rel 15; rediff patches

[packages/opie.git] / opie-suse.patch

diff -urNp -x '*.orig' opie-2.4.org/libopie/readpass.c opie-2.4/libopie/readpass.c
--- opie-2.4.org/libopie/readpass.c	1999-03-11 03:09:57.000000000 +0100
+++ opie-2.4/libopie/readpass.c	2023-02-02 08:53:56.749480066 +0100
@@ -14,6 +14,8 @@ License Agreement applies to this softwa
 
         History:
 
+	Modified opiereadpass() and fixing off by one. S-
+
 	Modified by cmetz for OPIE 2.31. Use usleep() to delay after setting
 		the terminal attributes; this might help certain buggy
 		systems.
@@ -81,6 +83,9 @@ char *opiereadpass FUNCTION((buf, len, f
   char kill[4];
   char eof[4];
 
+  if (len < 2) /* AUDIT: useless otherwise */
+	return NULL;
+
   memset(erase, 0, sizeof(erase));
   memset(kill, 0, sizeof(kill));
   memset(eof, 0, sizeof(eof));
@@ -217,7 +222,8 @@ char *opiereadpass FUNCTION((buf, len, f
 #endif /* unix */
 
   {
-  char *c = buf, *end = buf + len, *e;
+  char *c = buf, *end = buf + len-1, *e;/* AUDIT: fixing off by one */
+
 #ifdef __OS2__
   KBDKEYINFO keyInfo;
 #endif /* __OS2__ */
diff -urNp -x '*.orig' opie-2.4.org/libopie/readrec.c opie-2.4/libopie/readrec.c
--- opie-2.4.org/libopie/readrec.c	2001-01-19 12:11:09.000000000 +0100
+++ opie-2.4/libopie/readrec.c	2023-02-02 08:53:56.749480066 +0100
@@ -8,6 +8,7 @@ you didn't get a copy, you may request o
 
 	History:
 
+	Replaced strcpy() S-
 	Modified by cmetz for OPIE 2.4. Check that seed, sequence number, and
 		response values are valid.
 	Modified by cmetz for OPIE 2.31. Removed active attack protection
@@ -142,7 +143,7 @@ int __opiereadrec FUNCTION((opie), struc
     if (strlen(opie->opie_principal) > OPIE_PRINCIPAL_MAX)
       (opie->opie_principal)[OPIE_PRINCIPAL_MAX] = 0;
     
-    strcpy(principal, opie->opie_principal);
+    snprintf(principal,sizeof(principal),"%s",opie->opie_principal);/* AUDIT: replaced strcpy()*/
     
     do {
       if ((opie->opie_recstart = ftell(f)) < 0)
diff -urNp -x '*.orig' opie-2.4.org/opieinfo.c opie-2.4/opieinfo.c
--- opie-2.4.org/opieinfo.c	2023-02-02 08:53:56.696146411 +0100
+++ opie-2.4/opieinfo.c	2023-02-02 08:53:56.749480066 +0100
@@ -34,6 +34,7 @@ License Agreement applies to this softwa
 #include "opie_cfg.h"
 #include <errno.h>
 #include <stdio.h>
+#include <errno.h>
 #if HAVE_UNISTD_H
 #include <unistd.h>
 #endif /* HAVE_UNISTD_H */
diff -urNp -x '*.orig' opie-2.4.org/opiepasswd.c opie-2.4/opiepasswd.c
--- opie-2.4.org/opiepasswd.c	1999-03-11 03:09:53.000000000 +0100
+++ opie-2.4/opiepasswd.c	2023-02-02 08:53:56.749480066 +0100
@@ -14,6 +14,8 @@ License Agreement applies to this softwa
 
 	History:
 
+	Replaced strcpy() S-
+
 	Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
 		Use opiestrncpy().
 	Modified by cmetz for OPIE 2.32. Use OPIE_SEED_MAX instead of
@@ -207,7 +209,7 @@ int main FUNCTION((argc, argv), int argc
     }
   } else {
     if (!rval)
-      strcpy(seed, opie.opie_seed);
+      snprintf(seed, sizeof(seed), "%s", opie.opie_seed);/* AUDIT: replaced strcpy() */
 
     if (opienewseed(seed) < 0) {
       fprintf(stderr, "Error updating seed.\n");
diff -urNp -x '*.orig' opie-2.4.org/opiesu.c opie-2.4/opiesu.c
--- opie-2.4.org/opiesu.c	1999-03-11 03:09:53.000000000 +0100
+++ opie-2.4/opiesu.c	2023-02-02 08:53:56.749480066 +0100
@@ -201,7 +201,7 @@ static VOIDRET lsetenv FUNCTION((ename,
     for (cp = ename; *cp == *dp && *cp; cp++, dp++)
       continue;
     if (*cp == 0 && (*dp == '=' || *dp == 0)) {
-      strcat(buf, eval);
+      snprintf(buf, sizeof(buf), "%s%s",buf,  eval); /* XXX: what to do? */
       *--ep = buf;
       return;
     }
@@ -469,8 +469,8 @@ ok:
   }
   if (thisuser.pw_shell && *thisuser.pw_shell)
     shell = thisuser.pw_shell;
-  if (fulllogin) {
-    if ((p = getenv("TERM")) && (strlen(termbuf) + strlen(p) - 1 < sizeof(termbuf))) {
+  if (fulllogin) {			/* AUDIT: why -1? */
+    if ((p = getenv("TERM")) && (strlen(termbuf) + strlen(p) < sizeof(termbuf))) {
       strcat(termbuf, p);
       cleanenv[4] = termbuf;
     }