cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

several patches from Debian

Browse Source 
- cmkdir now uses /dev/srandom (actually changed to arandom by me)
- support for filenames w/ 8bit chars
- sprintf() replaced with snprintf()
- some bugfixes

from Andreas Voegele <voegelas at gmx.net>
This commit is contained in:
sturm 2005-04-07 20:23:44 +00:00
parent 3dda16e772
commit a7d9ce80c3
9 changed files with 833 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
security/cfs/Makefile
View File

@ -1,11 +1,11 @@
# $OpenBSD: Makefile,v 1.25 2004/12/03 16:08:47 alek Exp $
# $OpenBSD: Makefile,v 1.26 2005/04/07 20:23:44 sturm Exp $
NOT_FOR_ARCHS= ${LP64_ARCHS}
COMMENT= "cryptographic file system (user-space NFS server)"
DISTNAME= cfs-1.4.1
PKGNAME= ${DISTNAME}p0
PKGNAME= ${DISTNAME}p1
CATEGORIES= security
HOMEPAGE= http://www.crypto.com/software/

37
security/cfs/patches/patch-Makefile
View File

@ -1,6 +1,5 @@
$OpenBSD: patch-Makefile,v 1.2 2004/06/15 18:32:22 sturm Exp $
--- Makefile.orig 2001-05-03 20:29:21.000000000 +0200
+++ Makefile 2004-06-10 10:52:30.000000000 +0200
--- Makefile.orig Thu May 3 20:29:21 2001
+++ Makefile Sat Mar 12 20:30:36 2005
@@ -74,8 +74,8 @@
#CC=cc
#COPT=-O -DNOT_ANSI_C -DPROTOTYPES=0
@ -12,7 +11,7 @@ $OpenBSD: patch-Makefile,v 1.2 2004/06/15 18:32:22 sturm Exp $
#1B: paths:
#some peple like /usr/local/sbin instead of /usr/local/etc
@@ -199,6 +199,14 @@ RINCLUDES=/usr/mab/rsaref/source
@@ -199,6 +199,14 @@
#COMPAT=-lcompat
#RPCOPTS=
@ -27,3 +26,33 @@ $OpenBSD: patch-Makefile,v 1.2 2004/06/15 18:32:22 sturm Exp $
##Use these for NetBSD i386 1.0 (John Kohl)
## For mounting, you need to use a command like:
## mount -o -P,-c localhost:/null /crypt
@@ -253,7 +261,7 @@
EOBJS=dhparams.o truerand.o esm_gen.o esm.o esm_cipher.o
COBJS=admproto_clnt.o cfs_des.o cfs_cipher.o cattach.o getpass.o cmkdir.o \
cdetach.o ver.o cname.o ccat.o mcgsbox.o mcgsbox.o mcg.o shs.o cpasswd.o \
- cfs_bfenc.o cfs_bfsk.o truerand.o safer.o
+ cfs_bfenc.o cfs_bfsk.o safer.o
OTHERS = nfsproto.h nfsproto_svr.c nfsproto_xdr.c admproto.h admproto_svr.c \
admproto_xdr.c admproto_clnt.c ver.c
@@ -277,16 +285,16 @@
ver.o $(LIBS) -o cdetach
cmkdir: getpass.o adm.o cfs_des.o cfs_cipher.o cmkdir.o ver.o mcg.o \
- mcgsbox.o cfs_bfenc.o cfs_bfsk.o safer.o shs.o truerand.o
+ mcgsbox.o cfs_bfenc.o cfs_bfsk.o safer.o shs.o
$(CC) cmkdir.o cfs_des.o cfs_cipher.o getpass.o adm.o ver.o mcg.o \
- cfs_bfenc.o cfs_bfsk.o mcgsbox.o safer.o shs.o truerand.o \
+ cfs_bfenc.o cfs_bfsk.o mcgsbox.o safer.o shs.o \
$(COMPAT) -o cmkdir
cpasswd: getpass.o cfs_des.o cfs_cipher.o cpasswd.o ver.o mcg.o \
- mcgsbox.o cfs_bfenc.o cfs_bfsk.o safer.o shs.o truerand.o
+ mcgsbox.o cfs_bfenc.o cfs_bfsk.o safer.o shs.o
$(CC) cpasswd.o cfs_des.o cfs_cipher.o getpass.o ver.o mcg.o \
mcgsbox.o cfs_bfenc.o cfs_bfsk.o safer.o shs.o \
- truerand.o $(COMPAT) -o cpasswd
+ $(COMPAT) -o cpasswd
cname: cname.o getpass.o cfs_des.o cfs_cipher.o cfs_adm.o cfs_fh.o \
cfs_bfenc.o cfs_bfsk.o cfs_nfs.o ver.o mcg.o mcgsbox.o safer.o shs.o

