Index: krb4/lib/krb/Makefile.in diff -u krb4/lib/krb/Makefile.in:1.57 krb4/lib/krb/Makefile.in:1.57.4.1 --- krb4/lib/krb/Makefile.in:1.57 Sun Nov 24 01:07:37 1996 +++ krb4/lib/krb/Makefile.in Wed Apr 30 11:49:24 1997 @@ -1,5 +1,5 @@ # -# $Id: Makefile.in,v 1.57 1996/11/24 00:07:37 assar Exp $ +# $Id: Makefile.in,v 1.57.4.1 1997/04/30 09:49:24 joda Exp $ # # Under SunOS-5.x it is necessary to link with -ldes to be binary compatible. @@ -107,7 +107,8 @@ et_list.c \ resolve.c \ unparse_name.c \ - logging.c + logging.c \ + k_concat.c OBJECTS = cr_err_reply.o \ create_auth_reply.o \ @@ -179,7 +180,8 @@ krb_err.o \ resolve.o \ unparse_name.o \ - logging.o + logging.o \ + k_concat.o # This is only needed by some shared library implementations LDOBJ = et_list.o Index: krb4/lib/krb/get_host.c diff -u krb4/lib/krb/get_host.c:1.21 krb4/lib/krb/get_host.c:1.21.4.3 --- krb4/lib/krb/get_host.c:1.21 Sun Nov 17 20:47:31 1996 +++ krb4/lib/krb/get_host.c Thu May 1 02:08:11 1997 @@ -38,7 +38,7 @@ #include "krb_locl.h" -RCSID("$Id: get_host.c,v 1.21 1996/11/17 19:47:31 joda Exp $"); +RCSID("$Id: get_host.c,v 1.21.4.3 1997/05/01 00:08:11 joda Exp $"); struct host_list { struct krb_host *this; @@ -146,9 +146,9 @@ read_file(const char *filename, const char *r) { char line[1024]; - char realm[REALM_SZ]; - char address[2*MaxHostNameLen]; - char scratch[128]; + char realm[1024]; + char address[1024]; + char scratch[1024]; int n; int nhosts = 0; @@ -178,8 +178,8 @@ krb_port = ntohs(k_getportbyname (KRB_SERVICE, NULL, htons(KRB_PORT))); if(dir){ char file[MaxPathLen]; - sprintf(file, "%s/krb.conf", dir); - read_file(file, realm); + if(k_concat(file, sizeof(file), dir, "/krb.conf", NULL) == 0) + read_file(file, realm); } for(i = 0; files[i]; i++) read_file(files[i], realm); Index: krb4/lib/krb/get_krbrlm.c diff -u krb4/lib/krb/get_krbrlm.c:1.10 krb4/lib/krb/get_krbrlm.c:1.10.4.3 --- krb4/lib/krb/get_krbrlm.c:1.10 Sun Nov 17 21:23:44 1996 +++ krb4/lib/krb/get_krbrlm.c Thu May 1 01:59:00 1997 @@ -26,7 +26,7 @@ #include "krb_locl.h" -RCSID("$Id: get_krbrlm.c,v 1.10 1996/11/17 20:23:44 assar Exp $"); +RCSID("$Id: get_krbrlm.c,v 1.10.4.3 1997/04/30 23:59:00 joda Exp $"); /* * krb_get_lrealm takes a pointer to a string, and a number, n. It fills @@ -46,18 +46,21 @@ static int krb_get_lrealm_f(char *r, int n, const char *fname) { - FILE *cnffile; - - if ((cnffile = fopen(fname, "r")) == NULL) - return(KFAILURE); - - if (fscanf(cnffile,"%s",r) != 1) - { - fclose(cnffile); - return(KFAILURE); + FILE *f; + int ret = KFAILURE; + f = fopen(fname, "r"); + if(f){ + char buf[REALM_SZ]; + if(fgets(buf, sizeof(buf), f)){ + char *p = buf + strspn(buf, " \t"); + p[strcspn(p, " \t\r\n")] = 0; + p[REALM_SZ - 1] = 0; + strcpy(r, p); + ret = KSUCCESS; + } + fclose(f); } - fclose(cnffile); - return(KSUCCESS); + return ret; } int @@ -74,13 +77,9 @@ /* First try user specified file */ if (dir != 0) { char fname[MaxPathLen]; - - strncpy(fname, dir, sizeof(fname)); - fname[sizeof(fname)-1] = '\0'; - strncat(fname, "/krb.conf", sizeof(fname) - strlen(fname) - 1); - fname[sizeof(fname)-1] = '\0'; - if (krb_get_lrealm_f(r, n, fname) == KSUCCESS) - return KSUCCESS; + if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) + if (krb_get_lrealm_f(r, n, fname) == KSUCCESS) + return KSUCCESS; } for (i = 0; files[i] != 0; i++) Index: krb4/lib/krb/get_phost.c diff -u krb4/lib/krb/get_phost.c:1.12 krb4/lib/krb/get_phost.c:1.12.4.1 --- krb4/lib/krb/get_phost.c:1.12 Wed Nov 20 00:09:01 1996 +++ krb4/lib/krb/get_phost.c Wed Apr 30 14:39:41 1997 @@ -21,7 +21,7 @@ #include "krb_locl.h" -RCSID("$Id: get_phost.c,v 1.12 1996/11/19 23:09:01 assar Exp $"); +RCSID("$Id: get_phost.c,v 1.12.4.1 1997/04/30 12:39:41 joda Exp $"); /* * This routine takes an alias for a host name and returns the first @@ -37,7 +37,7 @@ static char phost[MaxHostNameLen+1]; char *p; - krb_name_to_name(alias, phost); + krb_name_to_name(alias, phost, sizeof(phost)); p = phost; while (p && *p && *p != '.') { Index: krb4/lib/krb/getrealm.c diff -u krb4/lib/krb/getrealm.c:1.19 krb4/lib/krb/getrealm.c:1.19.4.3 --- krb4/lib/krb/getrealm.c:1.19 Sun Nov 17 21:23:45 1996 +++ krb4/lib/krb/getrealm.c Wed Apr 30 22:01:09 1997 @@ -21,7 +21,7 @@ #include "krb_locl.h" -RCSID("$Id: getrealm.c,v 1.19 1996/11/17 20:23:45 assar Exp $"); +RCSID("$Id: getrealm.c,v 1.19.4.3 1997/04/30 20:01:09 joda Exp $"); #define MATCH_SUBDOMAINS 0 @@ -57,16 +57,12 @@ static int dns_find_realm(char *hostname, char *realm) { - char domain[MaxHostNameLen]; - char host[MaxHostNameLen]; + char domain[MaxHostNameLen + sizeof("krb4-realm..")]; char *p; int level = 0; struct dns_reply *r; - strcpy(host, hostname); - if(host[strlen(host) - 1] != '.') - strcat(host, "."); - p = host; + p = hostname; while(1){ sprintf(domain, "krb4-realm.%s.", p); @@ -76,6 +72,7 @@ while(rr){ if(rr->type == T_TXT){ strncpy(realm, rr->u.txt, REALM_SZ); + realm[REALM_SZ - 1] = 0; dns_free_data(r); return level; } @@ -106,12 +103,9 @@ if (dir != 0) { char fname[MaxPathLen]; - strncpy(fname, dir, sizeof(fname)); - fname[sizeof(fname)-1] = '\0'; - strncat(fname, "/krb.realms", sizeof(fname) - strlen(fname) - 1); - fname[sizeof(fname)-1] = '\0'; - if ((res = fopen(fname, "r")) != NULL) - return res; + if(k_concat(fname, sizeof(fname), dir, "/krb.realms", NULL) == 0) + if ((res = fopen(fname, "r")) != NULL) + return res; } for (i = 0; files[i] != 0; i++) @@ -124,74 +118,67 @@ char * krb_realmofhost(const char *host) { - static char ret_realm[REALM_SZ+1]; + static char ret_realm[REALM_SZ]; char *domain; FILE *trans_file; - char trans_host[MaxHostNameLen+1]; - char trans_realm[REALM_SZ+1]; - int retval; + char trans_host[MaxHostNameLen]; + char trans_realm[REALM_SZ]; + char buf[1024]; - char phost[MaxHostNameLen+1]; + char phost[MaxHostNameLen]; - krb_name_to_name(host, phost); + krb_name_to_name(host, phost, sizeof(phost)); domain = strchr(phost, '.'); /* prepare default */ if(dns_find_realm(phost, ret_realm) < 0){ - if (domain) { - char *cp; - - strncpy(ret_realm, &domain[1], REALM_SZ); - ret_realm[REALM_SZ] = '\0'; - /* Upper-case realm */ - for (cp = ret_realm; *cp; cp++) - *cp = toupper(*cp); - } else { - krb_get_lrealm(ret_realm, 1); - } + if (domain) { + char *cp; + + strncpy(ret_realm, &domain[1], REALM_SZ); + ret_realm[REALM_SZ - 1] = 0; + /* Upper-case realm */ + for (cp = ret_realm; *cp; cp++) + *cp = toupper(*cp); + } else { + krb_get_lrealm(ret_realm, 1); + } } if ((trans_file = open_krb_realms()) == NULL) - return(ret_realm); /* krb_errno = KRB_NO_TRANS */ + return(ret_realm); /* krb_errno = KRB_NO_TRANS */ - while (1) { - if ((retval = fscanf(trans_file, "%s %s", - trans_host, trans_realm)) != 2) { - if (retval == EOF) { - fclose(trans_file); - return(ret_realm); - } - continue; /* ignore broken lines */ - } - trans_host[MaxHostNameLen] = '\0'; - trans_realm[REALM_SZ] = '\0'; - if (!strcasecmp(trans_host, phost)) { - /* exact match of hostname, so return the realm */ - strcpy(ret_realm, trans_realm); - fclose(trans_file); - return(ret_realm); - } - if ((trans_host[0] == '.') && domain) { -#if MATCH_SUBDOMAINS - char *cp; - for (cp = domain; cp != NULL; cp = strchr(cp+1, '.')) { - /* this is a domain match */ - if (!strcasecmp(trans_host, cp)) { - /* domain match, save for later */ - strcpy(ret_realm, trans_realm); + while (fgets(buf, sizeof(buf), trans_file)) { + char *save = NULL; + char *tok = strtok_r(buf, " \t\r\n", &save); + if(tok == NULL) continue; - } + strncpy(trans_host, tok, MaxHostNameLen); + trans_host[MaxHostNameLen - 1] = 0; + tok = strtok_r(NULL, " \t\r\n", &save); + if(tok == NULL) + continue; + strcpy(trans_realm, tok); + trans_realm[REALM_SZ - 1] = 0; + if (!strcasecmp(trans_host, phost)) { + /* exact match of hostname, so return the realm */ + strcpy(ret_realm, trans_realm); + fclose(trans_file); + return(ret_realm); + } + if ((trans_host[0] == '.') && domain) { + char *cp = domain; + do { + if(strcasecmp(trans_host, domain) == 0){ + /* domain match, save for later */ + strcpy(ret_realm, trans_realm); + break; + } + cp = strchr(cp + 1, '.'); + } while(MATCH_SUBDOMAINS && cp); } -#else /* MATCH_SUBDOMAINS */ - /* this is a domain match */ - if (!strcasecmp(trans_host, domain)) { - /* domain match, save for later */ - strcpy(ret_realm, trans_realm); - continue; - } -#endif /* MATCH_SUBDOMAINS */ - } } - return NULL; + fclose(trans_file); + return ret_realm; } Index: krb4/lib/krb/k_concat.c diff -u /dev/null krb4/lib/krb/k_concat.c:1.3 --- /dev/null Thu May 1 02:09:36 1997 +++ krb4/lib/krb/k_concat.c Wed Apr 30 07:02:24 1997 @@ -0,0 +1,71 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_concat.c,v 1.3 1997/04/30 05:02:24 assar Exp $"); + +int +k_concat (char *s, size_t len, ...) +{ + int ret; + va_list args; + + va_start(args, len); + ret = k_vconcat (s, len, args); + va_end(args); + return ret; +} + +int +k_vconcat (char *s, size_t len, va_list args) +{ + const char *a; + + while ((a = va_arg(args, const char*))) { + int n = strlen (a); + + if (n >= len) + return -1; + strncpy (s, a, n); + s += n; + len -= n; + } + *s = '\0'; + return 0; +} Index: krb4/lib/krb/krb_locl.h diff -u krb4/lib/krb/krb_locl.h:1.31 krb4/lib/krb/krb_locl.h:1.31.4.4 --- krb4/lib/krb/krb_locl.h:1.31 Sun Nov 17 12:07:22 1996 +++ krb4/lib/krb/krb_locl.h Wed Apr 30 14:33:04 1997 @@ -36,7 +36,7 @@ * SUCH DAMAGE. */ -/* $Id: krb_locl.h,v 1.31 1996/11/17 11:07:22 joda Exp $ */ +/* $Id: krb_locl.h,v 1.31.4.4 1997/04/30 12:33:04 joda Exp $ */ #ifndef __krb_locl_h #define __krb_locl_h @@ -137,7 +137,7 @@ extern int krb_ap_req_debug; /* Utils */ -int krb_name_to_name(const char *, char *); +int krb_name_to_name(const char *, char *, size_t); void encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt); int kdc_reply_cred(KTEXT cip, CREDENTIALS *cred); @@ -146,5 +146,8 @@ #ifndef HAVE_GETTIMEOFDAY int gettimeofday (struct timeval *, void *); #endif + +int k_concat(char*, size_t, ...); +int k_vconcat (char*, size_t, va_list); #endif /* __krb_locl_h */ Index: krb4/lib/krb/name2name.c diff -u krb4/lib/krb/name2name.c:1.10 krb4/lib/krb/name2name.c:1.10.4.1 --- krb4/lib/krb/name2name.c:1.10 Wed Nov 13 11:57:59 1996 +++ krb4/lib/krb/name2name.c Wed Apr 30 14:34:08 1997 @@ -1,6 +1,6 @@ /* - * Copyright (c) 1995, 1996 Kungliga Tekniska Högskolan (Royal Institute - * of Technology, Stockholm, Sweden). + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -38,31 +38,30 @@ #include "krb_locl.h" -RCSID("$Id: name2name.c,v 1.10 1996/11/13 10:57:59 joda Exp $"); +RCSID("$Id: name2name.c,v 1.10.4.1 1997/04/30 12:34:08 joda Exp $"); /* convert host to a more fully qualified domain name, returns 0 if - * phost is the same as host, 1 otherwise. phost should be at least - * MaxHostNameLen+1 bytes long + * phost is the same as host, 1 otherwise. phost should be + * phost_size bytes long. */ #ifndef INADDR_NONE #define INADDR_NONE 0xffffffff #endif int -krb_name_to_name(const char *host, char *phost) +krb_name_to_name(const char *host, char *phost, size_t phost_size) { struct hostent *hp; struct in_addr adr; + const char *tmp; adr.s_addr = inet_addr(host); hp = gethostbyname(host); if (hp == NULL && adr.s_addr != INADDR_NONE) hp = gethostbyaddr((char *)&adr, sizeof(adr), AF_INET); if (hp == NULL) - strcpy(phost, host); + tmp = host; else - strcpy(phost, hp->h_name); + tmp = hp->h_name; + strncpy (phost, tmp, phost_size); + phost[phost_size - 1] = '\0'; if (strcmp(phost, host) == 0) return 0; Index: krb4/lib/krb/realm_parse.c diff -u krb4/lib/krb/realm_parse.c:1.5 krb4/lib/krb/realm_parse.c:1.5.4.1 --- krb4/lib/krb/realm_parse.c:1.5 Sun Oct 27 17:29:54 1996 +++ krb4/lib/krb/realm_parse.c Wed Apr 30 11:49:34 1997 @@ -38,7 +38,7 @@ #include "krb_locl.h" -RCSID("$Id: realm_parse.c,v 1.5 1996/10/27 16:29:54 joda Exp $"); +RCSID("$Id: realm_parse.c,v 1.5.4.1 1997/04/30 09:49:34 joda Exp $"); static int realm_parse(char *realm, int length, const char *file) @@ -75,12 +75,9 @@ if (dir != 0) { char fname[MaxPathLen]; - strncpy(fname, dir, sizeof(fname)); - fname[sizeof(fname)-1] = '\0'; - strncat(fname, "/krb.conf", sizeof(fname) - strlen(fname) - 1); - fname[sizeof(fname)-1] = '\0'; - if (realm_parse(realm, length, fname) == 0) - return 0; + if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) + if (realm_parse(realm, length, fname) == 0) + return 0; } for (i = 0; files[i] != NULL; i++)