diff options
author | cy <cy@FreeBSD.org> | 2002-01-16 03:17:24 +0000 |
---|---|---|
committer | cy <cy@FreeBSD.org> | 2002-01-16 03:17:24 +0000 |
commit | 98783834957f8844c5d80c6f7c1ccc04d131d63a (patch) | |
tree | 544490bb4c2820bc67b7b1b2d41698e157543b1d /security | |
parent | 959862ce30e2bce05bcc286e7a9c273355ce1657 (diff) | |
download | FreeBSD-ports-98783834957f8844c5d80c6f7c1ccc04d131d63a.zip FreeBSD-ports-98783834957f8844c5d80c6f7c1ccc04d131d63a.tar.gz |
Update 1.2.2 -> 1.2.3
Diffstat (limited to 'security')
52 files changed, 224 insertions, 6400 deletions
diff --git a/security/krb5-16/Makefile b/security/krb5-16/Makefile index 3a0bf18..e9c8235 100644 --- a/security/krb5-16/Makefile +++ b/security/krb5-16/Makefile @@ -6,8 +6,7 @@ # PORTNAME= krb5 -PORTVERSION= 1.2.2 -PORTREVISION= 5 +PORTVERSION= 1.2.3 CATEGORIES= security MASTER_SITES= # manual download diff --git a/security/krb5-16/distinfo b/security/krb5-16/distinfo index e8159e5..3af0278 100644 --- a/security/krb5-16/distinfo +++ b/security/krb5-16/distinfo @@ -1 +1 @@ -MD5 (krb5-1.2.2.tar.gz) = 57d1bf3a3c68ee8af64e31a46799551c +MD5 (krb5-1.2.3.tar.gz) = 1e93aed5e6ae13eb4b5b5278b1a6ab46 diff --git a/security/krb5-16/files/patch-ai b/security/krb5-16/files/patch-ai index 634db6c..f5b7331 100644 --- a/security/krb5-16/files/patch-ai +++ b/security/krb5-16/files/patch-ai @@ -1,6 +1,6 @@ ---- appl/gssftp/ftpd/ftpd.c.orig Wed Feb 28 16:06:45 2001 -+++ appl/gssftp/ftpd/ftpd.c Fri Apr 27 10:18:01 2001 -@@ -485,7 +485,13 @@ +--- appl/gssftp/ftpd/ftpd.c.orig Wed Jan 9 14:26:51 2002 ++++ appl/gssftp/ftpd/ftpd.c Thu Jan 10 19:00:13 2002 +@@ -487,7 +487,13 @@ #ifndef LOG_DAEMON #define LOG_DAEMON 0 #endif @@ -15,273 +15,14 @@ addrlen = sizeof (his_addr); if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { -@@ -761,7 +767,16 @@ - int result; - #ifdef GSSAPI - if (auth_type && strcmp(auth_type, "GSSAPI") == 0) { -+ int len; - authorized = ftpd_gss_userok(&client_name, name) == 0; -+ len = sizeof("GSSAPI user is not authorized as " -+ "; Password required.") -+ + strlen(client_name.value) -+ + strlen(name); -+ if (len >= sizeof(buf)) { -+ syslog(LOG_ERR, "user: username too long"); -+ name = "[username too long]"; -+ } - sprintf(buf, "GSSAPI user %s is%s authorized as %s", - client_name.value, authorized ? "" : " not", - name); -@@ -772,7 +787,18 @@ - #endif /* GSSAPI */ - #ifdef KRB5_KRB4_COMPAT - if (auth_type && strcmp(auth_type, "KERBEROS_V4") == 0) { -+ int len; - authorized = kuserok(&kdata,name) == 0; -+ len = sizeof("Kerberos user .@ is not authorized as " -+ "; Password required.") -+ + strlen(kdata.pname) -+ + strlen(kdata.pinst) -+ + strlen(kdata.prealm) -+ + strlen(name); -+ if (len >= sizeof(buf)) { -+ syslog(LOG_ERR, "user: username too long"); -+ name = "[username too long]"; -+ } - sprintf(buf, "Kerberos user %s%s%s@%s is%s authorized as %s", - kdata.pname, *kdata.pinst ? "." : "", - kdata.pinst, kdata.prealm, -@@ -1179,6 +1205,11 @@ - } else { - char line[FTP_BUFSIZ]; - -+ if (strlen(cmd) + strlen(name) + 1 >= sizeof(line)) { -+ syslog(LOG_ERR, "retrieve: filename too long"); -+ reply(501, "filename too long"); -+ return; -+ } - (void) sprintf(line, cmd, name), name = line; - fin = ftpd_popen(line, "r"), closefunc = ftpd_pclose; - st.st_size = -1; -@@ -1417,6 +1448,10 @@ - return (file); - } - -+/* -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ -+ */ - #ifdef STDARG - secure_error(char *fmt, ...) - #else -@@ -1616,13 +1651,19 @@ - { - char line[FTP_BUFSIZ]; - FILE *fin; -- int c; -+ int c, n; - char str[FTP_BUFSIZ], *p; - -+ if (strlen(filename) + sizeof("/bin/ls -lgA ") -+ >= sizeof(line)) { -+ reply(501, "filename too long"); -+ return; -+ } - (void) sprintf(line, "/bin/ls -lgA %s", filename); - fin = ftpd_popen(line, "r"); - lreply(211, "status of %s:", filename); - p = str; -+ n = 0; - while ((c = getc(fin)) != EOF) { - if (c == '\n') { - if (ferror(stdout)){ -@@ -1639,7 +1680,16 @@ - *p = '\0'; - reply(0, "%s", str); - p = str; -- } else *p++ = c; -+ n = 0; -+ } else { -+ *p++ = c; -+ n++; -+ if (n >= sizeof(str)) { -+ reply(551, "output line too long"); -+ (void) ftpd_pclose(fin); -+ return; -+ } -+ } - } - if (p != str) { - *p = '\0'; -@@ -1723,6 +1773,10 @@ - - char cont_char = ' '; - -+/* -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ bytes for now. -+ */ - #ifdef STDARG - reply(int n, char *fmt, ...) - #else -@@ -1744,22 +1798,32 @@ - #endif - - if (auth_type) { -- char in[FTP_BUFSIZ], out[FTP_BUFSIZ]; -+ /* -+ * Deal with expansion in mk_{safe,priv}, -+ * radix_encode, gss_seal, plus slop. -+ */ -+ char in[FTP_BUFSIZ*3/2], out[FTP_BUFSIZ*3/2]; - int length, kerror; - if (n) sprintf(in, "%d%c", n, cont_char); - else in[0] = '\0'; - strncat(in, buf, sizeof (in) - strlen(in) - 1); - #ifdef KRB5_KRB4_COMPAT - if (strcmp(auth_type, "KERBEROS_V4") == 0) { -- if ((length = clevel == PROT_P ? -- krb_mk_priv((unsigned char *)in, -- (unsigned char *)out, -- strlen(in), schedule, &kdata.session, -- &ctrl_addr, &his_addr) -- : krb_mk_safe((unsigned char *)in, -- (unsigned char *)out, -- strlen(in), &kdata.session, -- &ctrl_addr, &his_addr)) == -1) { -+ if (clevel == PROT_P) -+ length = krb_mk_priv((unsigned char *)in, -+ (unsigned char *)out, -+ strlen(in), -+ schedule, &kdata.session, -+ &ctrl_addr, -+ &his_addr); -+ else -+ length = krb_mk_safe((unsigned char *)in, -+ (unsigned char *)out, -+ strlen(in), -+ &kdata.session, -+ &ctrl_addr, -+ &his_addr); -+ if (length == -1) { - syslog(LOG_ERR, - "krb_mk_%s failed for KERBEROS_V4", - clevel == PROT_P ? "priv" : "safe"); -@@ -1803,13 +1867,16 @@ - } - #endif /* GSSAPI */ - /* Other auth types go here ... */ -- if (kerror = radix_encode(out, in, &length, 0)) { -+ if (length >= sizeof(in) / 4 * 3) { -+ syslog(LOG_ERR, "input to radix_encode too long"); -+ fputs(in, stdout); -+ } else if (kerror = radix_encode(out, in, &length, 0)) { - syslog(LOG_ERR, "Couldn't encode reply (%s)", - radix_error(kerror)); - fputs(in,stdout); - } else -- printf("%s%c%s", clevel == PROT_P ? "632" : "631", -- n ? cont_char : '-', in); -+ printf("%s%c%s", clevel == PROT_P ? "632" : "631", -+ n ? cont_char : '-', in); - } else { - if (n) printf("%d%c", n, cont_char); - fputs(buf, stdout); -@@ -1822,6 +1889,10 @@ - } - } - -+/* -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ -+ */ - #ifdef STDARG - lreply(int n, char *fmt, ...) - #else -@@ -1866,7 +1937,8 @@ - - if (cp = strchr(cbuf,'\n')) - *cp = '\0'; -- reply(500, "'%s': command not understood.", cbuf); -+ reply(500, "'%.