1 diff -urNp -x '*.orig' opie-2.4.org/libopie/readpass.c opie-2.4/libopie/readpass.c
2 --- opie-2.4.org/libopie/readpass.c 1999-03-11 03:09:57.000000000 +0100
3 +++ opie-2.4/libopie/readpass.c 2023-02-02 08:53:56.749480066 +0100
4 @@ -14,6 +14,8 @@ License Agreement applies to this softwa
8 + Modified opiereadpass() and fixing off by one. S-
10 Modified by cmetz for OPIE 2.31. Use usleep() to delay after setting
11 the terminal attributes; this might help certain buggy
13 @@ -81,6 +83,9 @@ char *opiereadpass FUNCTION((buf, len, f
17 + if (len < 2) /* AUDIT: useless otherwise */
20 memset(erase, 0, sizeof(erase));
21 memset(kill, 0, sizeof(kill));
22 memset(eof, 0, sizeof(eof));
23 @@ -217,7 +222,8 @@ char *opiereadpass FUNCTION((buf, len, f
27 - char *c = buf, *end = buf + len, *e;
28 + char *c = buf, *end = buf + len-1, *e;/* AUDIT: fixing off by one */
33 diff -urNp -x '*.orig' opie-2.4.org/libopie/readrec.c opie-2.4/libopie/readrec.c
34 --- opie-2.4.org/libopie/readrec.c 2001-01-19 12:11:09.000000000 +0100
35 +++ opie-2.4/libopie/readrec.c 2023-02-02 08:53:56.749480066 +0100
36 @@ -8,6 +8,7 @@ you didn't get a copy, you may request o
40 + Replaced strcpy() S-
41 Modified by cmetz for OPIE 2.4. Check that seed, sequence number, and
42 response values are valid.
43 Modified by cmetz for OPIE 2.31. Removed active attack protection
44 @@ -142,7 +143,7 @@ int __opiereadrec FUNCTION((opie), struc
45 if (strlen(opie->opie_principal) > OPIE_PRINCIPAL_MAX)
46 (opie->opie_principal)[OPIE_PRINCIPAL_MAX] = 0;
48 - strcpy(principal, opie->opie_principal);
49 + snprintf(principal,sizeof(principal),"%s",opie->opie_principal);/* AUDIT: replaced strcpy()*/
52 if ((opie->opie_recstart = ftell(f)) < 0)
53 diff -urNp -x '*.orig' opie-2.4.org/opieinfo.c opie-2.4/opieinfo.c
54 --- opie-2.4.org/opieinfo.c 2023-02-02 08:53:56.696146411 +0100
55 +++ opie-2.4/opieinfo.c 2023-02-02 08:53:56.749480066 +0100
56 @@ -34,6 +34,7 @@ License Agreement applies to this softwa
63 #endif /* HAVE_UNISTD_H */
64 diff -urNp -x '*.orig' opie-2.4.org/opiepasswd.c opie-2.4/opiepasswd.c
65 --- opie-2.4.org/opiepasswd.c 1999-03-11 03:09:53.000000000 +0100
66 +++ opie-2.4/opiepasswd.c 2023-02-02 08:53:56.749480066 +0100
67 @@ -14,6 +14,8 @@ License Agreement applies to this softwa
71 + Replaced strcpy() S-
73 Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
75 Modified by cmetz for OPIE 2.32. Use OPIE_SEED_MAX instead of
76 @@ -207,7 +209,7 @@ int main FUNCTION((argc, argv), int argc
80 - strcpy(seed, opie.opie_seed);
81 + snprintf(seed, sizeof(seed), "%s", opie.opie_seed);/* AUDIT: replaced strcpy() */
83 if (opienewseed(seed) < 0) {
84 fprintf(stderr, "Error updating seed.\n");
85 diff -urNp -x '*.orig' opie-2.4.org/opiesu.c opie-2.4/opiesu.c
86 --- opie-2.4.org/opiesu.c 1999-03-11 03:09:53.000000000 +0100
87 +++ opie-2.4/opiesu.c 2023-02-02 08:53:56.749480066 +0100
88 @@ -201,7 +201,7 @@ static VOIDRET lsetenv FUNCTION((ename,
89 for (cp = ename; *cp == *dp && *cp; cp++, dp++)
91 if (*cp == 0 && (*dp == '=' || *dp == 0)) {
93 + snprintf(buf, sizeof(buf), "%s%s",buf, eval); /* XXX: what to do? */
97 @@ -469,8 +469,8 @@ ok:
99 if (thisuser.pw_shell && *thisuser.pw_shell)
100 shell = thisuser.pw_shell;
102 - if ((p = getenv("TERM")) && (strlen(termbuf) + strlen(p) - 1 < sizeof(termbuf))) {
103 + if (fulllogin) { /* AUDIT: why -1? */
104 + if ((p = getenv("TERM")) && (strlen(termbuf) + strlen(p) < sizeof(termbuf))) {
106 cleanenv[4] = termbuf;