]>
Commit | Line | Data |
---|---|---|
25114a6d AM |
1 | diff -urNp -x '*.orig' opie-2.4.org/libopie/readpass.c opie-2.4/libopie/readpass.c |
2 | --- opie-2.4.org/libopie/readpass.c 1999-03-11 03:09:57.000000000 +0100 | |
3 | +++ opie-2.4/libopie/readpass.c 2023-02-02 08:53:56.749480066 +0100 | |
4 | @@ -14,6 +14,8 @@ License Agreement applies to this softwa | |
dfd1aa89 AM |
5 | |
6 | History: | |
7 | ||
8 | + Modified opiereadpass() and fixing off by one. S- | |
9 | + | |
10 | Modified by cmetz for OPIE 2.31. Use usleep() to delay after setting | |
11 | the terminal attributes; this might help certain buggy | |
12 | systems. | |
25114a6d | 13 | @@ -81,6 +83,9 @@ char *opiereadpass FUNCTION((buf, len, f |
dfd1aa89 AM |
14 | char kill[4]; |
15 | char eof[4]; | |
16 | ||
17 | + if (len < 2) /* AUDIT: useless otherwise */ | |
18 | + return NULL; | |
19 | + | |
20 | memset(erase, 0, sizeof(erase)); | |
21 | memset(kill, 0, sizeof(kill)); | |
22 | memset(eof, 0, sizeof(eof)); | |
25114a6d | 23 | @@ -217,7 +222,8 @@ char *opiereadpass FUNCTION((buf, len, f |
dfd1aa89 AM |
24 | #endif /* unix */ |
25 | ||
26 | { | |
27 | - char *c = buf, *end = buf + len, *e; | |
28 | + char *c = buf, *end = buf + len-1, *e;/* AUDIT: fixing off by one */ | |
29 | + | |
30 | #ifdef __OS2__ | |
31 | KBDKEYINFO keyInfo; | |
32 | #endif /* __OS2__ */ | |
25114a6d AM |
33 | diff -urNp -x '*.orig' opie-2.4.org/libopie/readrec.c opie-2.4/libopie/readrec.c |
34 | --- opie-2.4.org/libopie/readrec.c 2001-01-19 12:11:09.000000000 +0100 | |
35 | +++ opie-2.4/libopie/readrec.c 2023-02-02 08:53:56.749480066 +0100 | |
36 | @@ -8,6 +8,7 @@ you didn't get a copy, you may request o | |
dfd1aa89 AM |
37 | |
38 | History: | |
39 | ||
40 | + Replaced strcpy() S- | |
41 | Modified by cmetz for OPIE 2.4. Check that seed, sequence number, and | |
42 | response values are valid. | |
43 | Modified by cmetz for OPIE 2.31. Removed active attack protection | |
25114a6d | 44 | @@ -142,7 +143,7 @@ int __opiereadrec FUNCTION((opie), struc |
dfd1aa89 AM |
45 | if (strlen(opie->opie_principal) > OPIE_PRINCIPAL_MAX) |
46 | (opie->opie_principal)[OPIE_PRINCIPAL_MAX] = 0; | |
47 | ||
48 | - strcpy(principal, opie->opie_principal); | |
49 | + snprintf(principal,sizeof(principal),"%s",opie->opie_principal);/* AUDIT: replaced strcpy()*/ | |
50 | ||
51 | do { | |
52 | if ((opie->opie_recstart = ftell(f)) < 0) | |
25114a6d AM |
53 | diff -urNp -x '*.orig' opie-2.4.org/opieinfo.c opie-2.4/opieinfo.c |
54 | --- opie-2.4.org/opieinfo.c 2023-02-02 08:53:56.696146411 +0100 | |
55 | +++ opie-2.4/opieinfo.c 2023-02-02 08:53:56.749480066 +0100 | |
56 | @@ -34,6 +34,7 @@ License Agreement applies to this softwa | |
dfd1aa89 | 57 | #include "opie_cfg.h" |
25114a6d | 58 | #include <errno.h> |
dfd1aa89 AM |
59 | #include <stdio.h> |
60 | +#include <errno.h> | |
61 | #if HAVE_UNISTD_H | |
62 | #include <unistd.h> | |
63 | #endif /* HAVE_UNISTD_H */ | |
25114a6d AM |
64 | diff -urNp -x '*.orig' opie-2.4.org/opiepasswd.c opie-2.4/opiepasswd.c |
65 | --- opie-2.4.org/opiepasswd.c 1999-03-11 03:09:53.000000000 +0100 | |
66 | +++ opie-2.4/opiepasswd.c 2023-02-02 08:53:56.749480066 +0100 | |
67 | @@ -14,6 +14,8 @@ License Agreement applies to this softwa | |
dfd1aa89 AM |
68 | |
69 | History: | |
70 | ||
71 | + Replaced strcpy() S- | |
72 | + | |
73 | Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks. | |
74 | Use opiestrncpy(). | |
75 | Modified by cmetz for OPIE 2.32. Use OPIE_SEED_MAX instead of | |
25114a6d | 76 | @@ -207,7 +209,7 @@ int main FUNCTION((argc, argv), int argc |
dfd1aa89 AM |
77 | } |
78 | } else { | |
79 | if (!rval) | |
80 | - strcpy(seed, opie.opie_seed); | |
81 | + snprintf(seed, sizeof(seed), "%s", opie.opie_seed);/* AUDIT: replaced strcpy() */ | |
82 | ||
83 | if (opienewseed(seed) < 0) { | |
84 | fprintf(stderr, "Error updating seed.\n"); | |
25114a6d AM |
85 | diff -urNp -x '*.orig' opie-2.4.org/opiesu.c opie-2.4/opiesu.c |
86 | --- opie-2.4.org/opiesu.c 1999-03-11 03:09:53.000000000 +0100 | |
87 | +++ opie-2.4/opiesu.c 2023-02-02 08:53:56.749480066 +0100 | |
88 | @@ -201,7 +201,7 @@ static VOIDRET lsetenv FUNCTION((ename, | |
dfd1aa89 AM |
89 | for (cp = ename; *cp == *dp && *cp; cp++, dp++) |
90 | continue; | |
91 | if (*cp == 0 && (*dp == '=' || *dp == 0)) { | |
92 | - strcat(buf, eval); | |
93 | + snprintf(buf, sizeof(buf), "%s%s",buf, eval); /* XXX: what to do? */ | |
94 | *--ep = buf; | |
95 | return; | |
96 | } | |
25114a6d | 97 | @@ -469,8 +469,8 @@ ok: |
dfd1aa89 AM |
98 | } |
99 | if (thisuser.pw_shell && *thisuser.pw_shell) | |
100 | shell = thisuser.pw_shell; | |
101 | - if (fulllogin) { | |
102 | - if ((p = getenv("TERM")) && (strlen(termbuf) + strlen(p) - 1 < sizeof(termbuf))) { | |
103 | + if (fulllogin) { /* AUDIT: why -1? */ | |
104 | + if ((p = getenv("TERM")) && (strlen(termbuf) + strlen(p) < sizeof(termbuf))) { | |
105 | strcat(termbuf, p); | |
106 | cleanenv[4] = termbuf; | |
107 | } |