[dovecot-cvs] dovecot/src/auth auth-digest-md5.c,1.8,1.9 userinfo-pam.c,1.8,1.9 userinfo-passwd-file.c,1.16,1.17 userinfo-passwd.c,1.8,1.9 userinfo-shadow.c,1.7,1.8 userinfo-vpopmail.c,1.8,1.9

Wed Dec 18 17:15:43 EET 2002

Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv3676/src/auth

Modified Files:
	auth-digest-md5.c userinfo-pam.c userinfo-passwd-file.c 
	userinfo-passwd.c userinfo-shadow.c userinfo-vpopmail.c 
Log Message:
Marked all non-trivial buffer modifications with @UNSAFE tag. Several
cleanups and a couple of minor bugfixes.



Index: auth-digest-md5.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/auth-digest-md5.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9

--- auth-digest-md5.c	9 Dec 2002 16:31:50 -0000	1.8
+++ auth-digest-md5.c	18 Dec 2002 15:15:41 -0000	1.9
@@ -218,6 +218,7 @@
 
 static int parse_next(char **data, char **key, char **value)
 {
+	/* @UNSAFE */
 	char *p, *dest;
 
 	p = *data;
@@ -271,6 +272,7 @@
 /* remove leading and trailing whitespace */
 static char *trim(char *str)
 {
+	/* @UNSAFE */
 	char *ret;
 
 	while (IS_LWS(*str)) str++;

Index: userinfo-pam.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-pam.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- userinfo-pam.c	18 Dec 2002 10:40:43 -0000	1.8
+++ userinfo-pam.c	18 Dec 2002 15:15:41 -0000	1.9
@@ -60,6 +60,7 @@
 static int pam_userpass_conv(int num_msg, linux_const struct pam_message **msg,
 	struct pam_response **resp, void *appdata_ptr)
 {
+	/* @UNSAFE */
 	pam_userpass_t *userpass = (pam_userpass_t *)appdata_ptr;
 #ifdef AUTH_PAM_USERPASS
 	pamc_bp_t prompt;

Index: userinfo-passwd-file.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd-file.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- userinfo-passwd-file.c	17 Dec 2002 03:00:44 -0000	1.16
+++ userinfo-passwd-file.c	18 Dec 2002 15:15:41 -0000	1.17
@@ -312,7 +312,7 @@
 {
 	IStream *input;
 	char *const *args;
-	char *line;
+	const char *line;
 
 	input = i_stream_create_file(pw->fd, default_pool, 2048, FALSE);
 	for (;;) {

Index: userinfo-passwd.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- userinfo-passwd.c	18 Dec 2002 10:40:43 -0000	1.8
+++ userinfo-passwd.c	18 Dec 2002 15:15:41 -0000	1.9
@@ -31,7 +31,6 @@
 			       AuthCookieReplyData *reply)
 {
 	struct passwd *pw;
-	char *passdup;
 	int result;
 
 	pw = getpwnam(user);
@@ -39,11 +38,9 @@
 		return FALSE;
 
 	/* check if the password is valid */
-        passdup = t_strdup_noconst(password);
-	result = strcmp(mycrypt(passdup, pw->pw_passwd), pw->pw_passwd) == 0;
+	result = strcmp(mycrypt(password, pw->pw_passwd), pw->pw_passwd) == 0;
 
 	/* clear the passwords from memory */
-	safe_memset(passdup, 0, strlen(passdup));
 	safe_memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
 
 	if (!result)

Index: userinfo-shadow.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-shadow.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- userinfo-shadow.c	18 Dec 2002 10:40:43 -0000	1.7
+++ userinfo-shadow.c	18 Dec 2002 15:15:41 -0000	1.8
@@ -20,7 +20,6 @@
 {
 	struct passwd *pw;
 	struct spwd *spw;
-	char *passdup;
 	int result;
 
 	spw = getspnam(user);
@@ -28,11 +27,9 @@
 		return FALSE;
 
 	/* check if the password is valid */
-        passdup = t_strdup_noconst(password);
-	result = strcmp(mycrypt(passdup, spw->sp_pwdp), spw->sp_pwdp) == 0;
+	result = strcmp(mycrypt(password, spw->sp_pwdp), spw->sp_pwdp) == 0;
 
 	/* clear the passwords from memory */
-	safe_memset(passdup, 0, strlen(passdup));
 	safe_memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp));
 
 	if (!result)

Index: userinfo-vpopmail.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-vpopmail.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- userinfo-vpopmail.c	18 Dec 2002 10:40:43 -0000	1.8
+++ userinfo-vpopmail.c	18 Dec 2002 15:15:41 -0000	1.9
@@ -26,7 +26,6 @@
 {
 	char vpop_user[VPOPMAIL_LIMIT], vpop_domain[VPOPMAIL_LIMIT];
 	struct vqpasswd *vpw;
-	char *passdup;
 	int result;
 
 	/* vpop_user must be zero-filled or parse_email() leaves an extra
@@ -77,10 +76,7 @@
 	}
 
 	/* verify password */
-        passdup = t_strdup_noconst(password);
-	result = strcmp(crypt(passdup, vpw->pw_passwd), vpw->pw_passwd) == 0;
-
-	safe_memset(passdup, 0, strlen(passdup));
+	result = strcmp(crypt(password, vpw->pw_passwd), vpw->pw_passwd) == 0;
 	safe_memset(vpw->pw_passwd, 0, strlen(vpw->pw_passwd));
 
 	if (!result) {


