* Makefile.in (OBJS, SRCS): Add strnlen.o, strnlen.c

	* cr_auth_repl.c: Audit.  Fix up copyright.  Use new KRB4_PUT*
	macros for encoding so output is always big-endian.  Precompute
	string lengths for better length-checking.

	* cr_ciph.c: Audit.  Fix up copyright.  Use new KRB4_PUT* macros
	for encoding so that output is always big-endian.  Precompute
	string lengths for better length-checking.  Zero out the key
	schedule after encrypting.

	* cr_death_pkt.c: Audit.  Fix up copyright.  Precompute string
	lengths for better length-checking.

	* cr_err_repl.c: Audit.  Fix up copyright.  Use moving pointer to
	do encoding.  Precompute string lengths for better
	length-checking.  Use KRB4_PUT* macros so that output is always
	big-endian.

	* cr_tkt.c: Audit.  Fix up copyright.  Use KRB4_PUT* macros for
	encoding so that output is always big-endian.  Zero out the key
	schedule after encrypting.

	* decomp_tkt.c: Audit.  Fix up copyright.  Use krb_strnlen() for
	actually detecting string length errors.  Use a struct in_addr to
	retrieve the IP address and assign it to paddress for return.  Use
	KRB4_GET* macros for decoding to avoid byteswapping problems.
	Zero out session key and decrypted ticket on error.

	* g_ad_tkt.c: Audit.  Fix up copyright.  Break out parsing of
	decrypted KDC reply packet into a separate function to simplify
	error handling somewhat.  Precompute string lengths for better
	length-checking.  Use KRB4_PUT* macros for encoding so that output
	is always big-endian.  Use KRB4_GET* macros for decoding to avoid
	byteswapping problems.  Stomp on session key on error conditions.

	* g_in_tkt.c: Audit.  Fix up copyright.  Precompute string lengths
	for better length-checking.  Use KRB4_PUT* macros for encoding so
	output is always big-endian.  Use KRB4_GET* macros for decoding to
	avoid byteswapping problems.  Use krb_strnlen() to actually detect
	string length errors.  Zero out session key and decrypted KDC
	reply once they're no longer useful.

	* mk_auth.c: Audit.  Fix up copyright.  Use moving pointer for
	encoding.  Use KRB4_PUT* macros for encoding to avoid alignment
	issues with using memcpy().  Use KRB4_GET* macros for decoding to
	avoid alignment issues with using memcpy().

	* mk_err.c: Audit.  Fix up copyright.  Precompute string length.
	Use KRB4_PUT* macros to always encode as big-endian.

	* mk_preauth.c: Audit.  Zero out key schedule after encryption.

	* mk_priv.c: Audit.  Fix up copyright.  Use KRB4_PUT* macros for
	encoding so output is always big-endian.

	* mk_req.c: Audit.  Fix up copyright.  Use moving pointer for
	encoding.  Precompute string lengths for better length-checking.
	Use KRB4_PUT* macros for encoding so output is always big-endian.
	Zero out session key after encryption.

	* mk_safe.c: Audit.  Fix up copyright.  Use KRB4_PUT* macros for
	encoding so output is always big-endian.

	* rd_err.c: Audit.  Fix up copyright.  Use KRB4_GET* macros to
	avoid alignment issues.

	* rd_preauth.c: Audit.  Zero key schedule after decrypting.

	* rd_priv.c: Audit.  Fix up copyright.  Use KRB4_GET* macros to
	avoid alignment issues.

	* rd_req.c: Audit.  Fix up copyright.

	* send_to_kdc.c (send_recv): Actually set rpkt->length, since some
	callers actually use it now to do length-checking.

	* strnlen.c: New file; compute string length, bounded by a
	maximum.  If the maximum number of characters has been read
	without encountering a NUL character, return -1.  This makes
	overflow checking of strings in buffers much easier.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12859 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 54 insertions, 40 deletions

diff --git a/src/lib/krb4/cr_auth_repl.c b/src/lib/krb4/cr_auth_repl.c
index a0562d96f..16482908e 100644
--- a/src/lib/krb4/cr_auth_repl.c
+++ b/src/lib/krb4/cr_auth_repl.c
@@ -1,14 +1,29 @@
 /*
- * cr_auth_repl.c
+ * lib/krb4/cr_auth_repl.c
  *
- * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
- * of Technology.
+ * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
+ * Institute of Technology.  All Rights Reserved.
  *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
  */
 
