1.2-beta4 pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12470 dc483132-0cff-0310-8789-dd5450dbe970

7 files changed, 84 insertions, 30 deletions

diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog
index 22a29c356..a5d22653b 100644
--- a/src/appl/gssftp/ftp/ChangeLog
+++ b/src/appl/gssftp/ftp/ChangeLog
@@ -1,3 +1,20 @@
+2000-05-11  Nalin Dahyabhai  <nalin@redhat.com>
+
+	* domacro.c (domacro): Don't overflow "line2"
+	* ftp.c (getreply, krb4 compat): Bail if message data too big for buffer
+	(getreply, gssapi): Ditto.
+	(pswitch): Don't overflow "ntin", "ntout", "mapin", "mapout".
+	(do_auth, krb4 compat): Don't overflow "realm".
+
+2000-04-27  Nalin Dahyabhai  <nalin@redhat.com>
+
+	* cmds.c (remglob): Don't overflow buffer "temp".
+	(shell): Don't overflow buffer "shellnam".
+	(quote1): "buf"
+	* glob.c (ftpglob): Fix boundary in buffer "agpath".
+	(expand): Don't overflow buffer pointed to by "gpath".
+	(execbrc): Don't overflow buffer "restbuf".
+
 2000-02-18  Ken Raeburn  <raeburn@mit.edu>
 
 	* cmds.c (mls): Declare some variables volatile to protect against
diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c
index 2a8e77550..0006e4fc5 100644
--- a/src/appl/gssftp/ftp/cmds.c
+++ b/src/appl/gssftp/ftp/cmds.c
@@ -1049,7 +1049,8 @@ remglob(argv,doswitch)
 		return (cp);
 	}
 	if (ftemp == NULL) {
-		(void) strcpy(temp, _PATH_TMP);
+		(void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1);
+		temp[sizeof(temp) - 1] = '\0';
 		(void) mktemp(temp);
 		oldverbose = verbose, verbose = 0;
 		oldhash = hash, hash = 0;
@@ -1510,7 +1511,8 @@ shell(argc, argv)
 		if (namep == NULL)
 			namep = shell;
 		(void) strcpy(shellnam,"-");
-		(void) strcat(shellnam, ++namep);
+		(void) strncat(shellnam, ++namep, sizeof(shellnam) - 1 - strlen(shellnam));
+		shellnam[sizeof(shellnam) - 1] = '\0';
 		if (strcmp(namep, "sh") != 0)
 			shellnam[0] = '+';
 		if (debug) {
@@ -1702,13 +1704,14 @@ quote1(initial, argc, argv)
 	register int i, len;
 	char buf[FTP_BUFSIZ];		/* must be >= sizeof(line) */
 