85
security/cfs/patches/patch-cattach_c
View File

@ -1,14 +1,81 @@
$OpenBSD: patch-cattach_c,v 1.1 2004/06/15 18:32:22 sturm Exp $
--- cattach.c.orig 2004-06-09 15:12:55.000000000 +0200
+++ cattach.c 2004-06-09 15:23:40.000000000 +0200
@@ -167,8 +167,8 @@ main(argc,argv)
sprintf(dir,"%s/%s",buf,dirarg);
} else
strcpy(dir,dirarg);
--- cattach.c.orig Fri Dec 19 01:32:57 1997
+++ cattach.c Sun Mar 13 14:05:19 2005
@@ -100,6 +100,7 @@
char *dirarg=NULL;
char *namearg=NULL;
int keycheck=1;
+ int l;
ap.highsec=1;
while (--argc) if (**++argv == '-') {
@@ -164,17 +165,35 @@
fprintf(stderr,"Can't stat current directory\n");
exit(1);
}
- sprintf(dir,"%s/%s",buf,dirarg);
- } else
- strcpy(dir,dirarg);
- sprintf(lname,"%s/..data",dir,1024);
- sprintf(kname,"%s/..k",dir,1024);
+ sprintf(lname,"%s/..data",dir);
+ sprintf(kname,"%s/..k",dir);
+ l = snprintf(dir, sizeof(dir), "%s/%s", buf, dirarg);
+ if (l < 0 || l >= sizeof(dir)) {
+ fprintf(stderr, "File name too long\n");
+ exit(1);
+ }
+ } else {
+ if (strlcpy(dir, dirarg, sizeof(dir)) >= sizeof(dir)) {
+ fprintf(stderr, "File name too long\n");
+ exit(1);
+ }
+ }
+ l = snprintf(lname, sizeof(lname), "%s/..data", dir);
+ if (l < 0 || l >= sizeof(lname)) {
+ fprintf(stderr, "File name too long\n");
+ exit(1);
+ }
+ (void)snprintf(kname, sizeof(kname), "%s/..k", dir);
if (chdir(lname) >= 0)
strcpy(dir,lname);
else if (chdir(dir)<0) {
perror(dirarg);
exit(1);
}
+ l = snprintf(cname, sizeof(cname), "%s/..c", dir);
+ if (l < 0 || l >= sizeof(cname)) {
+ fprintf(stderr, "File name too long\n");
+ exit(1);
+ }
+ (void)snprintf(sname, sizeof(sname), "%s/..s", dir);
#ifdef irix
/* or (I hope) more or less any system with the 4 parameter statfs */
if ((statfs(".",&sfb,sizeof sfb,0)<0) || (sfb.f_blocks==0)) {
@@ -188,7 +207,10 @@
}
#endif
ap.dirname=dir;
- strcpy(ins,namearg);
+ if (strlcpy(ins, namearg, sizeof(ins)) >= sizeof(ins)) {
+ fprintf(stderr, "Name too long\n");
+ exit(1);
+ }
*namearg='\0'; /* weak attempt to hide .instance in ps output */
ap.name=ins;
if (keycheck) {
@@ -207,8 +229,6 @@
if ((n>0) && (pw[n-1] == '\n'))
pw[n-1] = '\0';
}
- sprintf(cname,"%s/..c",dir);
- sprintf(sname,"%s/..s",dir);
if ((fp=fopen(cname,"r")) == NULL) {
ciph=CFS_STD_DES;
} else {
@@ -237,7 +257,7 @@
ap.expire = timeout;
ap.key.cipher=ciph;
if (smsize != LARGESMSIZE)
- sprintf(pw,"%s%d",pw,smsize);
+ (void)snprintf(pw, 256, "%s%d", pw, smsize);
if (cfmt) {
if (new_pwcrunch(pw,&ap.key)!=0) {

