MFC: r269806,r269809,r269811,r269810

r269806: Fix too long (seed length >12 chars) challenge handling. 1) " ext" length should be included into OPIE_CHALLENGE_MAX (as all places of opie code expects that). 2) Overflow check in challenge.c is off by 1 even with corrected OPIE_CHALLENGE_MAX 3) When fallback to randomchallenge() happens and rval is 0 (i.e. challenge is too long), its value should be set to error state too. To demonstrate the bug, run opiepasswd with valid seed: opiepasswd -s 1234567890123456 and notice that it falls back to randomchallenge() (i.e. no 1234567890123456 in the prompt). r269809: When sha1 support was added, they forget to increase OPIE_HASHNAME_MAX r269811: Last '/' for program name, not first one. r269810: Link otp-sha1 to match real challenge prompt, not otp-sha. PR: 191511 Submitted by: mitsururike@gmail.com (partially, PR 269806)
2014-08-18 02:13:45 +00:00 · 2014-08-18 02:13:45 +00:00 · 3b103d7c51
commit 3b103d7c51
parent cdfc4fb07a
4 changed files with 10 additions and 8 deletions
--- a/contrib/opie/libopie/challenge.c
+++ b/contrib/opie/libopie/challenge.c
@ -68,7 +68,9 @@ int opiechallenge FUNCTION((mp, name, ss), struct opie *mp AND char *name AND ch
  }

  if (rval ||
-    (snprintf(ss, OPIE_CHALLENGE_MAX, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed) >= OPIE_CHALLENGE_MAX)) {
+    (snprintf(ss, OPIE_CHALLENGE_MAX+1, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed) >= OPIE_CHALLENGE_MAX+1)) {
+    if (!rval)
+      rval = 1;
    opierandomchallenge(ss);
    memset(mp, 0, sizeof(*mp));
  }
--- a/contrib/opie/opie.h
+++ b/contrib/opie/opie.h
@ -69,11 +69,11 @@ struct opie {
 /* Maximum length of a seed */
 #define OPIE_SEED_MAX 16

-/* Max length of hash algorithm name (md4/md5) */
-#define OPIE_HASHNAME_MAX 3
+/* Max length of hash algorithm name (md4/md5/sha1) */
+#define OPIE_HASHNAME_MAX 4

-/* Maximum length of a challenge (otp-md? 9999 seed) */
-#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX)
+/* Maximum length of a challenge (otp-md? 9999 seed ext) */
+#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX+1+3)

 /* Maximum length of a response that we allow */
 #define OPIE_RESPONSE_MAX (9+1+19+1+9+OPIE_SEED_MAX+1+19+1+19+1+19)
--- a/contrib/opie/opiekey.c
+++ b/contrib/opie/opiekey.c
@ -144,7 +144,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
  int type = RESPONSE_STANDARD;
  int force = 0;

-  if (slash = strchr(argv[0], '/'))
+  if (slash = strrchr(argv[0], '/'))
    slash++;
  else
    slash = argv[0];
--- a/usr.bin/opiekey/Makefile
+++ b/usr.bin/opiekey/Makefile
@ -15,9 +15,9 @@ LDADD=	-lopie -lmd

 LINKS=	${BINDIR}/opiekey ${BINDIR}/otp-md4
 LINKS+=	${BINDIR}/opiekey ${BINDIR}/otp-md5
-LINKS+=	${BINDIR}/opiekey ${BINDIR}/otp-sha
+LINKS+=	${BINDIR}/opiekey ${BINDIR}/otp-sha1

-MLINKS=	opiekey.1 otp-md4.1 opiekey.1 otp-md5.1 opiekey.1 otp-sha.1
+MLINKS=	opiekey.1 otp-md4.1 opiekey.1 otp-md5.1 opiekey.1 otp-sha1.1

 .PATH:	${OPIE_DIST}