i++) {
62 + if (strlen (p) >= size)
64 + strcpy(username, p);
69 auth_ident(struct sockaddr_in *addr, char *user, int size)
74 if ((sd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
75 - anubis_error(SOFT, _("IDENT: socket() failed: %s."), strerror(errno));
76 + anubis_error(SOFT, _("IDENT: socket() failed: %s."),
80 memcpy(&ident, addr, sizeof(ident));
82 info(VERBOSE, _("IDENT: connected to %s:%u"),
83 inet_ntoa(ident.sin_addr), ntohs(ident.sin_port));
85 - #ifdef HAVE_SNPRINTF
86 snprintf(buf, LINEBUFFER,
89 - #endif /* HAVE_SNPRINTF */
90 "%u , %u"CRLF, ntohs(addr->sin_port), session.tunnel_port);
92 if (send(sd, buf, strlen(buf), 0) == -1) {
95 memset(user, 0, size);
97 - if (sscanf(buf, "%*[^:]: USERID :%*[^:]:%s", user) != 1) {
99 + if (ident_extract_username(buf, user, size)) {
100 info(VERBOSE, _("IDENT: incorrect data."));
107 - if (sscanf(buf, "%*[^ ] %*[^ ] %*[^ ] %*[^ ] %*[^ ] %s", user) != 1) {
109 + if (crypt_extract_username(buf, user, size)) {
110 info(VERBOSE, _("IDENT: incorrect data (DES deciphered)."));
113 diff -urN anubis-3.6.2/src/errs.c anubis-3.6.2-fix/src/errs.c
114 --- anubis-3.6.2/src/errs.c Wed Dec 4 22:42:02 2002
115 +++ anubis-3.6.2-fix/src/errs.c Wed Feb 25 20:33:49 2004
117 if (options.slogfile)
118 filelog(options.slogfile, txt);
120 - syslog(LOG_ERR | LOG_MAIL, txt);
121 + syslog(LOG_ERR | LOG_MAIL, "%s", txt);
123 if (options.ulogfile && options.uloglevel >= FAILS)
124 filelog(options.ulogfile, txt);
125 diff -urN anubis-3.6.2/src/log.c anubis-3.6.2-fix/src/log.c
126 --- anubis-3.6.2/src/log.c Wed Dec 4 22:42:26 2002
127 +++ anubis-3.6.2-fix/src/log.c Wed Feb 25 20:32:30 2004
129 if (options.slogfile)
130 filelog(options.slogfile, txt);
132 - syslog(LOG_INFO | LOG_MAIL, txt);
133 + syslog(LOG_INFO | LOG_MAIL, "%s", txt);
135 if (options.ulogfile && options.uloglevel >= ALL)
136 filelog(options.ulogfile, txt);
137 diff -urN anubis-3.6.2/src/ssl.c anubis-3.6.2-fix/src/ssl.c
138 --- anubis-3.6.2/src/ssl.c Wed Dec 4 22:40:45 2002
139 +++ anubis-3.6.2-fix/src/ssl.c Wed Feb 25 20:33:28 2004
141 if (options.termlevel != SILENT) {
143 if ((topt & T_DAEMON) && !(topt & T_FOREGROUND))
144 - syslog(LOG_ERR | LOG_MAIL, string_error);
145 + syslog(LOG_ERR | LOG_MAIL, "%s", string_error);
147 #endif /* HAVE_SYSLOG */
148 mprintf(">>%s", string_error);