1) " ext" length should be included into OPIE_CHALLENGE_MAX (as all places
of opie code expects that).
2) Overflow check in challenge.c is off by 1 even with corrected
OPIE_CHALLENGE_MAX
3) When fallback to randomchallenge() happens and rval is 0 (i.e.
challenge is too long), its value should be set to error state too.
To demonstrate the bug, run opiepasswd with valid seed:
opiepasswd -s 1234567890123456
and notice that it falls back to randomchallenge() (i.e. no
1234567890123456 in the prompt).
PR: 191511
Submitted by: mitsururike@gmail.com (partially)
MFC after: 1 week
1. missing explicit includes for string.h, stdio.h, etc
2. missing explicit declaration for some common functions
I have been unable to contact the upstream maintainer for this patch,
http://www.inner.net/opie appears to be the source of truth but it
unreachable
share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of
FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk>
Reviewed by: imp, toolchain@
Approved by: cperciva
MFC after: 2 weeks
folding to 64 bits, while SHA1 code is big endian. Therefore, a bswap32
is required before using the value.
Without this change, the implementation does not conform to test vector
found in RFC 2289.
PR: bin/170519
Submitted by: Arthur Mesh <arthurmesh gmail com> (with changes)
MFC after: 1 week
the jail(8) command. [10:04]
Fix a one-NUL-byte buffer overflow in libopie. [10:05]
Correctly sanity-check a buffer length in nfs mount. [10:06]
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:04.jail
Security: FreeBSD-SA-10:05.opie
Security: FreeBSD-SA-10:06.nfsclient
libopie includes both <utmp.h> and <utmpx.h> in this case and uses some
#defines to let the code use struct utmpx and its utility functions.
We'd better not include <utmp.h> here, because maybe it will not be
present in the future.
Correctly identify the user running opiepasswd(1) when the login name
differs from the account name. [2]
Security: FreeBSD-SA-06:11.ipsec [1]
Security: FreeBSD-SA-06:12.opie [2]
We might as well patch it.
Submitted by: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
PR: bin/23352
MFC After: The average time before an unpatched Windows 2000 server gets owned
incorrectly compute the length of the numeric portion of the previous
seed, causing the new seed to be one character shorter than the old
one.
This patch has been submitted to the vendor; I'm committing it right
away since the file is already off the vendor branch.
MFC after: 3 days
very first thing immediately following opielookup() does being entered, i.e.
look at this:
int opielookup FUNCTION((opie, principal), struct opie *opie AND char
*principal
)
{
int i;
memset(opie, 0, sizeof(struct opie));
...
