X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/61ccf1dbeea93978803303d2cd43efa5da2cc7d1..1e424a2249aa6b911fd3be973de00cee413342eb:/sbr/ruserpass.c?ds=sidebyside diff --git a/sbr/ruserpass.c b/sbr/ruserpass.c index 3c8565fd..610f32a5 100644 --- a/sbr/ruserpass.c +++ b/sbr/ruserpass.c @@ -34,7 +34,7 @@ static FILE *cfile; #define ID 10 #define MACH 11 -static char tokval[100]; +#define MAX_TOKVAL_SIZE 1024 struct toktab { char *tokstr; @@ -55,11 +55,11 @@ static struct toktab toktabs[] = { /* * prototypes */ -static int token(void); +static int token(char *); void -ruserpass(char *host, char **aname, char **apass) +ruserpass(const char *host, char **aname, char **apass, int flags) { int t, usedefault = 0; struct stat stb; @@ -71,7 +71,10 @@ ruserpass(char *host, char **aname, char **apass) if (errno != ENOENT) perror (credentials_file); } else { - while ((t = token())) { + char tokval[MAX_TOKVAL_SIZE]; + tokval[0] = '\0'; + + while ((t = token(tokval))) { switch(t) { case DEFAULT: usedefault = 1; @@ -79,7 +82,7 @@ ruserpass(char *host, char **aname, char **apass) case MACH: if (!usedefault) { - if (token() != ID) + if (token(tokval) != ID) continue; /* * Allow match either for user's host name. @@ -89,17 +92,16 @@ ruserpass(char *host, char **aname, char **apass) continue; } match: - while ((t = token()) && t != MACH && t != DEFAULT) { + while ((t = token(tokval)) && t != MACH && t != DEFAULT) { switch(t) { case LOGIN: - if (token() && *aname == 0) { - *aname = mh_xmalloc((size_t) strlen(tokval) + 1); - strcpy(*aname, tokval); - } + if (token(tokval) && *aname == 0) + *aname = mh_xstrdup(tokval); break; case PASSWD: - if (fstat(fileno(cfile), &stb) >= 0 && + if (!credentials_no_perm_check && + fstat(fileno(cfile), &stb) >= 0 && (stb.st_mode & 077) != 0) { /* We make this a fatal error to force the user to correct it. */ @@ -108,10 +110,8 @@ ruserpass(char *host, char **aname, char **apass) adios(NULL, "Remove password or correct file " "permissions."); } - if (token() && *apass == 0) { - *apass = mh_xmalloc((size_t) strlen(tokval) + 1); - strcpy(*apass, tokval); - } + if (token(tokval) && *apass == 0) + *apass = mh_xstrdup(tokval); break; case ACCOUNT: @@ -133,7 +133,7 @@ ruserpass(char *host, char **aname, char **apass) } } - if (!*aname) { + if (!*aname && ! (flags & RUSERPASS_NO_PROMPT_USER)) { char tmp[80]; char *myname; @@ -145,35 +145,35 @@ ruserpass(char *host, char **aname, char **apass) } printf("Name (%s:%s): ", host, myname); - fgets(tmp, sizeof(tmp) - 1, stdin); - tmp[strlen(tmp) - 1] = '\0'; - if (*tmp != '\0') { + if (fgets(tmp, sizeof(tmp) - 1, stdin) == NULL) { + advise ("tmp", "fgets"); + } + TrimSuffixC(tmp, '\n'); + if (*tmp != '\0' || myname == NULL) { myname = tmp; } - *aname = mh_xmalloc((size_t) strlen(myname) + 1); - strcpy (*aname, myname); + *aname = mh_xstrdup(myname); } - if (!*apass) { + if (!*apass && ! (flags & RUSERPASS_NO_PROMPT_PASSWORD)) { char prompt[256]; char *mypass; snprintf(prompt, sizeof(prompt), "Password (%s:%s): ", host, *aname); mypass = nmh_getpass(prompt); - + if (*mypass == '\0') { mypass = *aname; } - *apass = mh_xmalloc((size_t) strlen(mypass) + 1); - strcpy (*apass, mypass); + *aname = mh_xstrdup(mypass); } } static int -token(void) +token(char *tokval) { char *cp; int c; @@ -192,6 +192,10 @@ token(void) if (c == '\\') c = getc(cfile); *cp++ = c; + if (cp - tokval > MAX_TOKVAL_SIZE-1) { + adios(NULL, "credential tokens restricted to length %d", + MAX_TOKVAL_SIZE - 1); + } } } else { *cp++ = c; @@ -200,6 +204,10 @@ token(void) if (c == '\\') c = getc(cfile); *cp++ = c; + if (cp - tokval > MAX_TOKVAL_SIZE-1) { + adios(NULL, "credential tokens restricted to length %d", + MAX_TOKVAL_SIZE - 1); + } } } *cp = 0;