77
security/cfs/patches/patch-cfs_adm_c Normal file
View File

@ -0,0 +1,77 @@
--- cfs_adm.c.orig Mon Dec 25 10:41:30 1995
+++ cfs_adm.c Sat Mar 12 21:31:43 2005
@@ -49,6 +49,7 @@
int i;
cfskey tk;
instance *ins;
+ int l;
#ifdef DEBUG
printf("attach: %s %s %d\n",ap->dirname, ap->name, ap->anon);
@@ -86,12 +87,17 @@
ret=CFSERR_IFULL;
return &ret;
}
- topinstance=i;
- instances[i]=ins;
ins->id=i;
for (i=0; i<HSIZE; i++)
ins->file[i]=NULL;
ins->key.smsize = ap->smsize;
+ l = snprintf(ins->path, sizeof(ins->path), "%s/.", ap->dirname);
+ if (l < 0 || l >= sizeof(ins->path)) {
+ free(ins);
+ ret = CFSERR_IFULL;
+ return &ret;
+ }
+ (void)strlcpy(ins->name, ap->name, sizeof(ins->name));
if ((ins->key.primask=(char*) malloc(ins->key.smsize)) == NULL) {
free(ins);
ret = CFSERR_IFULL;
@@ -104,8 +110,6 @@
return &ret;
}
ins->anon=ap->anon;
- sprintf(ins->path,"%s/.",ap->dirname);
- strcpy(ins->name,ap->name);
copykey(&ap->key,&ins->key);
genmasks(&ins->key);
ins->uid=ap->uid;
@@ -121,6 +125,8 @@
bzero((char *)ins->check,8);
bcopy((char *)&roottime,(char *)ins->check,sizeof(roottime));
cipher(&ins->key,ins->check,0);
+ topinstance=ins->id;
+ instances[ins->id]=ins;
ret=CFS_OK;
return &ret;
}
@@ -144,10 +150,10 @@
FILE *fp;
for (i=0; i < k->smsize; i+=CFSBLOCK) {
- sprintf(start,"0%07x",i/CFSBLOCK);
+ (void)snprintf(start,sizeof(start),"0%07x",i/CFSBLOCK);
bcopy(start,&k->primask[i],CFSBLOCK);
mask_cipher(k,&k->primask[i],0);
- sprintf(start,"1%07x",i/CFSBLOCK);
+ (void)snprintf(start,sizeof(start),"1%07x",i/CFSBLOCK);
bcopy(start,&k->secmask[i],CFSBLOCK);
mask_cipher(k,&k->secmask[i],0);
}
@@ -215,10 +221,13 @@
cfs_admkey *k;
{
FILE *fp;
- char fn[1024];
+ char fn[NFS_MAXPATHLEN];
char buf[9];
+ int l;
- sprintf(fn,"%s/...",path);
+ l = snprintf(fn, sizeof(fn), "%s/...", path);
+ if (l < 0 || l >= sizeof(fn))
+ return CFSERR_BADNAME;
if ((fp=fopen(fn,"r"))==NULL)
return CFSERR_NODIR;
if (fread(buf,8,1,fp)!=1) {

