X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/52a236230220232fd632b5aa88eb9bb31dba346e..1903d5af62f05f3b6f69a4950734154a1a698dc8:/sbr/ruserpass.c

diff --git a/sbr/ruserpass.c b/sbr/ruserpass.c
index f5ef74a4..7892cbfd 100644
--- a/sbr/ruserpass.c
+++ b/sbr/ruserpass.c
@@ -23,7 +23,6 @@
 #include <h/mh.h>
 #include <h/utils.h>
 #include <pwd.h>
-#include <errno.h>
 
 static FILE *cfile;
 
@@ -35,7 +34,7 @@ static FILE *cfile;
 #define	ID	10
 #define	MACH	11
 
-static char tokval[100];
+#define MAX_TOKVAL_SIZE 1024
 
 struct toktab {
     char *tokstr;
@@ -56,7 +55,7 @@ static struct toktab toktabs[] = {
 /*
  * prototypes
  */
-static int token(void);
+static int token(char *);
 
 
 void
@@ -72,7 +71,10 @@ ruserpass(char *host, char **aname, char **apass)
 	if (errno != ENOENT)
 	    perror (credentials_file);
     } else {
-	while ((t = token())) {
+        char tokval[MAX_TOKVAL_SIZE];
+        tokval[0] = '\0';
+
+	while ((t = token(tokval))) {
 	    switch(t) {
 	    case DEFAULT:
 		usedefault = 1;
@@ -80,7 +82,7 @@ ruserpass(char *host, char **aname, char **apass)
 
 	    case MACH:
 		if (!usedefault) {
-		    if (token() != ID)
+		    if (token(tokval) != ID)
 			continue;
 		    /*
 		     * Allow match either for user's host name.
@@ -90,17 +92,18 @@ ruserpass(char *host, char **aname, char **apass)
 		    continue;
 		}
 	    match:
-		while ((t = token()) && t != MACH && t != DEFAULT) {
+		while ((t = token(tokval)) && t != MACH && t != DEFAULT) {
 		    switch(t) {
 		    case LOGIN:
-			if (token() && *aname == 0) {
+			if (token(tokval) && *aname == 0) {
 			    *aname = mh_xmalloc((size_t) strlen(tokval) + 1);
 			    strcpy(*aname, tokval);
 			}
 			break;
 
 		    case PASSWD:
-			if (fstat(fileno(cfile), &stb) >= 0 &&
+			if (!credentials_no_perm_check &&
+			    fstat(fileno(cfile), &stb) >= 0 &&
 			    (stb.st_mode & 077) != 0) {
 			    /* We make this a fatal error to force the
 			       user to correct it. */
@@ -109,7 +112,7 @@ ruserpass(char *host, char **aname, char **apass)
 			    adios(NULL, "Remove password or correct file "
 				  "permissions.");
 			}
-			if (token() && *apass == 0) {
+			if (token(tokval) && *apass == 0) {
 			    *apass = mh_xmalloc((size_t) strlen(tokval) + 1);
 			    strcpy(*apass, tokval);
 			}
@@ -146,9 +149,11 @@ ruserpass(char *host, char **aname, char **apass)
 	}
 	printf("Name (%s:%s): ", host, myname);
 
-	fgets(tmp, sizeof(tmp) - 1, stdin);
+	if (fgets(tmp, sizeof(tmp) - 1, stdin) == NULL) {
+	    advise ("tmp", "fgets");
+	}
 	tmp[strlen(tmp) - 1] = '\0';
-	if (*tmp != '\0') {
+	if (*tmp != '\0' || myname == NULL) {
 	    myname = tmp;
 	}
 
@@ -162,7 +167,7 @@ ruserpass(char *host, char **aname, char **apass)
 
 	snprintf(prompt, sizeof(prompt), "Password (%s:%s): ", host, *aname);
 	mypass = nmh_getpass(prompt);
-	
+
 	if (*mypass == '\0') {
 	    mypass = *aname;
 	}
@@ -174,7 +179,7 @@ ruserpass(char *host, char **aname, char **apass)
 }
 
 static int
-token(void)
+token(char *tokval)
 {
     char *cp;
     int c;
@@ -193,6 +198,10 @@ token(void)
 	    if (c == '\\')
 		c = getc(cfile);
 	    *cp++ = c;
+            if (cp - tokval > MAX_TOKVAL_SIZE-1) {
+                adios(NULL, "credential tokens restricted to length %d",
+                      MAX_TOKVAL_SIZE - 1);
+            }
 	}
     } else {
 	*cp++ = c;
@@ -201,6 +210,10 @@ token(void)
 	    if (c == '\\')
 		c = getc(cfile);
 	    *cp++ = c;
+            if (cp - tokval > MAX_TOKVAL_SIZE-1) {
+                adios(NULL, "credential tokens restricted to length %d",
+                      MAX_TOKVAL_SIZE - 1);
+            }
 	}
     }
     *cp = 0;