Fri Dec 23 16:48:16 2011 UTC ()
Avoid buffer overflow, reported by Colin Percival at FreeBSD


(christos)
diff -r1.14 -r1.15 src/lib/libtelnet/encrypt.c
cvs diff -r1.14 -r1.15 src/lib/libtelnet/encrypt.c (expand / switch to unified diff)

--- src/lib/libtelnet/encrypt.c 2007/01/17 23:24:22 1.14
+++ src/lib/libtelnet/encrypt.c 2011/12/23 16:48:16 1.15
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: encrypt.c,v 1.14 2007/01/17 23:24:22 hubertf Exp $ */ 1/* $NetBSD: encrypt.c,v 1.15 2011/12/23 16:48:16 christos Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 1991, 1993 4 * Copyright (c) 1991, 1993
5 * The Regents of the University of California. All rights reserved. 5 * The Regents of the University of California. All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 14 * documentation and/or other materials provided with the distribution.
@@ -23,27 +23,27 @@ @@ -23,27 +23,27 @@
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE. 29 * SUCH DAMAGE.
30 */ 30 */
31 31
32#include <sys/cdefs.h> 32#include <sys/cdefs.h>
33#if 0 33#if 0
34static char sccsid[] = "@(#)encrypt.c 8.2 (Berkeley) 5/30/95"; 34static char sccsid[] = "@(#)encrypt.c 8.2 (Berkeley) 5/30/95";
35#else 35#else
36__RCSID("$NetBSD: encrypt.c,v 1.14 2007/01/17 23:24:22 hubertf Exp $"); 36__RCSID("$NetBSD: encrypt.c,v 1.15 2011/12/23 16:48:16 christos Exp $");
37#endif /* not lint */ 37#endif /* not lint */
38 38
39/* 39/*
40 * Copyright (C) 1990 by the Massachusetts Institute of Technology 40 * Copyright (C) 1990 by the Massachusetts Institute of Technology
41 * 41 *
42 * Export of this software from the United States of America is assumed 42 * Export of this software from the United States of America is assumed
43 * to require a specific license from the United States Government. 43 * to require a specific license from the United States Government.
44 * It is the responsibility of any person or organization contemplating 44 * It is the responsibility of any person or organization contemplating
45 * export to obtain such a license before exporting. 45 * export to obtain such a license before exporting.
46 * 46 *
47 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 47 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
48 * distribute this software and its documentation for any purpose and 48 * distribute this software and its documentation for any purpose and
49 * without fee is hereby granted, provided that the above copyright 49 * without fee is hereby granted, provided that the above copyright
@@ -755,26 +755,28 @@ encrypt_keyid(kp, keyid, len) @@ -755,26 +755,28 @@ encrypt_keyid(kp, keyid, len)
755 if (len == 0) 755 if (len == 0)
756 return; 756 return;
757 kp->keylen = 0; 757 kp->keylen = 0;
758 } else if (len == 0) { 758 } else if (len == 0) {
759 /* 759 /*
760 * Empty option, indicates a failure. 760 * Empty option, indicates a failure.
761 */ 761 */
762 if (kp->keylen == 0) 762 if (kp->keylen == 0)
763 return; 763 return;
764 kp->keylen = 0; 764 kp->keylen = 0;
765 if (ep->keyid) 765 if (ep->keyid)
766 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); 766 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
767 767
 768 } else if (len > sizeof(kp->keyid)) {
 769 return;
768 } else if ((len != kp->keylen) || 770 } else if ((len != kp->keylen) ||
769 (memcmp(keyid, kp->keyid, len) != 0)) { 771 (memcmp(keyid, kp->keyid, len) != 0)) {
770 /* 772 /*
771 * Length or contents are different 773 * Length or contents are different
772 */ 774 */
773 kp->keylen = len; 775 kp->keylen = len;
774 memmove(kp->keyid, keyid, len); 776 memmove(kp->keyid, keyid, len);
775 if (ep->keyid) 777 if (ep->keyid)
776 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); 778 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
777 } else { 779 } else {
778 if (ep->keyid) 780 if (ep->keyid)
779 ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen); 781 ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
780 if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt) 782 if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)