[dovecot-cvs] dovecot/src/auth userinfo-pam.c,1.9,1.10 userinfo-passwd-file.c,1.17,1.18 userinfo-passwd.c,1.9,1.10 userinfo-vpopmail.c,1.10,1.11
cras at procontrol.fi
cras at procontrol.fi
Thu Dec 19 03:02:37 EET 2002
Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv11467/auth
Modified Files:
userinfo-pam.c userinfo-passwd-file.c userinfo-passwd.c
userinfo-vpopmail.c
Log Message:
Buffer related cleanups. Use PATH_MAX instead of hardcoded 1024 for paths.
Added str_path() and str_ppath() functions. i_snprintf() now returns only -1
or 0 depending on if buffer got full. dec2str() returns the string allocated
from data stack. Instead of just casting to (long) or (int), we now use
dec2str() with printf-like functions. Added o_stream_send_str(). Added
strocpy() and replaced all strcpy()s and strncpy()s with it.
Pretty much untested, hope it doesn't break too badly :)
Index: userinfo-pam.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-pam.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- userinfo-pam.c 18 Dec 2002 15:15:41 -0000 1.9
+++ userinfo-pam.c 19 Dec 2002 01:02:34 -0000 1.10
@@ -88,14 +88,15 @@
if (!(*resp = malloc(sizeof(struct pam_response))))
return PAM_CONV_ERR;
+ userlen = strlen(userpass->user);
+ passlen = strlen(userpass->pass);
+
prompt = NULL;
- PAM_BP_RENEW(&prompt, PAM_BPC_DONE,
- strlen(userpass->user) + 1 + strlen(userpass->pass));
+ PAM_BP_RENEW(&prompt, PAM_BPC_DONE, userlen + 1 + passlen);
output = PAM_BP_WDATA(prompt);
- strcpy(output, userpass->user);
- output += strlen(output) + 1;
- memcpy(output, userpass->pass, strlen(userpass->pass));
+ memcpy(output, userpass->user, userlen + 1);
+ memcpy(output + userlen + 1, userpass->pass, passlen);
(*resp)[0].resp_retcode = 0;
(*resp)[0].resp = (char *)prompt;
Index: userinfo-passwd-file.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd-file.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- userinfo-passwd-file.c 18 Dec 2002 15:15:41 -0000 1.17
+++ userinfo-passwd-file.c 19 Dec 2002 01:02:34 -0000 1.18
@@ -78,20 +78,21 @@
reply->gid = pu->gid;
if (pu->home != NULL) {
- i_assert(sizeof(reply->home) > strlen(pu->home));
- strcpy(reply->home, pu->home);
+ if (strocpy(reply->home, pu->home, sizeof(reply->home)) < 0)
+ i_panic("home overflow");
}
if (pu->mail != NULL) {
- i_assert(sizeof(reply->mail) > strlen(pu->mail));
- strcpy(reply->mail, pu->mail);
+ if (strocpy(reply->mail, pu->mail, sizeof(reply->mail)) < 0)
+ i_panic("mail overflow");
}
- i_assert(sizeof(reply->virtual_user) > strlen(pu->user_realm));
- strcpy(reply->virtual_user, pu->user_realm);
+ if (strocpy(reply->virtual_user, pu->user_realm,
+ sizeof(reply->virtual_user)) < 0)
+ i_panic("virtual_user overflow");
if (pu->realm != NULL) {
- /* ':' -> '@' to make it look prettier */
+ /* @UNSAFE: ':' -> '@' to make it look prettier */
size_t pos;
pos = (size_t) (pu->realm - (const char *) pu->user_realm);
Index: userinfo-passwd.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- userinfo-passwd.c 18 Dec 2002 15:15:41 -0000 1.9
+++ userinfo-passwd.c 19 Dec 2002 01:02:34 -0000 1.10
@@ -15,16 +15,17 @@
void passwd_fill_cookie_reply(struct passwd *pw, AuthCookieReplyData *reply)
{
- i_assert(sizeof(reply->system_user) > strlen(pw->pw_name));
- i_assert(sizeof(reply->virtual_user) > strlen(pw->pw_name));
- i_assert(sizeof(reply->home) > strlen(pw->pw_dir));
-
reply->uid = pw->pw_uid;
reply->gid = pw->pw_gid;
- strcpy(reply->system_user, pw->pw_name);
- strcpy(reply->virtual_user, pw->pw_name);
- strcpy(reply->home, pw->pw_dir);
+ if (strocpy(reply->system_user, pw->pw_name,
+ sizeof(reply->system_user)) < 0)
+ i_panic("system_user overflow");
+ if (strocpy(reply->virtual_user, pw->pw_name,
+ sizeof(reply->virtual_user)) < 0)
+ i_panic("virtual_user overflow");
+ if (strocpy(reply->home, pw->pw_dir, sizeof(reply->home)) < 0)
+ i_panic("home overflow");
}
static int passwd_verify_plain(const char *user, const char *password,
Index: userinfo-vpopmail.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-vpopmail.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- userinfo-vpopmail.c 18 Dec 2002 15:17:01 -0000 1.10
+++ userinfo-vpopmail.c 19 Dec 2002 01:02:34 -0000 1.11
@@ -85,25 +85,20 @@
return FALSE;
}
- /* make sure it's not giving too large values to us */
- if (strlen(vpw->pw_dir) >= sizeof(reply->home)) {
- i_panic("Home directory too large (%u > %u)",
- strlen(vpw->pw_dir), sizeof(reply->home)-1);
- }
-
- if (strlen(vpw->pw_name) >= sizeof(reply->system_user)) {
+ if (strocpy(reply->system_user, vpw->pw_name,
+ sizeof(reply->system_user)) < 0) {
i_panic("Username too large (%u > %u)",
strlen(vpw->pw_name), sizeof(reply->system_user)-1);
}
-
- if (strlen(vpw->pw_name) >= sizeof(reply->virtual_user)) {
+ if (strocpy(reply->virtual_user, vpw->pw_name,
+ sizeof(reply->virtual_user)) < 0) {
i_panic("Username too large (%u > %u)",
strlen(vpw->pw_name), sizeof(reply->virtual_user)-1);
}
-
- strcpy(reply->system_user, vpw->pw_name);
- strcpy(reply->virtual_user, vpw->pw_name);
- strcpy(reply->home, vpw->pw_dir);
+ if (strocpy(reply->home, vpw->pw_dir, sizeof(reply->home)) < 0) {
+ i_panic("Home directory too large (%u > %u)",
+ strlen(vpw->pw_dir), sizeof(reply->home)-1);
+ }
return TRUE;
}
More information about the dovecot-cvs
mailing list