*s': command not understood.", -+ FTP_BUFSIZ - sizeof("'': command not understood."), cbuf); - } - - delete_file(name) -@@ -2143,7 +2215,21 @@ - int code; - char *string; - { -- reply(code, "%s: %s.", string, strerror(errno)); -+ char *err_string; -+ size_t extra_len; -+ err_string = strerror(errno); -+ if (err_string == NULL) -+ err_string = "(unknown error)"; -+ extra_len = strlen(err_string) + sizeof("(truncated): ."); -+ /* -+ * XXX knows about FTP_BUFSIZ in reply() -+ */ -+ if (strlen(string) + extra_len > FTP_BUFSIZ) { -+ reply(code, "(truncated)%.*s: %s.", -+ FTP_BUFSIZ - extra_len, string, err_string); -+ } else { -+ reply(code, "%s: %s.", string, err_string); -+ } - } - - auth(type) -@@ -2226,6 +2312,10 @@ +@@ -2312,6 +2318,10 @@ + if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum), + &kdata.session,&ctrl_addr, &his_addr)) == -1) { secure_error("ADAT: krb_mk_safe failed"); - return(0); - } -+ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { -+ secure_error("ADAT: reply too long"); + return(0); + } - if (kerror = radix_encode(out_buf, buf, &length, 0)) { - secure_error("Couldn't encode ADAT reply (%s)", - radix_error(kerror)); -@@ -2360,6 +2450,16 @@ ++ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { ++ secure_error("ADAT: reply too long"); + return(0); } - - if (out_tok.length) { -+ if (out_tok.length >= ((FTP_BUFSIZ - sizeof("ADAT=")) -+ / 4 * 3)) { -+ secure_error("ADAT: reply too long"); -+ syslog(LOG_ERR, "ADAT: reply too long"); -+ (void) gss_release_cred(&stat_min, &server_creds); -+ if (ret_flags & GSS_C_DELEG_FLAG) -+ (void) gss_release_cred(&stat_min, -+ &deleg_creds); -+ return(0); -+ } - if (kerror = radix_encode(out_tok.value, gbuf, &out_tok.length, 0)) { - secure_error("Couldn't encode ADAT reply (%s)", - radix_error(kerror)); -@@ -2458,6 +2558,9 @@ - * n>=0 on success - * -1 on error - * -2 on security error -+ * -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ - */ - #ifdef STDARG - secure_fprintf(FILE *stream, char *fmt, ...) -@@ -2575,6 +2678,15 @@ - dir->d_name[2] == '\0') - continue; - -+ if (strlen(dirname) + strlen(dir->d_name) -+ + 1 /* slash */ -+ + 2 /* CRLF */ -+ + 1 > sizeof(nbuf)) { -+ syslog(LOG_ERR, -+ "send_file_list: pathname too long"); -+ ret = -2; /* XXX */ -+ goto data_err; -+ } - sprintf(nbuf, "%s/%s", dirname, dir->d_name); - - /* + if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::authenc.c b/security/krb5-16/files/patch-appl::telnet::telnetd::authenc.c deleted file mode 100644 index 9a19ab9..0000000 --- a/security/krb5-16/files/patch-appl::telnet::telnetd::authenc.c +++ /dev/null @@ -1,12 +0,0 @@ ---- appl/telnet/telnetd/authenc.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/authenc.c Thu Jul 19 19:14:29 2001 -@@ -43,8 +43,7 @@ - int len; - { - if (nfrontp + len < netobuf + BUFSIZ) { -- memcpy((void *)nfrontp, (void *)str, len); -- nfrontp += len; -+ output_datalen(str, len); - return(len); - } - return(0); diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::ext.h b/security/krb5-16/files/patch-appl::telnet::telnetd::ext.h deleted file mode 100644 index 38fd6ac..0000000 --- a/security/krb5-16/files/patch-appl::telnet::telnetd::ext.h +++ /dev/null @@ -1,24 +0,0 @@ ---- appl/telnet/telnetd/ext.h.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/ext.h Mon Jul 23 16:44:35 2001 -@@ -75,7 +75,7 @@ - - extern char netibuf[BUFSIZ], *netip; - --extern char netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp; -+extern char netobuf[BUFSIZ], *nfrontp, *nbackp; - extern char *neturg; /* one past last bye of urgent data */ - - extern int pcc, ncc; -@@ -187,8 +187,10 @@ - tty_setsofttab P((int)), - tty_tspeed P((int)), - willoption P((int)), -- wontoption P((int)), -- writenet P((unsigned char *, int)); -+ wontoption P((int)); -+ -+extern int output_data __P((const char *, ...)) __printflike(1, 2); -+extern int output_datalen __P((const char *, size_t)); - - #ifdef ENCRYPTION - extern char *nclearto; diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::slc.c b/security/krb5-16/files/patch-appl::telnet::telnetd::slc.c deleted file mode 100644 index f4e7d41..0000000 --- a/security/krb5-16/files/patch-appl::telnet::telnetd::slc.c +++ /dev/null @@ -1,11 +0,0 @@ ---- appl/telnet/telnetd/slc.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/slc.c Mon Jul 23 16:45:51 2001 -@@ -198,7 +198,7 @@ - (void) sprintf((char *)slcptr, "%c%c", IAC, SE); - slcptr += 2; - len = slcptr - slcbuf; -- writenet(slcbuf, len); -+ output_datalen(slcbuf, len); - netflush(); /* force it out immediately */ - DIAG(TD_OPTIONS, printsub('>', slcbuf+2, len-2);); - } diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::state.c b/security/krb5-16/files/patch-appl::telnet::telnetd::state.c deleted file mode 100644 index baf2073..0000000 --- a/security/krb5-16/files/patch-appl::telnet::telnetd::state.c +++ /dev/null @@ -1,134 +0,0 @@ ---- appl/telnet/telnetd/state.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/state.c Mon Jul 23 17:48:48 2001 -@@ -33,6 +33,7 @@ - - /* based on @(#)state.c 8.1 (Berkeley) 6/4/93 */ - -+#include <stdarg.h> - #include "telnetd.h" - #if defined(AUTHENTICATION) - #include <libtelnet/auth.h> -@@ -86,7 +87,7 @@ - if (!auth_negotiated) { - static char *error = - "An environment option was sent before authentication negotiation completed.\r\nThis may create a security hazard. Connection dropped.\r\n"; -- writenet(error, strlen(error)); -+ output_datalen(error, strlen(error)); - netflush(); - exit(1); - } -@@ -209,8 +210,7 @@ - } - - netclear(); /* clear buffer back */ -- *nfrontp++ = IAC; -- *nfrontp++ = DM; -+ output_data("%c%c", IAC, DM); - neturg = nfrontp-1; /* off by one XXX */ - DIAG(TD_OPTIONS, - printoption("td: send IAC", DM)); -@@ -463,8 +463,7 @@ - set_his_want_state_will(option); - do_dont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)doopt, option); -- nfrontp += sizeof (dont) - 2; -+ output_data((const char *)doopt, option); - - DIAG(TD_OPTIONS, printoption("td: send do", option)); - } -@@ -683,8 +682,7 @@ - set_his_want_state_wont(option); - do_dont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)dont, option); -- nfrontp += sizeof (doopt) - 2; -+ output_data((const char *)dont, option); - - DIAG(TD_OPTIONS, printoption("td: send dont", option)); - } -@@ -833,8 +831,7 @@ - set_my_want_state_will(option); - will_wont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)will, option); -- nfrontp += sizeof (doopt) - 2; -+ output_data((const char *)will, option); - - DIAG(TD_OPTIONS, printoption("td: send will", option)); - } -@@ -993,8 +990,7 @@ - set_my_want_state_wont(option); - will_wont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)wont, option); -- nfrontp += sizeof (wont) - 2; -+ output_data((const char *)wont, option); - - DIAG(TD_OPTIONS, printoption("td: send wont", option)); - } -@@ -1393,9 +1389,8 @@ - env_ovar_wrong: - env_ovar = OLD_ENV_VALUE; - env_ovalue = OLD_ENV_VAR; -- DIAG(TD_OPTIONS, {sprintf(nfrontp, -- "ENVIRON VALUE and VAR are reversed!