diff options
Diffstat (limited to 'lib/libc/gen')
| -rw-r--r-- | lib/libc/gen/auth_subr.c | 20 | ||||
| -rw-r--r-- | lib/libc/gen/authenticate.c | 25 | ||||
| -rw-r--r-- | lib/libc/gen/getnetgrent.c | 14 | ||||
| -rw-r--r-- | lib/libc/gen/login_cap.c | 15 |
4 files changed, 58 insertions, 16 deletions
diff --git a/lib/libc/gen/auth_subr.c b/lib/libc/gen/auth_subr.c index ae34c02c078..4b3efa798e9 100644 --- a/lib/libc/gen/auth_subr.c +++ b/lib/libc/gen/auth_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth_subr.c,v 1.30 2004/12/02 20:38:36 millert Exp $ */ +/* $OpenBSD: auth_subr.c,v 1.31 2007/09/17 07:07:23 moritz Exp $ */ /* * Copyright (c) 2000-2002,2004 Todd C. Miller <Todd.Miller@courtesan.com> @@ -305,10 +305,15 @@ char * auth_challenge(auth_session_t *as) { char path[MAXPATHLEN]; + int len; if (as == NULL || as->style == NULL || as->name == NULL) return (NULL); + len = snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", as->style); + if (len < 0 || len >= sizeof(path)) + return (NULL); + as->state = 0; if (as->challenge) { @@ -316,7 +321,6 @@ auth_challenge(auth_session_t *as) as->challenge = NULL; } - snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", as->style); auth_call(as, path, as->style, "-s", "challenge", as->name, as->class, (char *)NULL); if (as->state & AUTH_CHALLENGE) @@ -518,14 +522,20 @@ int auth_setoption(auth_session_t *as, char *n, char *v) { struct authopts *opt; - int i = strlen(n) + strlen(v) + 2; + size_t len = strlen(n) + strlen(v) + 2; + int ret; - if ((opt = malloc(sizeof(*opt) + i)) == NULL) + if ((opt = malloc(sizeof(*opt) + len)) == NULL) return (-1); opt->opt = (char *)(opt + 1); - snprintf(opt->opt, i, "%s=%s", n, v); + ret = snprintf(opt->opt, len, "%s=%s", n, v); + if (ret < 0 || ret >= len) { + free(opt); + errno = ENAMETOOLONG; + return (-1); + } opt->next = as->optlist; as->optlist = opt; return(0); diff --git a/lib/libc/gen/authenticate.c b/lib/libc/gen/authenticate.c index a4f7aea2bd8..1ef26b683b9 100644 --- a/lib/libc/gen/authenticate.c +++ b/lib/libc/gen/authenticate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authenticate.c,v 1.15 2005/12/19 17:07:43 millert Exp $ */ +/* $OpenBSD: authenticate.c,v 1.16 2007/09/17 07:07:23 moritz Exp $ */ /*- * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved. @@ -172,7 +172,7 @@ auth_cat(char *file) int auth_approval(auth_session_t *as, login_cap_t *lc, char *name, char *type) { - int close_on_exit, close_lc_on_exit; + int close_on_exit, close_lc_on_exit, len; struct passwd *pwd; char *approve, *s, path[MAXPATHLEN]; @@ -227,7 +227,15 @@ auth_approval(auth_session_t *as, login_cap_t *lc, char *name, char *type) if (strncmp(type, "approve-", 8) == 0) type += 8; - snprintf(path, sizeof(path), "approve-%s", type); + len = snprintf(path, sizeof(path), "approve-%s", type); + if (len < 0 || len >= sizeof(path)) { + if (close_lc_on_exit) + login_close(lc); + syslog(LOG_ERR, "approval path too long %.*s...", + MAXPATHLEN, type); + _warnx("approval script path too long"); + return (0); + } } if ((approve = login_getcapstr(lc, s = path, NULL, NULL)) == NULL) @@ -415,6 +423,7 @@ auth_userresponse(auth_session_t *as, char *response, int more) { char path[MAXPATHLEN]; char *style, *name, *challenge, *class; + int len; if (as == NULL) return (0); @@ -427,6 +436,14 @@ auth_userresponse(auth_session_t *as, char *response, int more) return (auth_close(as)); return(0); } + + len = snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", style); + if (len < 0 || len >= sizeof(path)) { + if (more == 0) + return (auth_close(as)); + return (0); + } + challenge = auth_getitem(as, AUTHV_CHALLENGE); class = auth_getitem(as, AUTHV_CLASS); @@ -439,8 +456,6 @@ auth_userresponse(auth_session_t *as, char *response, int more) else auth_setdata(as, "", 1); - snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", style); - auth_call(as, path, style, "-s", "response", name, class, (char *)NULL); /* diff --git a/lib/libc/gen/getnetgrent.c b/lib/libc/gen/getnetgrent.c index c6556d95879..7c0b0b795ec 100644 --- a/lib/libc/gen/getnetgrent.c +++ b/lib/libc/gen/getnetgrent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getnetgrent.c,v 1.20 2007/09/05 08:12:15 moritz Exp $ */ +/* $OpenBSD: getnetgrent.c,v 1.21 2007/09/17 07:07:23 moritz Exp $ */ /* * Copyright (c) 1994 Christos Zoulas @@ -505,8 +505,16 @@ char * _ng_makekey(const char *s1, const char *s2, size_t len) { char *buf = malloc(len); - if (buf != NULL) - (void) snprintf(buf, len, "%s.%s", _NG_STAR(s1), _NG_STAR(s2)); + int ret; + + if (buf == NULL) + return NULL; + ret = snprintf(buf, len, "%s.%s", _NG_STAR(s1), _NG_STAR(s2)); + if (ret < 0 || ret >= len) { + free(buf); + return NULL; + } + return buf; } diff --git a/lib/libc/gen/login_cap.c b/lib/libc/gen/login_cap.c index fb6a7e0df8b..81aaa24afef 100644 --- a/lib/libc/gen/login_cap.c +++ b/lib/libc/gen/login_cap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_cap.c,v 1.27 2007/09/02 15:19:16 deraadt Exp $ */ +/* $OpenBSD: login_cap.c,v 1.28 2007/09/17 07:07:23 moritz Exp $ */ /* * Copyright (c) 2000-2004 Todd C. Miller <Todd.Miller@courtesan.com> @@ -509,6 +509,7 @@ gsetrl(login_cap_t *lc, int what, char *name, int type) char name_cur[32]; char name_max[32]; char *v; + int len; /* * If we have no capabilities then there is nothing to do and @@ -517,8 +518,16 @@ gsetrl(login_cap_t *lc, int what, char *name, int type) if (lc->lc_cap == NULL) return (0); - snprintf(name_cur, sizeof name_cur, "%s-cur", name); - snprintf(name_max, sizeof name_max, "%s-max", name); + len = snprintf(name_cur, sizeof name_cur, "%s-cur", name); + if (len < 0 || len >= sizeof name_cur) { + syslog(LOG_ERR, "current resource limit name too large"); + return (-1); + } + len = snprintf(name_max, sizeof name_max, "%s-max", name); + if (len < 0 || len >= sizeof name_max) { + syslog(LOG_ERR, "max resource limit name too large"); + return (-1); + } if (getrlimit(what, &r)) { syslog(LOG_ERR, "getting resource limit: %m"); |