diff options
| author |   moritz <moritz@openbsd.org> | 2007-09-17 07:07:23 +0000 |
|---|---|---|
| committer | moritz <moritz@openbsd.org> | 2007-09-17 07:07:23 +0000 |
| commit | bb14a393e3af6ff908caaab0513178a93cf62ab8 (patch) | |
| tree | c064a898727697a30ec98cf0cd614c3fbb415d4b /lib/libc/gen/authenticate.c | |
| parent | Do not take wild guesses at how if_enc's internal works, include (diff) | |
| download | wireguard-openbsd-bb14a393e3af6ff908caaab0513178a93cf62ab8.tar.xz wireguard-openbsd-bb14a393e3af6ff908caaab0513178a93cf62ab8.zip | |
Check snprintf(3) return value for error or truncation.
Mostly path construction, where truncation could be bad.
ok and input from deraadt@ millert@ ray@
Diffstat (limited to 'lib/libc/gen/authenticate.c')
| -rw-r--r-- | lib/libc/gen/authenticate.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/lib/libc/gen/authenticate.c b/lib/libc/gen/authenticate.c index a4f7aea2bd8..1ef26b683b9 100644 --- a/lib/libc/gen/authenticate.c +++ b/lib/libc/gen/authenticate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authenticate.c,v 1.15 2005/12/19 17:07:43 millert Exp $ */ +/* $OpenBSD: authenticate.c,v 1.16 2007/09/17 07:07:23 moritz Exp $ */ /*- * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved. @@ -172,7 +172,7 @@ auth_cat(char *file) int auth_approval(auth_session_t *as, login_cap_t *lc, char *name, char *type) { - int close_on_exit, close_lc_on_exit; + int close_on_exit, close_lc_on_exit, len; struct passwd *pwd; char *approve, *s, path[MAXPATHLEN]; @@ -227,7 +227,15 @@ auth_approval(auth_session_t *as, login_cap_t *lc, char *name, char *type) if (strncmp(type, "approve-", 8) == 0) type += 8; - snprintf(path, sizeof(path), "approve-%s", type); + len = snprintf(path, sizeof(path), "approve-%s", type); + if (len < 0 || len >= sizeof(path)) { + if (close_lc_on_exit) + login_close(lc); + syslog(LOG_ERR, "approval path too long %.*s...", + MAXPATHLEN, type); + _warnx("approval script path too long"); + return (0); + } } if ((approve = login_getcapstr(lc, s = path, NULL, NULL)) == NULL) @@ -415,6 +423,7 @@ auth_userresponse(auth_session_t *as, char *response, int more) { char path[MAXPATHLEN]; char *style, *name, *challenge, *class; + int len; if (as == NULL) return (0); @@ -427,6 +436,14 @@ auth_userresponse(auth_session_t *as, char *response, int more) return (auth_close(as)); return(0); } + + len = snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", style); + if (len < 0 || len >= sizeof(path)) { + if (more == 0) + return (auth_close(as)); + return (0); + } + challenge = auth_getitem(as, AUTHV_CHALLENGE); class = auth_getitem(as, AUTHV_CLASS); @@ -439,8 +456,6 @@ auth_userresponse(auth_session_t *as, char *response, int more) else auth_setdata(as, "", 1); - snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", style); - auth_call(as, path, style, "-s", "response", name, class, (char *)NULL); /* |