Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/crypto/dist/ssh Apply patch (requested by itojun):
details: https://anonhg.NetBSD.org/src/rev/8e67a66ee8fe
branches: netbsd-1-5
changeset: 493109:8e67a66ee8fe
user: he <he%NetBSD.org@localhost>
date: Thu Jun 06 16:47:43 2002 +0000
description:
Apply patch (requested by itojun):
Switch to a ``vendor-supplied'' version of the patch which protects
against buffer overruns when decoding KerberosIV credentials.
Bump NetBSD part of version string.
diffstat:
crypto/dist/ssh/bufaux.c | 26 +++-
crypto/dist/ssh/bufaux.h | 5 +-
crypto/dist/ssh/radix.c | 253 +++++++++++++++++----------------------------
crypto/dist/ssh/version.h | 4 +-
4 files changed, 125 insertions(+), 163 deletions(-)
diffs (truncated from 382 to 300 lines):
diff -r a514bd8b4fff -r 8e67a66ee8fe crypto/dist/ssh/bufaux.c
--- a/crypto/dist/ssh/bufaux.c Thu Jun 06 16:20:49 2002 +0000
+++ b/crypto/dist/ssh/bufaux.c Thu Jun 06 16:47:43 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bufaux.c,v 1.1.1.1.2.3 2001/12/10 23:52:27 he Exp $ */
+/* $NetBSD: bufaux.c,v 1.1.1.1.2.4 2002/06/06 16:47:44 he Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -141,10 +141,18 @@
xfree(bin);
return len;
}
+/*
+ * Returns integers from the buffer (msb first).
+ */
-/*
- * Returns an integer from the buffer (4 bytes, msb first).
- */
+u_short
+buffer_get_short(Buffer *buffer)
+{
+ u_char buf[2];
+ buffer_get(buffer, (char *) buf, 2);
+ return GET_16BIT(buf);
+}
+
u_int
buffer_get_int(Buffer *buffer)
{
@@ -162,9 +170,17 @@
}
/*
- * Stores an integer in the buffer in 4 bytes, msb first.
+ * Stores integers in the buffer, msb first.
*/
void
+buffer_put_short(Buffer *buffer, u_short value)
+{
+ char buf[2];
+ PUT_16BIT(buf, value);
+ buffer_append(buffer, buf, 2);
+}
+
+void
buffer_put_int(Buffer *buffer, u_int value)
{
char buf[4];
diff -r a514bd8b4fff -r 8e67a66ee8fe crypto/dist/ssh/bufaux.h
--- a/crypto/dist/ssh/bufaux.h Thu Jun 06 16:20:49 2002 +0000
+++ b/crypto/dist/ssh/bufaux.h Thu Jun 06 16:47:43 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bufaux.h,v 1.1.1.1.2.3 2001/12/10 23:52:27 he Exp $ */
+/* $NetBSD: bufaux.h,v 1.1.1.1.2.4 2002/06/06 16:47:44 he Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -24,6 +24,9 @@
int buffer_get_bignum(Buffer *, BIGNUM *);
int buffer_get_bignum2(Buffer *, BIGNUM *);
+u_short buffer_get_short(Buffer *);
+void buffer_put_short(Buffer *, u_short);
+
u_int buffer_get_int(Buffer *);
void buffer_put_int(Buffer *, u_int);
diff -r a514bd8b4fff -r 8e67a66ee8fe crypto/dist/ssh/radix.c
--- a/crypto/dist/ssh/radix.c Thu Jun 06 16:20:49 2002 +0000
+++ b/crypto/dist/ssh/radix.c Thu Jun 06 16:47:43 2002 +0000
@@ -1,6 +1,7 @@
-/* $NetBSD: radix.c,v 1.1.1.1.2.4 2002/04/26 17:01:13 he Exp $ */
+/* $NetBSD: radix.c,v 1.1.1.1.2.5 2002/06/06 16:47:43 he Exp $ */
/*
* Copyright (c) 1999 Dug Song. All rights reserved.
