d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Catch any attempted buffer overflows. The magic numbers in this code

Browse Source 
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by:	kris
This commit is contained in:
Nick Sayer 2001-05-16 18:27:09 +00:00
parent e7157113a9
commit 60f581768d
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=76690
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
contrib/telnet/libtelnet/sra.c
View File

@ -90,9 +90,9 @@ int server;
str_data[3] = TELQUAL_IS;
user = (char *)malloc(256);
xuser = (char *)malloc(512);
xuser = (char *)malloc(513);
pass = (char *)malloc(256);
xpass = (char *)malloc(512);
xpass = (char *)malloc(513);
if (user == NULL || xuser == NULL || pass == NULL || xpass ==
NULL)
@ -158,6 +158,8 @@ int cnt;
case SRA_USER:
/* decode KAB(u) */
if (cnt > 512) /* Attempted buffer overflow */
break;
memcpy(xuser,data,cnt);
xuser[cnt] = '\0';
pk_decode(xuser,user,&ck);
@ -167,6 +169,8 @@ int cnt;
break;
case SRA_PASS:
if (cnt > 512) /* Attempted buffer overflow */
break;
/* decode KAB(P) */
memcpy(xpass,data,cnt);
xpass[cnt] = '\0';

8
crypto/telnet/libtelnet/sra.c
View File

@ -90,9 +90,9 @@ int server;
str_data[3] = TELQUAL_IS;
user = (char *)malloc(256);
xuser = (char *)malloc(512);
xuser = (char *)malloc(513);
pass = (char *)malloc(256);
xpass = (char *)malloc(512);
xpass = (char *)malloc(513);
if (user == NULL || xuser == NULL || pass == NULL || xpass ==
NULL)
@ -158,6 +158,8 @@ int cnt;
case SRA_USER:
/* decode KAB(u) */
if (cnt > 512) /* Attempted buffer overflow */
break;
memcpy(xuser,data,cnt);
xuser[cnt] = '\0';
pk_decode(xuser,user,&ck);
@ -167,6 +169,8 @@ int cnt;
break;
case SRA_PASS:
if (cnt > 512) /* Attempted buffer overflow */
break;
/* decode KAB(P) */
memcpy(xpass,data,cnt);
xpass[cnt] = '\0';