411
security/cfs/patches/patch-cfs_fh_c
View File

@ -1,7 +1,128 @@
$OpenBSD: patch-cfs_fh_c,v 1.2 2004/06/15 18:32:22 sturm Exp $
--- cfs_fh.c.orig 2004-06-09 15:09:29.000000000 +0200
+++ cfs_fh.c 2004-06-09 15:11:41.000000000 +0200
@@ -359,7 +359,7 @@ isbndry(d)
--- cfs_fh.c.orig Thu May 3 20:24:59 2001
+++ cfs_fh.c Sat Mar 12 20:21:46 2005
@@ -177,6 +177,13 @@
perror("write");
return -1;
}
+ /* due to the way the file is padded we may actually have to
+ truncate it here. This happens when the write is at the end of
+ the file, is shorter than CFSBLOCK and brings the file to a length
+ which is evenly dividable by CFSBLOCK */
+ if (offset+len > dtov(sb.st_size) && vtod(offset+len) < sb.st_size) {
+ ftruncate(fd, vtod(offset+len));
+ }
/* iolen may contain CFSBLOCK extra chars */
return(dtov(iolen)-fronterr);
}
@@ -195,30 +202,39 @@
char *s;
{
static char cryptname[NFS_MAXNAMLEN+1];
+ static const u_char hexdigit[16] = {
+ '0', '1', '2', '3', '4', '5', '6', '7',
+ '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
+ };
u_char cryptstring[MAXCLEARNAME+CFSBLOCK+1];
- u_char x[3];
u_long l;
- int i;
+ int i, j;
if ((s==NULL) || ((l=strlen(s)+1)>MAXCLEARNAME))
return NULL;
if (!strcmp(s,".") || !strcmp(s,".."))
return s;
l=(l+(CFSBLOCK-1)) & (~(CFSBLOCK-1));
+ if (l >= (sizeof(cryptname) >> 1))
+ return NULL;
bzero((char *)cryptstring,l);
strcpy(cryptstring,s);
chksum(cryptstring,l);
doencrypt(key,cryptstring,l,10241,zerovect);
- cryptname[0]='\0';
+ j = 0;
for (i=0; i<l; i++) {
- sprintf((char *)x,"%02x",cryptstring[i]);
- strcat(cryptname,x);
+ u_char b = cryptstring[i];
+ cryptname[j++] = hexdigit[(b >> 4) & 15];
+ cryptname[j++] = hexdigit[b & 15];
}
+ cryptname[j] = '\0';
return cryptname;
}
/*
- * set high order bits
+ * Carefully frob the high order bits of s in a way that is both easily
+ * reversible (see unchksum) and backwards-compatible (at least for 7-bit
+ * characters).
*/
chksum(s,l)
char *s;
@@ -229,17 +245,47 @@
u_char bits[8];
acc=0;
- for (i=0; s[i]!='\0'; i++)
- acc += s[i]*((i%6)+1);
+ /* Everything we do here must be reproducible without knowledge of
+ bit 7 because unchksum won't have that information. Therefore,
+ only accumulate the lower 7 bits of each char and stop at the
+ first occurrence of either 0x00 or 0x80. Note that, for inputs
+ with bit 7 constantly zero, this is equivalent to looking at the
+ whole string. */
+ for (i=0; (s[i]&0x7f) != '\0'; i++)
+ acc += (s[i]&0x7f)*((i%6)+1);
+ for (; s[i]!='\0'; i++) /* advance i if we stopped at a 0x80 */
+ ;
for (i++; i<l; i++) /* fill up the end */
s[i] = s[i%8];
for (i=0; i<8; i++)
bits[i] = (acc<<(i%8))&0x80;
for (i=0; i<l; i++)
- s[i] |= bits[i%8];
+ s[i] ^= bits[i%8];
}
+void
+unchksum(s,l)
+ char *s;
+ long l;
+{
+ u_long acc;
+ int i;
+ u_char bits[8];
+ acc=0;
+ for (i=0; (s[i]&0x7f) != '\0'; i++)
+ acc += (s[i]&0x7f)*((i%6)+1);
+ for (i=0; i<8; i++)
+ bits[i] = (acc<<(i%8))&0x80;
+ for (i=0; i<l; i++) {
+ s[i] ^= bits[i%8];
+ /* not sure whether this actually buys any performance */
+ if(s[i]=='\0')
+ break; /* found end of filename, can stop here */
+ }
+}
+
+
/*
* decrypt path component
* leaving "." and ".."
@@ -279,9 +325,7 @@
if (l%CFSBLOCK)
return NULL;
dodecrypt(key,clearstring,l,10241,zerovect);
- for (i=0; (clearstring[i]&0x7f) !='\0'; i++)
- clearstring[i] &= 0x7f;
- clearstring[i]='\0';
+ unchksum(clearstring,l);
return clearstring;
}
@@ -359,11 +403,11 @@
static fh_u roothandle;
@ -10,12 +131,290 @@ $OpenBSD: patch-cfs_fh_c,v 1.2 2004/06/15 18:32:22 sturm Exp $
nfstime roottime={0,0};