\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_OPTIONS, -+ output_data("ENVIRON VALUE and VAR are reversed!\r\n")); - - } - } -@@ -1633,11 +1628,51 @@ - ADD(IAC); - ADD(SE); - -- writenet(statusbuf, ncp - statusbuf); -+ output_datalen(statusbuf, ncp - statusbuf); - netflush(); /* Send it on its way */ - - DIAG(TD_OPTIONS, - {printsub('>', statusbuf, ncp - statusbuf); netflush();}); -+} -+ -+/* -+ * This function appends data to nfrontp and advances nfrontp. -+ */ -+ -+int -+output_data(const char *format, ...) -+{ -+ va_list args; -+ size_t remaining, ret; -+ -+ va_start(args, format); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ /* try a netflush() if the room is too low */ -+ if (strlen(format) > remaining || BUFSIZ / 4 > remaining) { -+ netflush(); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ } -+ ret = vsnprintf(nfrontp, remaining, format, args); -+ nfrontp += ((ret < remaining - 1) ? ret : remaining - 1); -+ va_end(args); -+ return ret; -+} -+ -+int -+output_datalen(const char *buf, size_t len) -+{ -+ size_t remaining; -+ -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ if (remaining < len) { -+ netflush(); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ } -+ if (remaining < len) -+ return -1; -+ memmove(nfrontp, buf, len); -+ nfrontp += len; -+ return (len); - } - - static int envvarok(varp) diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.c b/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.c deleted file mode 100644 index 9eef170..0000000 --- a/security/krb5-16/files/patch-appl::telnet::telnetd::telnetd.c +++ /dev/null @@ -1,169 +0,0 @@ ---- appl/telnet/telnetd/telnetd.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/telnetd.c Mon Jul 23 17:27:05 2001 -@@ -693,7 +693,7 @@ - char *error_message = - "Encryption was not successfully negotiated. Goodbye.\r\n\r\n"; - -- writenet(error_message, strlen(error_message)); -+ output_datalen(error_message, strlen(error_message)); - netflush(); - exit(1); - } -@@ -782,9 +782,7 @@ - { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - if (his_state_is_will(TELOPT_XDISPLOC)) { -@@ -792,9 +790,7 @@ - { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - if (his_state_is_will(TELOPT_NEW_ENVIRON)) { -@@ -802,9 +798,7 @@ - { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - else if (his_state_is_will(TELOPT_OLD_ENVIRON)) { -@@ -812,17 +806,13 @@ - { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - if (his_state_is_will(TELOPT_TTYPE)) { - - if(nfrontp - netobuf + sizeof(ttytype_sbbuf) < sizeof(netobuf)) { -- memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf)); -- nfrontp += sizeof(ttytype_sbbuf); -- *nfrontp = '\0'; -+ output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf); - } - } - if (his_state_is_will(TELOPT_TSPEED)) { -@@ -902,9 +892,7 @@ - return; - settimer(baseline); - if(nfrontp - netobuf + sizeof(ttytype_sbbuf)) { -- memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf)); -- nfrontp += sizeof(ttytype_sbbuf); -- *nfrontp = '\0'; -+ output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf); - } - while (sequenceIs(ttypesubopt, baseline)) - ttloop(); -@@ -1177,9 +1165,7 @@ - * mode, which we do not want. - */ - if (his_want_state_is_will(TELOPT_ECHO)) { -- DIAG(TD_OPTIONS, -- {sprintf(nfrontp, "td: simulating recv\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_OPTIONS, output_data("td: simulating recv\r\n")); - willoption(TELOPT_ECHO); - } - -@@ -1308,9 +1294,7 @@ - localstat(); - #endif /* LINEMODE */ - -- DIAG(TD_REPORT, -- {sprintf(nfrontp, "td: Entering processing loop\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_REPORT, output_data("td: Entering processing loop\r\n")); - - #ifdef convex - startslave(host); -@@ -1435,8 +1419,7 @@ - netip = netibuf; - } - DIAG((TD_REPORT | TD_NETDATA), -- {sprintf(nfrontp, "td: netread %d chars\r\n", ncc); -- nfrontp += strlen(nfrontp);}); -+ output_data("td: netread %d chars\r\n", ncc)); - DIAG(TD_NETDATA, printdata("nd", netip, ncc)); - } - -@@ -1483,8 +1466,7 @@ - * royally if we send them urgent - * mode data. - */ -- *nfrontp++ = IAC; -- *nfrontp++ = DM; -+ output_data("%c%c", IAC, DM); - neturg = nfrontp-1; /* off by one XXX */ - #endif - } -@@ -1495,13 +1477,11 @@ - ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0; - if (newflow != flowmode) { - flowmode = newflow; -- (void) sprintf(nfrontp, -- "%c%c%c%c%c%c", -+ output_data("%c%c%c%c%c%c", - IAC, SB, TELOPT_LFLOW, - flowmode ? LFLOW_ON - : LFLOW_OFF, - IAC, SE); -- nfrontp += 6; - } - } - pcc--; -@@ -1524,19 +1504,19 @@ - break; - c = *ptyip++ & 0377, pcc--; - if (c == IAC) -- *nfrontp++ = c; -+ output_data("%c", c); - #if defined(CRAY2) && defined(UNICOS5) - else if (c == '\n' && - my_state_is_wont(TELOPT_BINARY) && newmap) -- *nfrontp++ = '\r'; -+ output_data("\r"); - #endif /* defined(CRAY2) && defined(UNICOS5) */ -- *nfrontp++ = c; -+ output_data("%c", c); - if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) { - if (pcc > 0 && ((*ptyip & 0377) == '\n')) { -- *nfrontp++ = *ptyip++ & 0377; -+ output_data("%c", *ptyip++ & 0377); - pcc--; - } else -- *nfrontp++ = '\0'; -+ output_data("%c", '\0'); - } - } - #if defined(CRAY2) && defined(UNICOS5) -@@ -1707,10 +1687,7 @@ - return; - } - #endif -- (void) strncpy(nfrontp, "\r\n[Yes]\r\n", -- sizeof(netobuf) - 1 - (nfrontp - netobuf)); -- nfrontp += 9; -- *nfrontp = '\0'; -+ output_data("\r\n[Yes]\r\n"); - } - - void diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::termstat.c b/security/krb5-16/files/patch-appl::telnet::telnetd::termstat.c deleted file mode 100644 index 422f1c8..0000000 --- a/security/krb5-16/files/patch-appl::telnet::telnetd::termstat.c +++ /dev/null @@ -1,74 +0,0 @@ ---- appl/telnet/telnetd/termstat.