-	(void) strcpy(buf, initial);
+	(void) strncpy(buf, initial, sizeof(buf) - 1);
+	buf[sizeof(buf) - 1] = '\0';
 	if (argc > 1) {
 		len = strlen(buf);
-		len += strlen(strcpy(&buf[len], argv[1]));
+		len += strlen(strncpy(&buf[len], argv[1], sizeof(buf) - 1 - len));
 		for (i = 2; i < argc; i++) {
 			buf[len++] = ' ';
-			len += strlen(strcpy(&buf[len], argv[i]));
+			len += strlen(strncpy(&buf[len], argv[i], sizeof(buf) - 1 - len));
 		}
 	}
 	if (command(buf) == PRELIM) {
diff --git a/src/appl/gssftp/ftp/domacro.c b/src/appl/gssftp/ftp/domacro.c
index 9bc277b0f..ecfe9b4ad 100644
--- a/src/appl/gssftp/ftp/domacro.c
+++ b/src/appl/gssftp/ftp/domacro.c
@@ -71,7 +71,8 @@ domacro(argc, argv)
 		code = -1;
 		return;
 	}
-	(void) strcpy(line2, line);
+	(void) strncpy(line2, line, sizeof(line2) - 1);
+	line2[sizeof(line2) - 1] = '\0';
 TOP:
 	cp1 = macros[i].mac_start;
 	while (cp1 != macros[i].mac_end) {
@@ -92,7 +93,11 @@ TOP:
 				    }
 				    cp1--;
 				    if (argc - 2 >= j) {
-					(void) strcpy(cp2, argv[j+1]);
+                                        if(cp2 + strlen(argv[j+1]) - line < sizeof(line))
+					(void) strncpy(cp2, argv[j+1],
+						       sizeof(line) - 1 -
+						       (cp2 - line));
+					line[sizeof(line) - 1] = '\0';
 					cp2 += strlen(argv[j+1]);
 				    }
 				    break;
@@ -101,7 +106,11 @@ TOP:
 					loopflg = 1;
 					cp1++;
 					if (count < argc) {
-					   (void) strcpy(cp2, argv[count]);
+                                           if(cp2 + strlen(argv[j+1]) - line < sizeof(line))
+					   (void) strncpy(cp2, argv[count],
+							  sizeof(line) - 1 -
+							  (cp2 - line));
+					   line[sizeof(line) - 1] = '\0';
 					   cp2 += strlen(argv[count]);
 					}
 					break;
@@ -138,7 +147,8 @@ TOP:
 			if (bell && c->c_bell) {
 				(void) putchar('\007');
 			}
-			(void) strcpy(line, line2);
+			(void) strncpy(line, line2, sizeof(line) - 1);
+			line[sizeof(line) - 1] = '\0';
 			makeargv();
 			argc = margc;
 			argv = margv;
diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c
index 11f583a6c..a00850d95 100644
--- a/src/appl/gssftp/ftp/ftp.c
+++ b/src/appl/gssftp/ftp/ftp.c
@@ -680,9 +680,13 @@ getreply(expecteof)
 				  n = '5';
 				} else {
 				  if (debug) printf("%c:", safe ? 'S' : 'P');
-				  memcpy(ibuf, msg_data.app_data,
-					msg_data.app_length);
-				  strcpy(&ibuf[msg_data.app_length], "\r\n");
+				  if(msg_data.app_length < sizeof(ibuf) - 2) {
+				    memcpy(ibuf, msg_data.app_data,
+					   msg_data.app_length);
+				    strcpy(&ibuf[msg_data.app_length], "\r\n");
+				  } else {
+			            printf("Message too long!");
+				  }
 				  continue;
 				}
 #endif
@@ -703,9 +707,14 @@ getreply(expecteof)
 						 "failed unsealing reply");
 				  n = '5';
 				} else {
-				  memcpy(ibuf, msg_buf.value, 
-					 msg_buf.length);
-				  strcpy(&ibuf[msg_buf.length], "\r\n");
+				  if(msg_buf.length < sizeof(ibuf) - 2 - 1) {
+				    memcpy(ibuf, msg_buf.value, 
+					   msg_buf.length);
+				    strcpy(&ibuf[msg_buf.length], "\r\n");
+				  } else {
+				    user_gss_error(maj_stat, min_stat, 
+						   "reply was too long");
+				  }
 				  gss_release_buffer(&min_stat,&msg_buf);
 				  continue;
 				}
@@ -1636,20 +1645,24 @@ pswitch(flag)
 	mcase = op->mcse;
 	ip->ntflg = ntflag;
 	ntflag = op->ntflg;
-	(void) strncpy(ip->nti, ntin, 16);
+	(void) strncpy(ip->nti, ntin, sizeof(ip->nti) - 1);
 	(ip->nti)[strlen(ip->nti)] = '\0';
-	(void) strcpy(ntin, op->nti);
-	(void) strncpy(ip->nto, ntout, 16);
+	(void) strncpy(ntin, op->nti, sizeof(ntin) - 1);
+	ntin[sizeof(ntin) - 1] = '\0';
+	(void) strncpy(ip->nto, ntout, sizeof(ip->nto) - 1);
 	(ip->nto)[strlen(ip->nto)] = '\0';
-	(void) strcpy(ntout, op->nto);
+	(void) strncpy(ntout, op->nto, sizeof(ntout) - 1);
+	ntout[sizeof(ntout) - 1] = '\0';
 	ip->mapflg = mapflag;
 	mapflag = op->mapflg;
 	(void) strncpy(ip->mi, mapin, MAXPATHLEN - 1);
 	(ip->mi)[strlen(ip->mi)] = '\0';
-	(void) strcpy(mapin, op->mi);
+	(void) strncpy(mapin, op->mi, sizeof(mapin) - 1);
+	mapin[sizeof(mapin) - 1] = '\0';
 	(void) strncpy(ip->mo, mapout, MAXPATHLEN - 1);
 	(ip->mo)[strlen(ip->mo)] = '\0';
-	(void) strcpy(mapout, op->mo);
+	(void) strncpy(mapout, op->mo, sizeof(mapout) - 1);
+	mapout[sizeof(mapout) - 1] = '\0';
 	ip->authtype = auth_type;
 	auth_type = op->authtype;
 	ip->clvl = clevel;
@@ -1846,7 +1859,8 @@ gunique(local)
 		fprintf(stderr, "local: %s: %s\n", local, strerror(errno));
 		return((char *) 0);
 	}
-	(void) strcpy(new, local);
+	(void) strncpy(new, local, sizeof(new) - 3);
+	new[sizeof(new) - 1] = '\0';
 	cp = new + strlen(new);
 	*cp++ = '.';
 	while (!d) {
@@ -2054,9 +2068,11 @@ do_auth()
 	    if (verbose)
 		printf("%s accepted as authentication type\n", "KERBEROS_V4");
 