/* Had to change this - someone else was using the same magic number! */
@@ -1160,7 +1160,7 @@ rootrd(cookie)
-/* PLEASE change this value if you're going to re-use this code for
+/* PLEASE change this value if you're going to re-use this code for */
/* something else! Otherwise your FS and CFS can't both run... */
/* static u_char magictest[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; */
static u_char magictest[8]="M.Blaze";
@@ -514,10 +558,44 @@
cfsno(err)
int err;
{
-/* if (err==ENOENT)
+ switch (err) {
+ case 0:
+ return NFS_OK;
+ case EPERM:
+ return NFSERR_PERM;
+ case ENOENT:
+ return NFSERR_NOENT;
+ case EIO:
+ return NFSERR_IO;
+ case ENXIO:
+ return NFSERR_NXIO;
+ case EACCES:
+ return NFSERR_ACCES;
+ case EEXIST:
+ return NFSERR_EXIST;
+ case ENODEV:
+ return NFSERR_NODEV;
+ case ENOTDIR:
+ return NFSERR_NOTDIR;
+ case EISDIR:
+ return NFSERR_ISDIR;
+ case EFBIG:
+ return NFSERR_FBIG;
+ case ENOSPC:
+ return NFSERR_NOSPC;
+ case EROFS:
+ return NFSERR_ROFS;
+ case ENAMETOOLONG:
+ return NFSERR_NAMETOOLONG;
+ case ENOTEMPTY:
+ return NFSERR_NOTEMPTY;
+ case EDQUOT:
+ return NFSERR_DQUOT;
+ case ESTALE:
return NFSERR_STALE;
- else */
+ default:
return err;
+ }
}
@@ -732,12 +810,17 @@
{
char path[NFS_MAXPATHLEN+1];
struct stat sb;
+ int l;
if (p==NULL) {
cfserrno=NFSERR_STALE;
return -2;
}
- sprintf(path,"%s/%s",p->name,comp);
+ l = snprintf(path, sizeof(path), "%s/%s", p->name, comp);
+ if (l < 0 || l >= sizeof(path)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
if (mkdir(path,0)<0)
return -1;
if (stat(path,&sb)<0)
@@ -766,12 +849,22 @@
u_long i[2];
} buf;
char linkname[NFS_MAXPATHLEN+1];
+ int l;
if (p==NULL) {
cfserrno=NFSERR_STALE;
return -2;
}
- sprintf(path,"%s/%s",p->name,comp);
+ l = snprintf(path, sizeof(path), "%s/%s", p->name, comp);
+ if (l < 0 || l >= sizeof(path)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
+ l = snprintf(linkname, sizeof(linkname), "%s/.pvect_%s", p->name, comp);
+ if (l < 0 || l >= sizeof(linkname)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
if ((fd=open(path,O_CREAT|O_WRONLY|O_EXCL,0))<0) {
if (errno==EEXIST) {
@@ -785,7 +878,6 @@
if (fstat(fd,&sb)<0)
return -1;
close(fd);
- sprintf(linkname,"%s/.pvect_%s",p->name,comp);
if (!rs) {
if (p->ins->highsec) { /* create new pert file iff highsec */
/* note that there's a race condition here until the simlink */
@@ -800,8 +892,8 @@
/* hash. but this doesn't really matter since collisions */
/* are rare. we could save all 64 bits, but the encoding */
/* of the link would get messy and large */
- sprintf(vect,"%02x%02x%02x%02x",
- buf.ch[0],buf.ch[1],buf.ch[2],buf.ch[3]);
+ (void)snprintf(vect, sizeof(vect), "%02x%02x%02x%02x",
+ buf.ch[0], buf.ch[1], buf.ch[2], buf.ch[3]);
if (symlink(vect,linkname) != 0) {
strcpy(linkname,"/NOWHERE/null");
bcopy((char *)zerovect,(char *)vect,8);
@@ -839,6 +931,7 @@
char linkname[NFS_MAXPATHLEN+1];
char vect[NFS_MAXPATHLEN+1];
struct stat sb;
+ int l;
if (p==NULL) {
cfserrno=NFSERR_STALE;
@@ -852,12 +945,20 @@
}
if ((p->parent==0) && (!strcmp(comp,"..")))
return fhrootlook(p->ins->name,h);
- sprintf(path,"%s/%s",p->name,comp);
+ l = snprintf(path, sizeof(path), "%s/%s", p->name, comp);
+ if (l < 0 || l >= sizeof(path)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
if (lstat(path,&sb)<0) {
return -1; /* just need the inode */
}
/* check for a linkfile */
- sprintf(linkname,"%s/.pvect_%s",p->name,comp);
+ l = snprintf(linkname, sizeof(linkname), "%s/.pvect_%s", p->name, comp);
+ if (l < 0 || l >= sizeof(linkname)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