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/termstat.c Thu Jul 19 19:22:54 2001 -@@ -283,10 +283,9 @@ - # endif /* KLUDGELINEMODE */ - send_do(TELOPT_LINEMODE, 1); - /* send along edit modes */ -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB, -+ output_data("%c%c%c%c%c%c%c", IAC, SB, - TELOPT_LINEMODE, LM_MODE, useeditmode, - IAC, SE); -- nfrontp += 7; - editmode = useeditmode; - # ifdef KLUDGELINEMODE - } -@@ -312,10 +311,9 @@ - /* - * Send along appropriate edit mode mask. - */ -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB, -+ output_data("%c%c%c%c%c%c%c", IAC, SB, - TELOPT_LINEMODE, LM_MODE, useeditmode, - IAC, SE); -- nfrontp += 7; - editmode = useeditmode; - } - -@@ -359,20 +357,18 @@ - if (his_state_is_will(TELOPT_LFLOW)) { - if (tty_flowmode() != flowmode) { - flowmode = tty_flowmode(); -- (void) sprintf(nfrontp, "%c%c%c%c%c%c", -+ output_data("%c%c%c%c%c%c", - IAC, SB, TELOPT_LFLOW, - flowmode ? LFLOW_ON : LFLOW_OFF, - IAC, SE); -- nfrontp += 6; - } - if (tty_restartany() != restartany) { - restartany = tty_restartany(); -- (void) sprintf(nfrontp, "%c%c%c%c%c%c", -+ output_data("%c%c%c%c%c%c", - IAC, SB, TELOPT_LFLOW, - restartany ? LFLOW_RESTART_ANY - : LFLOW_RESTART_XON, - IAC, SE); -- nfrontp += 6; - } - } - } -@@ -445,10 +441,9 @@ - useeditmode |= MODE_SOFT_TAB; - if (tty_islitecho()) - useeditmode |= MODE_LIT_ECHO; -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, -+ output_data("%c%c%c%c%c%c%c", IAC, - SB, TELOPT_LINEMODE, LM_MODE, - useeditmode, IAC, SE); -- nfrontp += 7; - editmode = useeditmode; - } - -@@ -504,11 +499,10 @@ - set_termbuf(); - - if (!ack) { -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, -+ output_data("%c%c%c%c%c%c%c", IAC, - SB, TELOPT_LINEMODE, LM_MODE, - useeditmode|MODE_ACK, - IAC, SE); -- nfrontp += 7; - } - - editmode = useeditmode; diff --git a/security/krb5-16/files/patch-appl::telnet::telnetd::utility.c b/security/krb5-16/files/patch-appl::telnet::telnetd::utility.c index d49598c..8bb656d 100644 --- a/security/krb5-16/files/patch-appl::telnet::telnetd::utility.c +++ b/security/krb5-16/files/patch-appl::telnet::telnetd::utility.c @@ -1,879 +1,38 @@ ---- appl/telnet/telnetd/utility.c.orig Wed Feb 28 14:06:52 2001 -+++ appl/telnet/telnetd/utility.c Mon Jul 23 17:16:27 2001 -@@ -58,8 +58,7 @@ +--- appl/telnet/telnetd/utility.c.orig Wed Jan 9 14:26:59 2002 ++++ appl/telnet/telnetd/utility.c Fri Jan 11 13:10:33 2002 +@@ -408,18 +408,25 @@ + int + netwrite(const char *buf, size_t len) { - void netflush(); - -- DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_REPORT, output_data("td: ttloop\r\n")); - if (nfrontp-nbackp) { - netflush(); - } -@@ -74,8 +73,7 @@ - syslog(LOG_INFO, "ttloop: peer died: %m"); - exit(1); - } -- DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_REPORT, output_data("td: ttloop read %d chars\r\n", ncc)); - netip = netibuf; - telrcv(); /* state machine */ - if (ncc > 0) { -@@ -117,9 +115,8 @@ - int n; - - if ((n = pfrontp - pbackp) > 0) { -- DIAG((TD_REPORT | TD_PTYDATA), -- { sprintf(nfrontp, "td: ptyflush %d chars\r\n", n); -- nfrontp += strlen(nfrontp); }); -+ DIAG(TD_REPORT | TD_PTYDATA, -+ output_data("td: ptyflush %d chars\r\n", n)); - DIAG(TD_PTYDATA, printdata("pd", pbackp, n)); - n = write(pty, pbackp, n); - } -@@ -251,11 +248,9 @@ - extern int not42; - - if ((n = nfrontp - nbackp) > 0) { -- DIAG(TD_REPORT, -- { sprintf(nfrontp, "td: netflush %d chars\r\n", n); -- n += strlen(nfrontp); /* get count first */ -- nfrontp += strlen(nfrontp); /* then move pointer */ -- }); -+ DIAG(TD_REPORT, { -+ n += output_data("td: netflush %d chars\r\n", n); -+ }); - #ifdef ENCRYPTION - if (encrypt_output) { - char *s = nclearto ? nclearto : nbackp; -@@ -314,33 +309,6 @@ - - - /* -- * writenet -- * -- * Just a handy little function to write a bit of raw data to the net. -- * It will force a transmit of the buffer if necessary -- * -- * arguments -- * ptr - A pointer to a character string to write -- * len - How many bytes to write -- */ -- void --writenet(ptr, len) -- register unsigned char *ptr; -- register int len; --{ -- /* flush buffer if no room for new data) */ -- if ((&netobuf[BUFSIZ] - nfrontp) < len) { -- /* if this fails, don't worry, buffer is a little big */ +- size_t remain; ++ int remaining, copied; ++ ++ remaining = BUFSIZ - (nfrontp - netobuf); ++ while (len > 0) { ++ /* Free up enough space if the room is too low*/ ++ if ((len > BUFSIZ ? BUFSIZ : len) > remaining) { ++ netflush(); ++ remaining = BUFSIZ - (nfrontp - netobuf); ++ } + +- remain = sizeof(netobuf) - (nfrontp - netobuf); +- if (remain < len) { - netflush(); -- } -- -- memcpy(nfrontp, ptr, len); -- nfrontp += len; -- --} /* end of writenet */ -- -- --/* - * miscellaneous functions doing a variety of little jobs follow ... - */ - -@@ -528,12 +496,11 @@ - register int option; - { - if (TELOPT_OK(option)) -- sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option)); -+ output_data("%s %s\r\n", fmt, TELOPT(option)); - else if (TELCMD_OK(option)) -- sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option)); -+ output_data("%s %s\r\n", fmt, TELCMD(option)); - else -- sprintf(nfrontp, "%s %d\r\n", fmt, option); -- nfrontp += strlen(nfrontp); -+ output_data("%s %d\r\n", fmt, option); - return; - } - -@@ -550,9 +517,8 @@ - return; - - if (direction) { -- sprintf(nfrontp, "td: %s suboption ", -+ output_data("td: %s suboption ", - direction == '<' ? "recv" : "send"); -- nfrontp += strlen(nfrontp); - if (length >= 3) { - register int j; - -@@ -560,232 +526,192 @@ - j = pointer[length-1]; - - if (i != IAC || j != SE) { -- sprintf(nfrontp, "(terminated by "); -- nfrontp += strlen(nfrontp); -+ output_data("(terminated by "); - if (TELOPT_OK(i)) -- sprintf(nfrontp, "%s ", TELOPT(i)); -+ output_data("%s ", TELOPT(i)); - else if (TELCMD_OK(i)) -- sprintf(nfrontp, "%s ", TELCMD(i)); -+ output_data("%s ", TELCMD(i)); - else -- sprintf(nfrontp, "%d ", i); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", i); - if (TELOPT_OK(j)) -- sprintf(nfrontp, "%s", TELOPT(j)); -+ output_data("%s", TELOPT(j)); - else if (TELCMD_OK(j)) -- sprintf(nfrontp, "%s", TELCMD(j)); -+ output_data("%s", TELCMD(j)); - else -- sprintf(nfrontp, "%d", j); -- nfrontp += strlen(nfrontp); -- sprintf(nfrontp, ", not IAC SE!) "); -- nfrontp += strlen(nfrontp); -+ output_data("%d", j); -+ output_data(", not IAC SE!) "); - } - } - length -= 2; - } - if (length < 1) { -- sprintf(nfrontp, "(Empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(Empty suboption??\?)"); - return; +- remain = sizeof(netobuf) - (nfrontp - netobuf); ++ /* Copy out as much as will fit */ ++ copied = remaining > len ? len : remaining; ++ memmove(nfrontp, buf, copied); ++ nfrontp += copied; ++ len -= copied; ++ remaining -= copied; ++ buf += copied; } - switch (pointer[0]) { - case TELOPT_TTYPE: -- sprintf(nfrontp, "TERMINAL-TYPE "); -- nfrontp += strlen(nfrontp); -+ output_data("TERMINAL-TYPE "); - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2); -+ output_data("IS \"%.*s\"", length-2, (char *)pointer+2); - break; - case TELQUAL_SEND: -- sprintf(nfrontp, "SEND"); -+ output_data("SEND"); - break; - default: -- sprintf(nfrontp, -+ output_data( - "- unknown qualifier %d (0x%x).", - pointer[1], pointer[1]); - } -- nfrontp += strlen(nfrontp); - break; - case TELOPT_TSPEED: -- sprintf(nfrontp, "TERMINAL-SPEED"); -- nfrontp += strlen(nfrontp); -+ output_data("TERMINAL-SPEED"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2); -- nfrontp += strlen(nfrontp); -+ output_data(" IS %.