+ * Copyright (c) 2002 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -26,190 +27,132 @@
#include "includes.h"
#include "uuencode.h"
-RCSID("$OpenBSD: radix.c,v 1.17 2001/11/19 19:02:16 mpech Exp $");
+RCSID("$OpenBSD: radix.c,v 1.16 2001/06/23 15:12:19 itojun Exp $");
#ifdef AFS
#include <krb.h>
#include <radix.h>
-
-typedef u_char my_u_char;
-typedef u_int my_u_int32_t;
-typedef u_short my_u_short;
-
-/* Nasty macros from BIND-4.9.2 */
-
-#define GETSHORT(s, cp) { \
- my_u_char *t_cp = (my_u_char *)(cp); \
- (s) = (((my_u_short)t_cp[0]) << 8) \
- | (((my_u_short)t_cp[1])) \
- ; \
- (cp) += 2; \
-}
-
-#define GETLONG(l, cp) { \
- my_u_char *t_cp = (my_u_char *)(cp); \
- (l) = (((my_u_int32_t)t_cp[0]) << 24) \
- | (((my_u_int32_t)t_cp[1]) << 16) \
- | (((my_u_int32_t)t_cp[2]) << 8) \
- | (((my_u_int32_t)t_cp[3])) \
- ; \
- (cp) += 4; \
-}
-
-#define PUTSHORT(s, cp) { \
- my_u_short t_s = (my_u_short)(s); \
- my_u_char *t_cp = (my_u_char *)(cp); \
- *t_cp++ = t_s >> 8; \
- *t_cp = t_s; \
- (cp) += 2; \
-}
-
-#define PUTLONG(l, cp) { \
- my_u_int32_t t_l = (my_u_int32_t)(l); \
- my_u_char *t_cp = (my_u_char *)(cp); \
- *t_cp++ = t_l >> 24; \
- *t_cp++ = t_l >> 16; \
- *t_cp++ = t_l >> 8; \
- *t_cp = t_l; \
- (cp) += 4; \
-}
-
-#define GETSTRING(s, p, p_l, s_l) { \
- char *p_targ = (p) + (s_l < p_l ? s_l : p_l);\
- char *s_c = (s); \
- char *p_c = (p); \
- while (*p_c && (p_c < p_targ)) { \
- *s_c++ = *p_c++; \
- } \
- if (p_c == p_targ) { \
- return 0; \
- } \
- *s_c = *p_c++; \
- (p_l) = (p_l) - (p_c - (p)); \
- (p) = p_c; \
-}
-
+#include "bufaux.h"
int
creds_to_radix(CREDENTIALS *creds, u_char *buf, size_t buflen)
{
- char *p, *s;
- int len;
- char temp[2048];
+ Buffer b;
+ int ret;
+
+ buffer_init(&b);
+
+ buffer_put_char(&b, 1); /* version */
- p = temp;
- *p++ = 1; /* version */
- s = creds->service;
- while (*s)
- *p++ = *s++;
- *p++ = *s;
- s = creds->instance;
- while (*s)
- *p++ = *s++;
- *p++ = *s;
- s = creds->realm;
- while (*s)
- *p++ = *s++;
- *p++ = *s;
+ buffer_append(&b, creds->service, strlen(creds->service));
+ buffer_put_char(&b, '\0');
+ buffer_append(&b, creds->instance, strlen(creds->instance));
+ buffer_put_char(&b, '\0');
+ buffer_append(&b, creds->realm, strlen(creds->realm));
+ buffer_put_char(&b, '\0');
+ buffer_append(&b, creds->pname, strlen(creds->pname));
+ buffer_put_char(&b, '\0');
+ buffer_append(&b, creds->pinst, strlen(creds->pinst));
+ buffer_put_char(&b, '\0');
+
+ /* Null string to repeat the realm. */
+ buffer_put_char(&b, '\0');
- s = creds->pname;
- while (*s)
- *p++ = *s++;
- *p++ = *s;
- s = creds->pinst;
- while (*s)
- *p++ = *s++;
- *p++ = *s;
- /* Null string to repeat the realm. */
- *p++ = '\0';
+ buffer_put_int(&b, creds->issue_date);
+ buffer_put_int(&b, krb_life_to_time(creds->issue_date,
+ creds->lifetime));
+ buffer_append(&b, creds->session, sizeof(creds->session));
+ buffer_put_short(&b, creds->kvno);
+
+ /* 32 bit size + data */
+ buffer_put_string(&b, creds->ticket_st.dat, creds->ticket_st.length);
+
+ ret = uuencode(buffer_ptr(&b), buffer_len(&b), (char *)buf, buflen);
+
+ buffer_free(&b);
+ return ret;
+}
- PUTLONG(creds->issue_date, p);
- {
- u_int endTime;
- endTime = (u_int) krb_life_to_time(creds->issue_date,
- creds->lifetime);
- PUTLONG(endTime, p);
- }
-
- memcpy(p, &creds->session, sizeof(creds->session));
- p += sizeof(creds->session);
-
- PUTSHORT(creds->kvno, p);
- PUTLONG(creds->ticket_st.length, p);
-
- memcpy(p, creds->ticket_st.dat, creds->ticket_st.length);
- p += creds->ticket_st.length;
- len = p - temp;
-
- return (uuencode((u_char *)temp, len, (char *)buf, buflen));
-}
+#define GETSTRING(b, t, tlen) \
+ do { \
+ int i, found = 0; \
+ for (i = 0; i < tlen; i++) { \
+ if (buffer_len(b) == 0) \
+ goto done; \
+ t[i] = buffer_get_char(b); \
+ if (t[i] == '\0') { \
+ found = 1; \
+ break; \
+ } \
+ } \
+ if (!found) \
+ goto done; \
+ } while(0)
int
radix_to_creds(const char *buf, CREDENTIALS *creds)
{
+ Buffer b;
+ char c, version, *space, *p;
+ u_int endTime;
+ int len, blen, ret;
- char *p;
- int len, tl;
- char version;
- char temp[2048];
+ ret = 0;
+ blen = strlen(buf);
- len = uudecode(buf, (u_char *)temp, sizeof(temp));
- if (len < 0)
+ /* sanity check for size */
+ if (blen > 8192)
return 0;
- p = temp;
+ buffer_init(&b);
+ buffer_append_space(&b, &space, blen);
/* check version and length! */
+ len = uudecode(buf, space, blen);
if (len < 1)
- return 0;
- version = *p;
- p++;
- len--;
+ goto done;
- GETSTRING(creds->service, p, len, sizeof creds->service);
- GETSTRING(creds->instance, p, len, sizeof creds->instance);
- GETSTRING(creds->realm, p, len, sizeof creds->realm);
+ version = buffer_get_char(&b);
- GETSTRING(creds->pname, p, len, sizeof creds->pname);
- GETSTRING(creds->pinst, p, len, sizeof creds->pinst);
+ GETSTRING(&b, creds->service, sizeof creds->service);
+ GETSTRING(&b, creds->instance, sizeof creds->instance);
+ GETSTRING(&b, creds->realm, sizeof creds->realm);
+ GETSTRING(&b, creds->pname, sizeof creds->pname);
+ GETSTRING(&b, creds->pinst, sizeof creds->pinst);
Home |
Main Index |
Thread Index |
Old Index