if (readlink(linkname,vect,9) != 8) {
bcopy((char *)zerovect,(char *)vect,8);
strcpy(linkname,"/NOWHERE/null");
@@ -980,13 +1081,22 @@
char path[NFS_MAXPATHLEN+1];
char linkname[NFS_MAXPATHLEN+1];
int ret;
+ int l;
if (f==NULL) {
cfserrno=NFSERR_STALE;
return -2;
}
- sprintf(linkname,"%s/.pvect_%s",f->name,s);
- sprintf(path,"%s/%s",f->name,s);
+ l = snprintf(path, sizeof(path), "%s/%s", f->name, s);
+ if (l < 0 || l >= sizeof(path)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
+ l = snprintf(linkname, sizeof(linkname), "%s/.pvect_%s", f->name, s);
+ if (l < 0 || l >= sizeof(linkname)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
/* note that we don't bother to check and see if there's a
handle allocated for this - just wait for the inode to be
reclaimed */
@@ -1001,13 +1111,21 @@
char *s;
{
char path[NFS_MAXPATHLEN+1];
+ int l;
+ int err;
if (f==NULL) {
cfserrno=NFSERR_STALE;
return -2;
}
- sprintf(path,"%s/%s",f->name,s);
- return (rmdir(path));
+ l = snprintf(path, sizeof(path), "%s/%s", f->name, s);
+ if (l < 0 || l >= sizeof(path)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
+ if ((err = rmdir(path)) < 0)
+ cfserrno = cfsno(errno);
+ return err;
}
DIR *
@@ -1055,15 +1173,24 @@
char linkname[NFS_MAXPATHLEN+1];
char vectval[9];
int ret;
+ int l;
if ((f==NULL)||(t==NULL)) {
cfserrno=NFSERR_STALE;
return -2;
}
- sprintf(buf,"%s/%s",t->name,n);
+ l = snprintf(buf, sizeof(buf), "%s/%s", t->name, n);
+ if (l < 0 || l >= sizeof(buf)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
+ l = snprintf(linkname, sizeof(linkname), "%s/.pvect_%s", t->name, n);
+ if (l < 0 || l >= sizeof(buf)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
if ((ret=link(f->name,buf))!=0)
return ret;
- sprintf(linkname,"%s/.pvect_%s",t->name,n);
unlink(linkname);
if (readlink(f->vectname,vectval,9) == 8) {
vectval[8]='\0';
@@ -1079,12 +1206,17 @@
char *t;
{
char buf[NFS_MAXPATHLEN+1];
+ int l;
if (f==NULL) {
cfserrno=NFSERR_STALE;
return -2;
}
- sprintf(buf,"%s/%s",f->name,n);
+ l = snprintf(buf, sizeof(buf), "%s/%s", f->name, n);
+ if (l < 0 || l >= sizeof(buf)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
return (symlink(t,buf));
}
@@ -1100,15 +1232,32 @@
char fblink[NFS_MAXPATHLEN+1];
char tblink[NFS_MAXPATHLEN+1];
char vectval[9];
+ int l;
if ((f==NULL)||(t==NULL)) {
cfserrno=NFSERR_STALE;
return -2;
}
- sprintf(fb,"%s/%s",f->name,fn);
- sprintf(tb,"%s/%s",t->name,tn);
- sprintf(fblink,"%s/.pvect_%s",f->name,fn);
- sprintf(tblink,"%s/.pvect_%s",t->name,tn);
+ l = snprintf(fb, sizeof(fb), "%s/%s", f->name, fn);
+ if (l < 0 || l >= sizeof(fb)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
+ l = snprintf(tb, sizeof(tb), "%s/%s", t->name, tn);
+ if (l < 0 || l >= sizeof(tb)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
+ l = snprintf(fblink, sizeof(fblink), "%s/.pvect_%s", f->name, fn);
+ if (l < 0 || l >= sizeof(fblink)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
+ l = snprintf(tblink, sizeof(tblink), "%s/.pvect_%s", t->name, tn);
+ if (l < 0 || l >= sizeof(tblink)) {
+ cfserrno = NFSERR_NAMETOOLONG;
+ return -2;
+ }
if (rename(fb,tb)==0) { /* now we have to do a lookup */
unlink(tblink); /* may be a quick race cndtn here */
if (readlink(fblink,vectval,9)==8) {
@@ -1160,7 +1309,8 @@
} else while (cookie<(NINSTANCES+2)) {
if (instances[cookie-2] != NULL) {
if (instances[cookie-2]->anon)
- sprintf(d.d_name,".ANON_%d",cookie-2);
+ sprintf(d.d_name,".ANON_%ld",cookie-2);
+ (void)snprintf(d.d_name, sizeof(d.d_name),
+ ".ANON_%ld", cookie-2);
else
strcpy(d.d_name,
instances[cookie-2]->name);