*s", length-2, (char *)pointer+2); - break; - default: - if (pointer[1] == 1) -- sprintf(nfrontp, " SEND"); -+ output_data(" SEND"); - else -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[1]); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - } - break; - - case TELOPT_LFLOW: -- sprintf(nfrontp, "TOGGLE-FLOW-CONTROL"); -- nfrontp += strlen(nfrontp); -+ output_data("TOGGLE-FLOW-CONTROL"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case LFLOW_OFF: -- sprintf(nfrontp, " OFF"); break; -+ output_data(" OFF"); break; - case LFLOW_ON: -- sprintf(nfrontp, " ON"); break; -+ output_data(" ON"); break; - case LFLOW_RESTART_ANY: -- sprintf(nfrontp, " RESTART-ANY"); break; -+ output_data(" RESTART-ANY"); break; - case LFLOW_RESTART_XON: -- sprintf(nfrontp, " RESTART-XON"); break; -+ output_data(" RESTART-XON"); break; - default: -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -+ output_data(" %d (unknown)", pointer[1]); - } -- nfrontp += strlen(nfrontp); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - - case TELOPT_NAWS: -- sprintf(nfrontp, "NAWS"); -- nfrontp += strlen(nfrontp); -+ output_data("NAWS"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - if (length == 2) { -- sprintf(nfrontp, " ?%d?", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[1]); - break; - } -- sprintf(nfrontp, " %d %d (%d)", -+ output_data(" %d %d (%d)", - pointer[1], pointer[2], - (int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2]))); -- nfrontp += strlen(nfrontp); - if (length == 4) { -- sprintf(nfrontp, " ?%d?", pointer[3]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[3]); - break; - } -- sprintf(nfrontp, " %d %d (%d)", -+ output_data(" %d %d (%d)", - pointer[3], pointer[4], - (int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4]))); -- nfrontp += strlen(nfrontp); - for (i = 5; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - - case TELOPT_LINEMODE: -- sprintf(nfrontp, "LINEMODE "); -- nfrontp += strlen(nfrontp); -+ output_data("LINEMODE "); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case WILL: -- sprintf(nfrontp, "WILL "); -+ output_data("WILL "); - goto common; - case WONT: -- sprintf(nfrontp, "WONT "); -+ output_data("WONT "); - goto common; - case DO: -- sprintf(nfrontp, "DO "); -+ output_data("DO "); - goto common; - case DONT: -- sprintf(nfrontp, "DONT "); -+ output_data("DONT "); - common: -- nfrontp += strlen(nfrontp); - if (length < 3) { -- sprintf(nfrontp, "(no option??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(no option??\?)"); - break; - } - switch (pointer[2]) { - case LM_FORWARDMASK: -- sprintf(nfrontp, "Forward Mask"); -- nfrontp += strlen(nfrontp); -+ output_data("Forward Mask"); - for (i = 3; i < length; i++) { -- sprintf(nfrontp, " %x", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %x", pointer[i]); - } - break; - default: -- sprintf(nfrontp, "%d (unknown)", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data("%d (unknown)", pointer[2]); - for (i = 3; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - } - break; - } - break; - - case LM_SLC: -- sprintf(nfrontp, "SLC"); -- nfrontp += strlen(nfrontp); -+ output_data("SLC"); - for (i = 2; i < length - 2; i += 3) { - if (SLC_NAME_OK(pointer[i+SLC_FUNC])) -- sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC])); -+ output_data(" %s", SLC_NAME(pointer[i+SLC_FUNC])); - else -- sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i+SLC_FUNC]); - switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) { - case SLC_NOSUPPORT: -- sprintf(nfrontp, " NOSUPPORT"); break; -+ output_data(" NOSUPPORT"); break; - case SLC_CANTCHANGE: -- sprintf(nfrontp, " CANTCHANGE"); break; -+ output_data(" CANTCHANGE"); break; - case SLC_VARIABLE: -- sprintf(nfrontp, " VARIABLE"); break; -+ output_data(" VARIABLE"); break; - case SLC_DEFAULT: -- sprintf(nfrontp, " DEFAULT"); break; -+ output_data(" DEFAULT"); break; - } -- nfrontp += strlen(nfrontp); -- sprintf(nfrontp, "%s%s%s", -+ output_data("%s%s%s", - pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "", - pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "", - pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : ""); -- nfrontp += strlen(nfrontp); - if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN| - SLC_FLUSHOUT| SLC_LEVELBITS)) { -- sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]); -- nfrontp += strlen(nfrontp); -+ output_data("(0x%x)", pointer[i+SLC_FLAGS]); - } -- sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d;", pointer[i+SLC_VALUE]); - if ((pointer[i+SLC_VALUE] == IAC) && - (pointer[i+SLC_VALUE+1] == IAC)) - i++; - } - for (; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - - case LM_MODE: -- sprintf(nfrontp, "MODE "); -- nfrontp += strlen(nfrontp); -+ output_data("MODE "); - if (length < 3) { -- sprintf(nfrontp, "(no mode??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(no mode??\?)"); - break; - } - { -@@ -796,24 +722,19 @@ - pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "", - pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "", - pointer[2]&MODE_ACK ? "|ACK" : ""); -- sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0"); -- nfrontp += strlen(nfrontp); -+ output_data("%s", tbuf[1] ? &tbuf[1] : "0"); - } - if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) { -- sprintf(nfrontp, " (0x%x)", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data(" (0x%x)", pointer[2]); - } - for (i = 3; i < length; i++) { -- sprintf(nfrontp, " ?0x%x?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?0x%x?", pointer[i]); - } - break; - default: -- sprintf(nfrontp, "%d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data("%d (unknown)", pointer[1]); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - } - } - break; -@@ -822,24 +743,20 @@ - register char *cp; - register int j, k; - -- sprintf(nfrontp, "STATUS"); -- nfrontp += strlen(nfrontp); -+ output_data("STATUS"); - - switch (pointer[1]) { - default: - if (pointer[1] == TELQUAL_SEND) -- sprintf(nfrontp, " SEND"); -+ output_data(" SEND"); - else -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[1]); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - case TELQUAL_IS: -- sprintf(nfrontp, " IS\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data(" IS\r\n"); - - for (i = 2; i < length; i++) { - switch(pointer[i]) { -@@ -850,18 +767,15 @@ - common2: - i++; - if (TELOPT_OK(pointer[i])) -- sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i])); -+ output_data(" %s %s", cp, TELOPT(pointer[i])); - else -- sprintf(nfrontp, " %s %d", cp, pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %s %d", cp, pointer[i]); - -- sprintf(nfrontp, "\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data("\r\n"); - break; - - case SB: -- sprintf(nfrontp, " SB "); -- nfrontp += strlen(nfrontp); -+ output_data(" SB "); - i++; - j = k = i; - while (j < length) { -@@ -877,20 +791,17 @@ - } - printsub(0, &pointer[i], k - i); - if (i < length) { -- sprintf(nfrontp, " SE"); -- nfrontp += strlen(nfrontp); -+ output_data(" SE"); - i = j; - } else - i = j - 1; - -- sprintf(nfrontp, "\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data("\r\n"); - - break; - - default: -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - break; - } - } -@@ -900,86 +811,77 @@ - } - - case TELOPT_XDISPLOC: -- sprintf(nfrontp, "X-DISPLAY-LOCATION "); -- nfrontp += strlen(nfrontp); -+ output_data("X-DISPLAY-LOCATION "); - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2); -+ output_data("IS \"%.