* Makefile.in (OBJS, SRCS): Add strnlen.o, strnlen.c

	* cr_auth_repl.c: Audit.  Fix up copyright.  Use new KRB4_PUT*
	macros for encoding so output is always big-endian.  Precompute
	string lengths for better length-checking.

	* cr_ciph.c: Audit.  Fix up copyright.  Use new KRB4_PUT* macros
	for encoding so that output is always big-endian.  Precompute
	string lengths for better length-checking.  Zero out the key
	schedule after encrypting.

	* cr_death_pkt.c: Audit.  Fix up copyright.  Precompute string
	lengths for better length-checking.

	* cr_err_repl.c: Audit.  Fix up copyright.  Use moving pointer to
	do encoding.  Precompute string lengths for better
	length-checking.  Use KRB4_PUT* macros so that output is always
	big-endian.

	* cr_tkt.c: Audit.  Fix up copyright.  Use KRB4_PUT* macros for
	encoding so that output is always big-endian.  Zero out the key
	schedule after encrypting.

	* decomp_tkt.c: Audit.  Fix up copyright.  Use krb_strnlen() for
	actually detecting string length errors.  Use a struct in_addr to
	retrieve the IP address and assign it to paddress for return.  Use
	KRB4_GET* macros for decoding to avoid byteswapping problems.
	Zero out session key and decrypted ticket on error.

	* g_ad_tkt.c: Audit.  Fix up copyright.  Break out parsing of
	decrypted KDC reply packet into a separate function to simplify
	error handling somewhat.  Precompute string lengths for better
	length-checking.  Use KRB4_PUT* macros for encoding so that output
	is always big-endian.  Use KRB4_GET* macros for decoding to avoid
	byteswapping problems.  Stomp on session key on error conditions.

	* g_in_tkt.c: Audit.  Fix up copyright.  Precompute string lengths
	for better length-checking.  Use KRB4_PUT* macros for encoding so
	output is always big-endian.  Use KRB4_GET* macros for decoding to
	avoid byteswapping problems.  Use krb_strnlen() to actually detect
	string length errors.  Zero out session key and decrypted KDC
	reply once they're no longer useful.

	* mk_auth.c: Audit.  Fix up copyright.  Use moving pointer for
	encoding.  Use KRB4_PUT* macros for encoding to avoid alignment
	issues with using memcpy().  Use KRB4_GET* macros for decoding to
	avoid alignment issues with using memcpy().

	* mk_err.c: Audit.  Fix up copyright.  Precompute string length.
	Use KRB4_PUT* macros to always encode as big-endian.

	* mk_preauth.c: Audit.  Zero out key schedule after encryption.

	* mk_priv.c: Audit.  Fix up copyright.  Use KRB4_PUT* macros for
	encoding so output is always big-endian.

	* mk_req.c: Audit.  Fix up copyright.  Use moving pointer for
	encoding.  Precompute string lengths for better length-checking.
	Use KRB4_PUT* macros for encoding so output is always big-endian.
	Zero out session key after encryption.

	* mk_safe.c: Audit.  Fix up copyright.  Use KRB4_PUT* macros for
	encoding so output is always big-endian.

	* rd_err.c: Audit.  Fix up copyright.  Use KRB4_GET* macros to
	avoid alignment issues.

	* rd_preauth.c: Audit.  Zero key schedule after decrypting.

	* rd_priv.c: Audit.  Fix up copyright.  Use KRB4_GET* macros to
	avoid alignment issues.

	* rd_req.c: Audit.  Fix up copyright.

	* send_to_kdc.c (send_recv): Actually set rpkt->length, since some
	callers actually use it now to do length-checking.

	* strnlen.c: New file; compute string length, bounded by a
	maximum.  If the maximum number of characters has been read
	without encountering a NUL character, return -1.  This makes
	overflow checking of strings in buffers much easier.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12859 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 43 insertions, 33 deletions

diff --git a/src/lib/krb4/cr_err_repl.c b/src/lib/krb4/cr_err_repl.c
index 54e87d82ed..35196df49e 100644
--- a/src/lib/krb4/cr_err_repl.c
+++ b/src/lib/krb4/cr_err_repl.c
@@ -1,14 +1,29 @@
 /*
- * cr_err_repl.c
+ * lib/krb4/cr_err_repl.c
  *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
+ * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
+ * Institute of Technology.  All Rights Reserved.
  *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
  */
 
-#include "mit-copyright.h"
 #include "krb.h"
 #include "prot.h"
 #include <string.h>
@@ -66,44 +81,39 @@ cr_err_reply(pkt,pname,pinst,prealm,time_ws,e,e_string)
     u_long e;			/* Error code */
     char *e_string;		/* Text of error */
 {
-    u_char *v = (u_char *) pkt->dat; /* Prot vers number */
-    u_char *t = (u_char *)(pkt->dat+1); /* Prot message type */
+    unsigned char *p;
+    size_t pnamelen, pinstlen, prealmlen, e_stringlen;
 
-    /* Create fixed part of packet */
-#if 0
-    *v = (unsigned char) req_act_vno; /* KRB_PROT_VERSION; */
-#else
-    *v = (unsigned char) KRB_PROT_VERSION;
-#endif
-    *t = (unsigned char) AUTH_MSG_ERR_REPLY;
-    *t |= HOST_BYTE_ORDER;
+    p = pkt->dat;
+    *p++ = KRB_PROT_VERSION;
+    *p++ = AUTH_MSG_ERR_REPLY;
 
     /* Make sure the reply will fit into the buffer. */
-    if(sizeof(pkt->dat) < 3 + strlen(pname) +
-		    	  1 + strlen(pinst) +
-			  1 + strlen(prealm) +
-			  4 + 4 +
-			  1 + strlen(e_string)) {
+    pnamelen = strlen(pname) + 1;
+    pinstlen = strlen(pinst) + 1;
+    prealmlen = strlen(prealm) + 1;
+    e_stringlen = strlen(e_string) + 1;
+    if(sizeof(pkt->dat) < (1 + 1 + pnamelen + pinstlen + prealmlen
+			   + 4 + 4 + e_stringlen)) {
         pkt->length = 0;
 	return;
     }
     /* Add the basic info */
-    (void) strcpy((char *) (pkt->dat+2),pname);
-    pkt->length = 3 + strlen(pname);
-    (void) strcpy((char *)(pkt->dat+pkt->length),pinst);
-    pkt->length += 1 + strlen(pinst);
-    (void) strcpy((char *)(pkt->dat+pkt->length),prealm);
-    pkt->length += 1 + strlen(prealm);
+    memcpy(p, pname, pnamelen);
+    p += pnamelen;
+    memcpy(p, pinst, pinstlen);
+    p += pinstlen;
+    memcpy(p, prealm, prealmlen);
+    p += prealmlen;
     /* ws timestamp */
-    memcpy((char *)(pkt->dat+pkt->length), (char *) &time_ws, 4);
-    pkt->length += 4;
+    KRB4_PUT32(p, time_ws);
     /* err code */
-    memcpy((char *)(pkt->dat+pkt->length), (char *) &e, 4);
-    pkt->length += 4;
+    KRB4_PUT32(p, e);
     /* err text */
-    (void) strcpy((char *)(pkt->dat+pkt->length),e_string);
-    pkt->length += 1 + strlen(e_string);
+    memcpy(p, e_string, e_stringlen);
+    p += e_stringlen;
 
     /* And return */
+    pkt->length = p - pkt->dat;
     return;
 }