-	    strcpy(inst, (char *) krb_get_phost(hostname));
+	    strncpy(inst, (char *) krb_get_phost(hostname), sizeof(inst) - 1);
+	    inst[sizeof(inst) - 1] = '\0';
 	    if (realm[0] == '\0')
-	    	strcpy(realm, (char *) krb_realmofhost(hostname));
+	    	strncpy(realm, (char *) krb_realmofhost(hostname), sizeof(realm) - 1);
+	    realm[sizeof(realm) - 1] = '\0';
 	    if ((kerror = krb_mk_req(&ticket, service = "ftp",
 					inst, realm, checksum))
 		&& (kerror != KDC_PR_UNKNOWN ||
diff --git a/src/appl/gssftp/ftp/glob.c b/src/appl/gssftp/ftp/glob.c
index f92ee5e07..a5a6bf746 100644
--- a/src/appl/gssftp/ftp/glob.c
+++ b/src/appl/gssftp/ftp/glob.c
@@ -118,7 +118,7 @@ ftpglob(v)
 
 	globerr = 0;
 	gpath = agpath; gpathp = gpath; *gpathp = 0;
-	lastgpathp = &gpath[sizeof agpath - 2];
+	lastgpathp = &gpath[sizeof(agpath) - 1];
 	ginit(agargv); globcnt = 0;
 	collect(v);
 	if (globcnt == 0 && (gflag&1)) {
@@ -198,7 +198,8 @@ expand(as)
 					globerr = "Unknown user name after ~";
 				(void) strcpy(gpath, gpath + 1);
 			} else
-				(void) strcpy(gpath, home);
+				(void) strncpy(gpath, home, FTP_BUFSIZ - 1);
+			gpath[FTP_BUFSIZ - 1] = '\0';
 			gpathp = strend(gpath);
 		}
 	}
@@ -324,8 +325,9 @@ pend:
 doit:
 		savec = *pm;
 		*pm = 0;
-		(void) strcpy(lm, pl);
-		(void) strcat(restbuf, pe + 1);
+		(void) strncpy(lm, pl, sizeof(restbuf) - 1 - (lm - restbuf));
+		restbuf[sizeof(restbuf) - 1] = '\0';
+		(void) strncat(restbuf, pe + 1, sizeof(restbuf) - 1 - strlen(restbuf));
 		*pm = savec;
 		if (s == 0) {
 			sgpathp = gpathp;
@@ -700,7 +702,7 @@ gethdir(home)
 {
 	register struct passwd *pp = getpwnam(home);
 
-	if (!pp || home + strlen(pp->pw_dir) >= lastgpathp)
+	if (!pp || ((home + strlen(pp->pw_dir)) >= lastgpathp))
 		return (1);
 	(void) strcpy(home, pp->pw_dir);
 	return (0);
diff --git a/src/appl/gssftp/ftp/main.c b/src/appl/gssftp/ftp/main.c
index 9c1e43a86..6c7e1e91b 100644
--- a/src/appl/gssftp/ftp/main.c
+++ b/src/appl/gssftp/ftp/main.c
@@ -193,7 +193,8 @@ main(argc, argv)
 		pw = getpwuid(getuid());
 	if (pw != NULL) {
 		home = homedir;
-		(void) strcpy(home, pw->pw_dir);
+		(void) strncpy(home, pw->pw_dir, sizeof(homedir) - 1);
+		homedir[sizeof(homedir) - 1] = '\0';
 	}
 	if (argc > 0) {
 		if (setjmp(toplevel))
diff --git a/src/appl/gssftp/ftp/secure.c b/src/appl/gssftp/ftp/secure.c
index 48f57f93f..e1f69b084 100644
--- a/src/appl/gssftp/ftp/secure.c
+++ b/src/appl/gssftp/ftp/secure.c
@@ -52,6 +52,11 @@ extern struct	sockaddr_in myaddr;
 extern int	dlevel;
 extern char	*auth_type;
 
+/* Some libc's (GNU libc, at least) define MAX as a macro. Forget that. */
+#ifdef MAX
+#undef MAX
+#endif
+
 #define MAX maxbuf
 extern unsigned int maxbuf; 	/* maximum output buffer size */
 extern unsigned char *ucbuf;	/* cleartext buffer */