*s\"", length-2, (char *)pointer+2); - break; - case TELQUAL_SEND: -- sprintf(nfrontp, "SEND"); -+ output_data("SEND"); - break; - default: -- sprintf(nfrontp, "- unknown qualifier %d (0x%x).", -+ output_data("- unknown qualifier %d (0x%x).", - pointer[1], pointer[1]); - } -- nfrontp += strlen(nfrontp); - break; - - case TELOPT_NEW_ENVIRON: -- sprintf(nfrontp, "NEW-ENVIRON "); -+ output_data("NEW-ENVIRON "); - goto env_common1; - case TELOPT_OLD_ENVIRON: -- sprintf(nfrontp, "OLD-ENVIRON"); -+ output_data("OLD-ENVIRON"); - env_common1: -- nfrontp += strlen(nfrontp); - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, "IS "); -+ output_data("IS "); - goto env_common; - case TELQUAL_SEND: -- sprintf(nfrontp, "SEND "); -+ output_data("SEND "); - goto env_common; - case TELQUAL_INFO: -- sprintf(nfrontp, "INFO "); -+ output_data("INFO "); - env_common: -- nfrontp += strlen(nfrontp); - { - register int noquote = 2; - for (i = 2; i < length; i++ ) { - switch (pointer[i]) { - case NEW_ENV_VAR: -- sprintf(nfrontp, "\" VAR " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" VAR " + noquote); - noquote = 2; - break; - - case NEW_ENV_VALUE: -- sprintf(nfrontp, "\" VALUE " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" VALUE " + noquote); - noquote = 2; - break; - - case ENV_ESC: -- sprintf(nfrontp, "\" ESC " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" ESC " + noquote); - noquote = 2; - break; - - case ENV_USERVAR: -- sprintf(nfrontp, "\" USERVAR " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" USERVAR " + noquote); - noquote = 2; - break; - - default: - if (isprint(pointer[i]) && pointer[i] != '"') { - if (noquote) { -- *nfrontp++ = '"'; -+ output_data("\""); - noquote = 0; - } -- *nfrontp++ = pointer[i]; -+ output_data("%c", pointer[i]); - } else { -- sprintf(nfrontp, "\" %03o " + noquote, -+ output_data("\" %03o " + noquote, - pointer[i]); -- nfrontp += strlen(nfrontp); - noquote = 2; - } - break; - } - } - if (!noquote) -- *nfrontp++ = '"'; -+ output_data("\""); - break; - } - } -@@ -987,90 +889,69 @@ - - #if defined(AUTHENTICATION) - case TELOPT_AUTHENTICATION: -- sprintf(nfrontp, "AUTHENTICATION"); -- nfrontp += strlen(nfrontp); -+ output_data("AUTHENTICATION"); - - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case TELQUAL_REPLY: - case TELQUAL_IS: -- sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ? -+ output_data(" %s ", (pointer[1] == TELQUAL_IS) ? - "IS" : "REPLY"); -- nfrontp += strlen(nfrontp); - if (AUTHTYPE_NAME_OK(pointer[2])) -- sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2])); -+ output_data("%s ", AUTHTYPE_NAME(pointer[2])); - else -- sprintf(nfrontp, "%d ", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", pointer[2]); - if (length < 3) { -- sprintf(nfrontp, "(partial suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(partial suboption??\?)"); - break; - } -- sprintf(nfrontp, "%s|%s%s", -+ output_data("%s|%s", - ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? - "CLIENT" : "SERVER", - ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? - "MUTUAL" : "ONE-WAY", - ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ? - "|ENCRYPT" : ""); -- nfrontp += strlen(nfrontp); - - auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); -- sprintf(nfrontp, "%s", buf); -- nfrontp += strlen(nfrontp); -+ output_data("%s", buf); - break; - - case TELQUAL_SEND: - i = 2; -- sprintf(nfrontp, " SEND "); -- nfrontp += strlen(nfrontp); -+ output_data(" SEND "); - while (i < length) { - if (AUTHTYPE_NAME_OK(pointer[i])) -- sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i])); -+ output_data("%s ", AUTHTYPE_NAME(pointer[i])); - else -- sprintf(nfrontp, "%d ", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", pointer[i]); - if (++i >= length) { -- sprintf(nfrontp, "(partial suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(partial suboption??\?)"); - break; - } -- sprintf(nfrontp, "%s|%s%s ", -+ output_data( "%s|%s%s ", - ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? - "CLIENT" : "SERVER", - ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? - "MUTUAL" : "ONE-WAY", - ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ? - "|ENCRYPT" : ""); -- nfrontp += strlen(nfrontp); - ++i; - } - break; - - case TELQUAL_NAME: -- i = 2; -- sprintf(nfrontp, " NAME \""); -- nfrontp += strlen(nfrontp); -- while (i < length) { -- if (isprint(pointer[i])) -- *nfrontp++ = pointer[i++]; -- else { -- sprintf(nfrontp, "\"%03o",pointer[i++]); -- nfrontp += strlen(nfrontp); -- } -- } -- *nfrontp++ = '"'; -+ output_data(" NAME \"%.*s\"", -+ length - 2, -+ pointer + 2); - break; - - default: - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - } -@@ -1079,86 +960,70 @@ - - #ifdef ENCRYPTION - case TELOPT_ENCRYPT: -- sprintf(nfrontp, "ENCRYPT"); -- nfrontp += strlen(nfrontp); -+ output_data("ENCRYPT"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case ENCRYPT_START: -- sprintf(nfrontp, " START"); -- nfrontp += strlen(nfrontp); -+ output_data(" START"); - break; - - case ENCRYPT_END: -- sprintf(nfrontp, " END"); -- nfrontp += strlen(nfrontp); -+ output_data(" END"); - break; - - case ENCRYPT_REQSTART: -- sprintf(nfrontp, " REQUEST-START"); -- nfrontp += strlen(nfrontp); -+ output_data(" REQUEST-START"); - break; - - case ENCRYPT_REQEND: -- sprintf(nfrontp, " REQUEST-END"); -- nfrontp += strlen(nfrontp); -+ output_data(" REQUEST-END"); - break; - - case ENCRYPT_IS: - case ENCRYPT_REPLY: -- sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ? -+ output_data(" %s ", (pointer[1] == ENCRYPT_IS) ? - "IS" : "REPLY"); -- nfrontp += strlen(nfrontp); - if (length < 3) { -- sprintf(nfrontp, " (partial suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (partial suboption??