[dovecot-cvs] dovecot/src/auth auth-digest-md5.c,1.8,1.9 userinfo-pam.c,1.8,1.9 userinfo-passwd-file.c,1.16,1.17 userinfo-passwd.c,1.8,1.9 userinfo-shadow.c,1.7,1.8 userinfo-vpopmail.c,1.8,1.9
cras at procontrol.fi
cras at procontrol.fi
Wed Dec 18 17:15:43 EET 2002
- Previous message: [dovecot-cvs] dovecot/src/imap client.c,1.16,1.17
- Next message: [dovecot-cvs] dovecot/src/lib-imap imap-envelope.c,1.15,1.16 imap-match.c,1.2,1.3 imap-match.h,1.2,1.3 imap-message-cache.c,1.25,1.26 imap-parser.c,1.24,1.25 imap-util.c,1.3,1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv3676/src/auth
Modified Files:
auth-digest-md5.c userinfo-pam.c userinfo-passwd-file.c
userinfo-passwd.c userinfo-shadow.c userinfo-vpopmail.c
Log Message:
Marked all non-trivial buffer modifications with @UNSAFE tag. Several
cleanups and a couple of minor bugfixes.
Index: auth-digest-md5.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/auth-digest-md5.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- auth-digest-md5.c 9 Dec 2002 16:31:50 -0000 1.8
+++ auth-digest-md5.c 18 Dec 2002 15:15:41 -0000 1.9
@@ -218,6 +218,7 @@
static int parse_next(char **data, char **key, char **value)
{
+ /* @UNSAFE */
char *p, *dest;
p = *data;
@@ -271,6 +272,7 @@
/* remove leading and trailing whitespace */
static char *trim(char *str)
{
+ /* @UNSAFE */
char *ret;
while (IS_LWS(*str)) str++;
Index: userinfo-pam.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-pam.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- userinfo-pam.c 18 Dec 2002 10:40:43 -0000 1.8
+++ userinfo-pam.c 18 Dec 2002 15:15:41 -0000 1.9
@@ -60,6 +60,7 @@
static int pam_userpass_conv(int num_msg, linux_const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr)
{
+ /* @UNSAFE */
pam_userpass_t *userpass = (pam_userpass_t *)appdata_ptr;
#ifdef AUTH_PAM_USERPASS
pamc_bp_t prompt;
Index: userinfo-passwd-file.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd-file.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- userinfo-passwd-file.c 17 Dec 2002 03:00:44 -0000 1.16
+++ userinfo-passwd-file.c 18 Dec 2002 15:15:41 -0000 1.17
@@ -312,7 +312,7 @@
{
IStream *input;
char *const *args;
- char *line;
+ const char *line;
input = i_stream_create_file(pw->fd, default_pool, 2048, FALSE);
for (;;) {
Index: userinfo-passwd.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- userinfo-passwd.c 18 Dec 2002 10:40:43 -0000 1.8
+++ userinfo-passwd.c 18 Dec 2002 15:15:41 -0000 1.9
@@ -31,7 +31,6 @@
AuthCookieReplyData *reply)
{
struct passwd *pw;
- char *passdup;
int result;
pw = getpwnam(user);
@@ -39,11 +38,9 @@
return FALSE;
/* check if the password is valid */
- passdup = t_strdup_noconst(password);
- result = strcmp(mycrypt(passdup, pw->pw_passwd), pw->pw_passwd) == 0;
+ result = strcmp(mycrypt(password, pw->pw_passwd), pw->pw_passwd) == 0;
/* clear the passwords from memory */
- safe_memset(passdup, 0, strlen(passdup));
safe_memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
if (!result)
Index: userinfo-shadow.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-shadow.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- userinfo-shadow.c 18 Dec 2002 10:40:43 -0000 1.7
+++ userinfo-shadow.c 18 Dec 2002 15:15:41 -0000 1.8
@@ -20,7 +20,6 @@
{
struct passwd *pw;
struct spwd *spw;
- char *passdup;
int result;
spw = getspnam(user);
@@ -28,11 +27,9 @@
return FALSE;
/* check if the password is valid */
- passdup = t_strdup_noconst(password);
- result = strcmp(mycrypt(passdup, spw->sp_pwdp), spw->sp_pwdp) == 0;
+ result = strcmp(mycrypt(password, spw->sp_pwdp), spw->sp_pwdp) == 0;
/* clear the passwords from memory */
- safe_memset(passdup, 0, strlen(passdup));
safe_memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp));
if (!result)
Index: userinfo-vpopmail.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-vpopmail.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- userinfo-vpopmail.c 18 Dec 2002 10:40:43 -0000 1.8
+++ userinfo-vpopmail.c 18 Dec 2002 15:15:41 -0000 1.9
@@ -26,7 +26,6 @@
{
char vpop_user[VPOPMAIL_LIMIT], vpop_domain[VPOPMAIL_LIMIT];
struct vqpasswd *vpw;
- char *passdup;
int result;
/* vpop_user must be zero-filled or parse_email() leaves an extra
@@ -77,10 +76,7 @@
}
/* verify password */
- passdup = t_strdup_noconst(password);
- result = strcmp(crypt(passdup, vpw->pw_passwd), vpw->pw_passwd) == 0;
-
- safe_memset(passdup, 0, strlen(passdup));
+ result = strcmp(crypt(password, vpw->pw_passwd), vpw->pw_passwd) == 0;
safe_memset(vpw->pw_passwd, 0, strlen(vpw->pw_passwd));
if (!result) {
- Previous message: [dovecot-cvs] dovecot/src/imap client.c,1.16,1.17
- Next message: [dovecot-cvs] dovecot/src/lib-imap imap-envelope.c,1.15,1.16 imap-match.c,1.2,1.3 imap-match.h,1.2,1.3 imap-message-cache.c,1.25,1.26 imap-parser.c,1.24,1.25 imap-util.c,1.3,1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dovecot-cvs
mailing list