-#include "mit-copyright.h"
 #include "krb.h"
 #include "prot.h"
 #include <string.h>
@@ -58,7 +73,7 @@
  */
 
 KTEXT
-create_auth_reply(pname,pinst,prealm,time_ws,n,x_date,kvno,cipher)
+create_auth_reply(pname, pinst, prealm, time_ws, n, x_date, kvno, cipher)
     char *pname;                /* Principal's name */
     char *pinst;                /* Principal's instance */
     char *prealm;               /* Principal's authentication domain */
@@ -69,54 +84,53 @@ create_auth_reply(pname,pinst,prealm,time_ws,n,x_date,kvno,cipher)
     KTEXT cipher;               /* Cipher text with tickets and
 				 * session keys */
 {
-    static  KTEXT_ST pkt_st;
+    static KTEXT_ST pkt_st;
     KTEXT pkt = &pkt_st;
-    unsigned char *v =  pkt->dat; /* Prot vers number */
-    unsigned char *t = (pkt->dat+1); /* Prot message type */
-    short w_l;			/* Cipher length */
+    unsigned char *p;
+    size_t pnamelen, pinstlen, prealmlen;
 
     /* Create fixed part of packet */
-    *v = (unsigned char) KRB_PROT_VERSION;
-    *t = (unsigned char) AUTH_MSG_KDC_REPLY;
-    *t |= HOST_BYTE_ORDER;
-
+    p = pkt->dat;
+    /* This is really crusty. */
     if (n != 0)
-	*v = 3;
+	*p++ = 3;
+    else
+	*p++ = KRB_PROT_VERSION;
+    *p++ = AUTH_MSG_KDC_REPLY;	/* always big-endian */
 
     /* Make sure the response will actually fit into its buffer. */
-    if(sizeof(pkt->dat) < 3 + strlen(pname) +
-		    	  1 + strlen(pinst) +
-			  1 + strlen(prealm) +
-			  4 + 1 + 4 +
-			  1 + 2 + cipher->length) {
+    pnamelen = strlen(pname) + 1;
+    pinstlen = strlen(pinst) + 1;
+    prealmlen = strlen(prealm) + 1;
+    if (sizeof(pkt->dat) < (1 + 1 + pnamelen + pinstlen + prealmlen
+			    + 4 + 1 + 4 + 1 + 2 + cipher->length)
+	|| cipher->length > 65535 || cipher->length < 0) {
 	pkt->length = 0;
         return NULL;
     }
-			  
     /* Add the basic info */
-    (void) strcpy((char *) (pkt->dat+2), pname);
-    pkt->length = 3 + strlen(pname);
-    (void) strcpy((char *) (pkt->dat+pkt->length),pinst);
-    pkt->length += 1 + strlen(pinst);
-    (void) strcpy((char *) (pkt->dat+pkt->length),prealm);
-    pkt->length += 1 + strlen(prealm);
+    memcpy(p, pname, pnamelen);
+    p += pnamelen;
+    memcpy(p, pinst, pinstlen);
+    p += pinstlen;
+    memcpy(p, prealm, prealmlen);
+    p += prealmlen;
+
     /* Workstation timestamp */
-    memcpy((char *) (pkt->dat+pkt->length), (char *) &time_ws, 4);
-    pkt->length += 4;
-    *(pkt->dat+(pkt->length)++) = (unsigned char) n;
+    KRB4_PUT32(p, time_ws);
+
+    *p++ = n;
+
     /* Expiration date */
-    memcpy((char *) (pkt->dat+pkt->length), (char *) &x_date, 4);
-    pkt->length += 4;
+    KRB4_PUT32(p, x_date);
 
     /* Now send the ciphertext and info to help decode it */
-    *(pkt->dat+(pkt->length)++) = (unsigned char) kvno;
-    w_l = (short) cipher->length;
-    memcpy((char *) (pkt->dat+pkt->length), (char *) &w_l, 2);
-    pkt->length += 2;
-    memcpy((char *) (pkt->dat+pkt->length), (char *) (cipher->dat), 
-	   cipher->length);
-    pkt->length += cipher->length;
+    *p++ = kvno;
+    KRB4_PUT16(p, cipher->length);
+    memcpy(p, cipher->dat, (size_t)cipher->length);
+    p += cipher->length;
 
     /* And return the packet */
+    pkt->length = p - pkt->dat;
     return pkt;
 }