\?)"); - break; - } - if (ENCTYPE_NAME_OK(pointer[2])) -- sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2])); -+ output_data("%s ", ENCTYPE_NAME(pointer[2])); - else -- sprintf(nfrontp, " %d (unknown)", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[2]); - - encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf)); -- sprintf(nfrontp, "%s", buf); -- nfrontp += strlen(nfrontp); -+ output_data("%s", buf); - break; - - case ENCRYPT_SUPPORT: - i = 2; -- sprintf(nfrontp, " SUPPORT "); -- nfrontp += strlen(nfrontp); -+ output_data(" SUPPORT "); - while (i < length) { - if (ENCTYPE_NAME_OK(pointer[i])) -- sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i])); -+ output_data("%s ", ENCTYPE_NAME(pointer[i])); - else -- sprintf(nfrontp, "%d ", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", pointer[i]); - i++; - } - break; - - case ENCRYPT_ENC_KEYID: -- sprintf(nfrontp, " ENC_KEYID", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" ENC_KEYID"); - goto encommon; - - case ENCRYPT_DEC_KEYID: -- sprintf(nfrontp, " DEC_KEYID", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" DEC_KEYID"); - goto encommon; - - default: -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[1]); - encommon: - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - } - break; - } -@@ -1167,18 +1032,15 @@ - - default: - if (TELOPT_OK(pointer[0])) -- sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0])); -+ output_data( "%s (unknown)", TELOPT(pointer[0])); - else -- sprintf(nfrontp, "%d (unknown)", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data( "%d (unknown)", pointer[i]); - for (i = 1; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data( " %d", pointer[i]); - } - break; - } -- sprintf(nfrontp, "\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data( "\r\n"); +- if (remain < len) +- return 0; +- memcpy(nfrontp, buf, len); +- nfrontp += len; +- return len; ++ return copied; } /* -@@ -1200,26 +1062,22 @@ - } - - /* add a line of output */ -- sprintf(nfrontp, "%s: ", tag); -- nfrontp += strlen(nfrontp); -+ output_data("%s: ", tag); - for (i = 0; i < 20 && cnt; i++) { -- sprintf(nfrontp, "%02x", *ptr); -- nfrontp += strlen(nfrontp); -+ output_data("%02x", *ptr); - if (isprint(*ptr)) { - xbuf[i] = *ptr; - } else { - xbuf[i] = '.'; - } - if (i % 2) { -- *nfrontp = ' '; -- nfrontp++; -+ output_data(" "); - } - cnt--; - ptr++; - } - xbuf[i] = '\0'; -- sprintf(nfrontp, " %s\r\n", xbuf ); -- nfrontp += strlen(nfrontp); -+ output_data(" %s\r\n", xbuf ); - } - } - #endif /* DIAGNOSTICS */ diff --git a/security/krb5-16/files/patch-ay b/security/krb5-16/files/patch-ay index 4ed0c9e..54c041e 100644 --- a/security/krb5-16/files/patch-ay +++ b/security/krb5-16/files/patch-ay @@ -1,6 +1,6 @@ ---- util/pty/getpty.c.orig Fri Feb 6 19:46:42 1998 -+++ util/pty/getpty.c Mon Apr 5 14:00:07 1999 -@@ -21,13 +21,26 @@ +--- util/pty/getpty.c.orig Wed Jan 9 14:28:37 2002 ++++ util/pty/getpty.c Thu Jan 10 21:30:40 2002 +@@ -24,13 +24,26 @@ #include "libpty.h" #include "pty-int.h" @@ -17,19 +17,19 @@ +#define PTYCHARS2 "0123456789abcdef" +#endif + - long pty_getpty (fd, slave, slavelength) - int slavelength; - int *fd; char *slave; + long + ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) { -- char *cp; ++ int ptynum; + char *cp1, *cp2; + #if !defined(HAVE__GETPTY) && !defined(HAVE_OPENPTY) +- char *cp; char *p; - int i,ptynum; -+ int ptynum; struct stat stb; char slavebuf[1024]; - #ifdef HAVE__GETPTY -@@ -109,14 +122,14 @@ + #endif +@@ -115,14 +128,14 @@ strncpy(slave, slavebuf, slavelength); return 0; } else { diff --git a/security/krb5-16/files/patch-bd b/security/krb5-16/files/patch-bd deleted file mode 100644 index b2bf412..0000000 --- a/security/krb5-16/files/patch-bd +++ /dev/null @@ -1,19 +0,0 @@ ---- appl/gssftp/ftpd/ftpcmd.y.ORIG Wed Feb 28 16:06:45 2001 -+++ appl/gssftp/ftpd/ftpcmd.y Fri Apr 27 10:18:01 2001 -@@ -805,11 +805,13 @@ - * This is a valid reply in some cases but not in others. - */ - if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) { -- *(char **)&($$) = *ftpglob((char *) $1); -- if (globerr != NULL) { -+ char **vv; -+ vv = ftpglob((char *) $1); -+ if (vv == NULL || globerr != NULL) { - reply(550, globerr); - $$ = NULL; -- } -+ } else -+ $$ = *vv; - free((char *) $1); - } else - $$ = $1; diff --git a/security/krb5-16/pkg-plist b/security/krb5-16/pkg-plist index 5170610..01977cd 100644 --- a/security/krb5-16/pkg-plist +++ b/security/krb5-16/pkg-plist @@ -63,10 +63,10 @@ lib/libk5crypto.so lib/libk5crypto.so.3 lib/libkadm5clnt.a lib/libkadm5clnt.so -lib/libkadm5clnt.so.4 +lib/libkadm5clnt.so.5 lib/libkadm5srv.a lib/libkadm5srv.so -lib/libkadm5srv.so.4 +lib/libkadm5srv.so.5 lib/libkdb5.a lib/libkdb5.so lib/libkdb5.so.3 diff --git a/security/krb5-17/Makefile b/security/krb5-17/Makefile index 3a0bf18..e9c8235 100644 --- a/security/krb5-17/Makefile +++ b/security/krb5-17/Makefile @@ -6,8 +6,7 @@ # PORTNAME= krb5 -PORTVERSION= 1.2.2 -PORTREVISION= 5 +PORTVERSION= 1.2.3 CATEGORIES= security MASTER_SITES= # manual download diff --git a/security/krb5-17/distinfo b/security/krb5-17/distinfo index e8159e5..3af0278 100644 --- a/security/krb5-17/distinfo +++ b/security/krb5-17/distinfo @@ -1 +1 @@ -MD5 (krb5-1.2.2.tar.gz) = 57d1bf3a3c68ee8af64e31a46799551c +MD5 (krb5-1.2.3.tar.gz) = 1e93aed5e6ae13eb4b5b5278b1a6ab46 diff --git a/security/krb5-17/files/patch-ai b/security/krb5-17/files/patch-ai index 634db6c..f5b7331 100644 --- a/security/krb5-17/files/patch-ai +++ b/security/krb5-17/files/patch-ai @@ -1,6 +1,6 @@ ---- appl/gssftp/ftpd/ftpd.c.orig Wed Feb 28 16:06:45 2001 -+++ appl/gssftp/ftpd/ftpd.c Fri Apr 27 10:18:01 2001 -@@ -485,7 +485,13 @@ +--- appl/gssftp/ftpd/ftpd.c.orig Wed Jan 9 14:26:51 2002 ++++ appl/gssftp/ftpd/ftpd.c Thu Jan 10 19:00:13 2002 +@@ -487,7 +487,13 @@ #ifndef LOG_DAEMON #define LOG_DAEMON 0 #endif @@ -15,273 +15,14 @@ addrlen = sizeof (his_addr); if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { -@@ -761,7 +767,16 @@ - int result; - #ifdef GSSAPI - if (auth_type && strcmp(auth_type, "GSSAPI") == 0) { -+ int len; - authorized = ftpd_gss_userok(&client_name, name) == 0; -+ len = sizeof("GSSAPI user is not authorized as " -+ "; Password required.") -+ + strlen(client_name.value) -+ + strlen(name); -+ if (len >= sizeof(buf)) { -+ syslog(LOG_ERR, "user: username too long"); -+ name = "[username too long]"; -+ } - sprintf(buf, "GSSAPI user %s is%s authorized as %s", - client_name.value, authorized ? "" : " not", - name); -@@ -772,7 +787,18 @@ - #endif /* GSSAPI */ - #ifdef KRB5_KRB4_COMPAT - if (auth_type && strcmp(auth_type, "KERBEROS_V4") == 0) { -+ int len; - authorized = kuserok(&kdata,name) == 0; -+ len = sizeof("Kerberos user .