11
security/cfs/patches/patch-cfs_nfs_c Normal file
View File

@ -0,0 +1,11 @@
--- cfs_nfs.c.orig Mon Dec 25 07:24:31 1995
+++ cfs_nfs.c Sun Mar 13 16:57:45 2005
@@ -51,7 +51,7 @@
ret[0]='\0';
for (i=0; i<NFS_FHSIZE; i++) {
- sprintf((char *)x,"%02x",fh[i]);
+ (void)snprintf((char *)x,3,"%02x",fh[i]);
strcat(ret,x);
}
return ret;

126
security/cfs/patches/patch-cmkdir_c Normal file
View File

@ -0,0 +1,126 @@
--- cmkdir.c.orig Sun Dec 14 22:54:50 1997
+++ cmkdir.c Sun Mar 13 13:32:28 2005
@@ -18,9 +18,14 @@
/*
* client cfs mkdir - 1.4.0
*/
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
#include <stdio.h>
#include <rpc/rpc.h>
#include <sys/time.h>
+#include <assert.h>
#include "nfsproto.h"
#include "admproto.h"
#include "cfs.h"
@@ -48,8 +53,9 @@
int smsize=LARGESMSIZE;
unsigned char ekey[128];
unsigned char ek1[128];
- unsigned int l;
int keycheck=1;
+ int l;
+ int rfd; /* File descriptor for /dev/srandom.*/
while (--argc && (**++argv == '-')) {
for (flg= ++*argv; *flg; ++flg)
@@ -102,7 +108,7 @@
fprintf(stderr,"Can't get key\n");
exit(1);
}
- strcpy(pword,pw);
+ (void)strlcpy(pword, pw, sizeof(pword));
if (strlen(pw)<16) {
fprintf(stderr,"Key must be at least 16 chars.\n");
exit(1);
@@ -116,6 +122,7 @@
"Keys don't match; drink some coffee and try again\n");
exit(1);
}
+ pw = pword;
}
else { /* just accept key from stdio */
if (fgets(pword,256,stdin) == NULL) {
@@ -129,8 +136,13 @@
pw[n-1] = '\0';
}
if (smsize != LARGESMSIZE)
- sprintf(pw,"%s%d",pword,smsize);
+ (void)snprintf(pw, 256, "%s%d", pw, smsize);
k.cipher=ciph;
+ rfd = open("/dev/srandom", O_RDONLY);
+ if (rfd < 0) {
+ perror ("/dev/srandom");
+ exit (1);
+ }
if (cfmt==0) {
if (old_pwcrunch(pw,&k)!=0) {
fprintf(stderr,"Invalid key\n");
@@ -145,7 +157,13 @@
/* now we xor in some truerand bytes for good measure */
bcopy(&k,ekey,32); /* assumes key material < 32 bytes */
for (i=0; i<32; i++) {
- ekey[i] ^= randbyte();
+ char b; /* Random byte */
+ if (1 != read (rfd, &b, 1))
+ {
+ perror ("/dev/srandom read 1");
+ exit (1);
+ }
+ ekey[i] ^= b;
}
encrypt_key(&k,ekey);
bcopy(ekey,ek1,32);
@@ -156,10 +174,22 @@
perror("cmkdir");
exit(1);
}
- sprintf(path,"%s/...",argv[0]);
+ l = snprintf(path, sizeof(path), "%s/...", argv[0]);
+ if (l < 0 || l >= sizeof(path)) {
+ fprintf(stderr, "File name too long: %s/...\n", argv[0]);
+ exit(1);
+ }
strcpy(str,"qua!");
/* now randomize the end of str.. */
- r = trand32();
+ assert(1 == read(rfd, ((char*)&r), 1));
+ for (i=0; i<sizeof(r); i++) {
+ if (1 != read (rfd, ((char*)&r)+i, 1))
+ {
+ perror ("/dev/srandom read 1");
+ exit (1);
+ }
+ }
+ (void) close (rfd);
for (i=0; i<4; i++)
str[i+4]=(r<<(i*8))&0377;
copykey(&k,&kt);
@@ -172,14 +202,14 @@
}
fwrite(str,8,1,fp);
fclose(fp);
- sprintf(path,"%s/..c",argv[0]);
+ (void)snprintf(path, sizeof(path), "%s/..c", argv[0]);
if ((fp=fopen(path,"w")) == NULL) {
perror("cmkdir");
exit(1);
}
fprintf(fp,"%d",k.cipher);
fclose(fp);
- sprintf(path,"%s/..s",argv[0]);
+ (void)snprintf(path, sizeof(path), "%s/..s", argv[0]);
if ((fp=fopen(path,"w")) == NULL) {
perror("cmkdir");
exit(1);
@@ -187,7 +217,7 @@
fprintf(fp,"%d\n",smsize);
fclose(fp);
if (cfmt) {
- sprintf(path,"%s/..k",argv[0]);
+ (void)snprintf(path, sizeof(path), "%s/..k", argv[0]);
if ((fp=fopen(path,"w")) == NULL) {
perror("cmkdir");
exit(1);

92
security/cfs/patches/patch-cpasswd_c Normal file
View File

@ -0,0 +1,92 @@
--- cpasswd.c.orig Sat Dec 13 23:50:36 1997
+++ cpasswd.c Sun Mar 13 14:07:27 2005
@@ -50,7 +50,8 @@
int ciph=CFS_STD_DES;
int cfmt=1;
unsigned char ekey[128];
-
+ int l;
+
while (--argc && (**++argv == '-')) {
for (flg= ++*argv; *flg; ++flg)
switch (*flg) {
@@ -68,13 +69,25 @@
fprintf(stderr,"Can't stat current directory\n");
exit(1);
}
- sprintf(dir,"%s/%s",buf,argv[0]);
- } else
- strcpy(dir,argv[0]);
- sprintf(kname,"%s/..k",dir);
- sprintf(nname,"%s/..n",dir);
- sprintf(oname,"%s/..o",dir);
- sprintf(lname,"%s/..data",dir);
+ l = snprintf(dir, sizeof(dir), "%s/%s", buf, argv[0]);
+ if (l < 0 || l >= sizeof(dir)) {
+ fprintf(stderr, "File name too long\n");
+ exit(1);
+ }
+ } else {
+ if (strlcpy(dir, argv[0], sizeof(dir)) >= sizeof(dir)) {
+ fprintf(stderr, "File name too long\n");
+ exit(1);
+ }
+ }
+ l = snprintf(lname, sizeof(lname), "%s/..data", dir);
+ if (l < 0 || l >= sizeof(lname)) {
+ fprintf(stderr, "File name too long\n");
+ exit(1);
+ }
+ (void)snprintf(kname, sizeof(kname), "%s/..k", dir);
+ (void)snprintf(nname, sizeof(nname), "%s/..n", dir);
+ (void)snprintf(oname, sizeof(oname), "%s/..o", dir);
if (chdir(lname) >= 0)
strcpy(dir,lname);
else if (chdir(dir)<0) {
@@ -82,8 +95,12 @@
exit(1);
}
- sprintf(cname,"%s/..c",dir);
- sprintf(sname,"%s/..s",dir);
+ l = snprintf(cname, sizeof(cname), "%s/..c", dir);
+ if (l < 0 || l >= sizeof(cname)) {
+ fprintf(stderr, "File name too long\n");
+ exit(1);
+ }
+ (void)snprintf(sname, sizeof(sname), "%s/..s", dir);
if ((fp=fopen(cname,"r")) == NULL) {
fprintf(stderr,"Can only change passphrase on new format CFS directories\n");
exit(1);
@@ -113,7 +130,7 @@
exit(1);
}
if (smsize != LARGESMSIZE)
- sprintf(pw,"%s%d",pw,smsize);
+ (void)snprintf(pw, 256, "%s%d", pw, smsize);
if (new_pwcrunch(pw,&oldkey)!=0) {
fprintf(stderr,"Invalid key\n");
exit(1);
@@ -144,7 +161,7 @@
exit(1);
}
if (smsize != LARGESMSIZE)
- sprintf(pw,"%s%d",pw,smsize);
+ (void)snprintf(pw, 256, "%s%d", pw, smsize);
if (new_pwcrunch(pw,&newkey)!=0) {
fprintf(stderr,"Invalid key\n");
exit(1);
@@ -182,9 +199,12 @@
char fn[1024];
char buf[9];
cfskey k;
+ int l;
copykey(ak,&k);
- sprintf(fn,"%s/...",path);
+ l = snprintf(fn, sizeof(fn), "%s/...", path);
+ if (l < 0 || l >= sizeof(fn))
+ return 0;
if ((fp=fopen(fn,"r"))==NULL)
return 0;
if (fread(buf,8,1,fp)!=1) {

11
security/cfs/patches/patch-getpass_c Normal file
View File

@ -0,0 +1,11 @@
--- getpass.c.orig Sun Mar 13 13:59:43 2005
+++ getpass.c Sun Mar 13 14:00:06 2005
@@ -64,7 +64,7 @@
register char *p;
register c;
FILE *fi;
- static char pbuf[128];
+ static char pbuf[256];
#ifdef MACH
int (*signal())();
int (*sig)();