@ is not authorized as " -+ "; Password required.") -+ + strlen(kdata.pname) -+ + strlen(kdata.pinst) -+ + strlen(kdata.prealm) -+ + strlen(name); -+ if (len >= sizeof(buf)) { -+ syslog(LOG_ERR, "user: username too long"); -+ name = "[username too long]"; -+ } - sprintf(buf, "Kerberos user %s%s%s@%s is%s authorized as %s", - kdata.pname, *kdata.pinst ? "." : "", - kdata.pinst, kdata.prealm, -@@ -1179,6 +1205,11 @@ - } else { - char line[FTP_BUFSIZ]; - -+ if (strlen(cmd) + strlen(name) + 1 >= sizeof(line)) { -+ syslog(LOG_ERR, "retrieve: filename too long"); -+ reply(501, "filename too long"); -+ return; -+ } - (void) sprintf(line, cmd, name), name = line; - fin = ftpd_popen(line, "r"), closefunc = ftpd_pclose; - st.st_size = -1; -@@ -1417,6 +1448,10 @@ - return (file); - } - -+/* -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ -+ */ - #ifdef STDARG - secure_error(char *fmt, ...) - #else -@@ -1616,13 +1651,19 @@ - { - char line[FTP_BUFSIZ]; - FILE *fin; -- int c; -+ int c, n; - char str[FTP_BUFSIZ], *p; - -+ if (strlen(filename) + sizeof("/bin/ls -lgA ") -+ >= sizeof(line)) { -+ reply(501, "filename too long"); -+ return; -+ } - (void) sprintf(line, "/bin/ls -lgA %s", filename); - fin = ftpd_popen(line, "r"); - lreply(211, "status of %s:", filename); - p = str; -+ n = 0; - while ((c = getc(fin)) != EOF) { - if (c == '\n') { - if (ferror(stdout)){ -@@ -1639,7 +1680,16 @@ - *p = '\0'; - reply(0, "%s", str); - p = str; -- } else *p++ = c; -+ n = 0; -+ } else { -+ *p++ = c; -+ n++; -+ if (n >= sizeof(str)) { -+ reply(551, "output line too long"); -+ (void) ftpd_pclose(fin); -+ return; -+ } -+ } - } - if (p != str) { - *p = '\0'; -@@ -1723,6 +1773,10 @@ - - char cont_char = ' '; - -+/* -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ bytes for now. -+ */ - #ifdef STDARG - reply(int n, char *fmt, ...) - #else -@@ -1744,22 +1798,32 @@ - #endif - - if (auth_type) { -- char in[FTP_BUFSIZ], out[FTP_BUFSIZ]; -+ /* -+ * Deal with expansion in mk_{safe,priv}, -+ * radix_encode, gss_seal, plus slop. -+ */ -+ char in[FTP_BUFSIZ*3/2], out[FTP_BUFSIZ*3/2]; - int length, kerror; - if (n) sprintf(in, "%d%c", n, cont_char); - else in[0] = '\0'; - strncat(in, buf, sizeof (in) - strlen(in) - 1); - #ifdef KRB5_KRB4_COMPAT - if (strcmp(auth_type, "KERBEROS_V4") == 0) { -- if ((length = clevel == PROT_P ? -- krb_mk_priv((unsigned char *)in, -- (unsigned char *)out, -- strlen(in), schedule, &kdata.session, -- &ctrl_addr, &his_addr) -- : krb_mk_safe((unsigned char *)in, -- (unsigned char *)out, -- strlen(in), &kdata.session, -- &ctrl_addr, &his_addr)) == -1) { -+ if (clevel == PROT_P) -+ length = krb_mk_priv((unsigned char *)in, -+ (unsigned char *)out, -+ strlen(in), -+ schedule, &kdata.session, -+ &ctrl_addr, -+ &his_addr); -+ else -+ length = krb_mk_safe((unsigned char *)in, -+ (unsigned char *)out, -+ strlen(in), -+ &kdata.session, -+ &ctrl_addr, -+ &his_addr); -+ if (length == -1) { - syslog(LOG_ERR, - "krb_mk_%s failed for KERBEROS_V4", - clevel == PROT_P ? "priv" : "safe"); -@@ -1803,13 +1867,16 @@ - } - #endif /* GSSAPI */ - /* Other auth types go here ... */ -- if (kerror = radix_encode(out, in, &length, 0)) { -+ if (length >= sizeof(in) / 4 * 3) { -+ syslog(LOG_ERR, "input to radix_encode too long"); -+ fputs(in, stdout); -+ } else if (kerror = radix_encode(out, in, &length, 0)) { - syslog(LOG_ERR, "Couldn't encode reply (%s)", - radix_error(kerror)); - fputs(in,stdout); - } else -- printf("%s%c%s", clevel == PROT_P ? "632" : "631", -- n ? cont_char : '-', in); -+ printf("%s%c%s", clevel == PROT_P ? "632" : "631", -+ n ? cont_char : '-', in); - } else { - if (n) printf("%d%c", n, cont_char); - fputs(buf, stdout); -@@ -1822,6 +1889,10 @@ - } - } - -+/* -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ -+ */ - #ifdef STDARG - lreply(int n, char *fmt, ...) - #else -@@ -1866,7 +1937,8 @@ - - if (cp = strchr(cbuf,'\n')) - *cp = '\0'; -- reply(500, "'%s': command not understood.", cbuf); -+ reply(500, "'%.*s': command not understood.", -+ FTP_BUFSIZ - sizeof("'': command not understood."), cbuf); - } - - delete_file(name) -@@ -2143,7 +2215,21 @@ - int code; - char *string; - { -- reply(code, "%s: %s.", string, strerror(errno)); -+ char *err_string; -+ size_t extra_len; -+ err_string = strerror(errno); -+ if (err_string == NULL) -+ err_string = "(unknown error)"; -+ extra_len = strlen(err_string) + sizeof("(truncated): ."); -+ /* -+ * XXX knows about FTP_BUFSIZ in reply() -+ */ -+ if (strlen(string) + extra_len > FTP_BUFSIZ) { -+ reply(code, "(truncated)%.*s: %s.", -+ FTP_BUFSIZ - extra_len, string, err_string); -+ } else { -+ reply(code, "%s: %s.", string, err_string); -+ } - } - - auth(type) -@@ -2226,6 +2312,10 @@ +@@ -2312,6 +2318,10 @@ + if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum), + &kdata.session,&ctrl_addr, &his_addr)) == -1) { secure_error("ADAT: krb_mk_safe failed"); - return(0); - } -+ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { -+ secure_error("ADAT: reply too long"); + return(0); + } - if (kerror = radix_encode(out_buf, buf, &length, 0)) { - secure_error("Couldn't encode ADAT reply (%s)", - radix_error(kerror)); -@@ -2360,6 +2450,16 @@ ++ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { ++ secure_error("ADAT: reply too long"); + return(0); } - - if (out_tok.length) { -+ if (out_tok.length >= ((FTP_BUFSIZ - sizeof("ADAT=")) -+ / 4 * 3)) { -+ secure_error("ADAT: reply too long"); -+ syslog(LOG_ERR, "ADAT: reply too long"); -+ (void) gss_release_cred(&stat_min, &server_creds); -+ if (ret_flags & GSS_C_DELEG_FLAG) -+ (void) gss_release_cred(&stat_min, -+ &deleg_creds); -+ return(0); -+ } - if (kerror = radix_encode(out_tok.value, gbuf, &out_tok.length, 0)) { - secure_error("Couldn't encode ADAT reply (%s)", - radix_error(kerror)); -@@ -2458,6 +2558,9 @@ - * n>=0 on success - * -1 on error - * -2 on security error -+ * -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ - */ - #ifdef STDARG - secure_fprintf(FILE *stream, char *fmt, ...) -@@ -2575,6 +2678,15 @@ - dir->d_name[2] == '\0') - continue; - -+ if (strlen(dirname) + strlen(dir->d_name) -+ + 1 /* slash */ -+ + 2 /* CRLF */ -+ + 1 > sizeof(nbuf)) { -+ syslog(LOG_ERR, -+ "send_file_list: pathname too long"); -+ ret = -2; /* XXX */ -+ goto data_err; -+ } - sprintf(nbuf, "%s/%s", dirname, dir->d_name); - - /* + if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::authenc.c b/security/krb5-17/files/patch-appl::telnet::telnetd::authenc.c deleted file mode 100644 index 9a19ab9..0000000 --- a/security/krb5-17/files/patch-appl::telnet::telnetd::authenc.c +++ /dev/null @@ -1,12 +0,0 @@ ---- appl/telnet/telnetd/authenc.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/authenc.c Thu Jul 19 19:14:29 2001 -@@ -43,8 +43,7 @@ - int len; - { - if (nfrontp + len < netobuf + BUFSIZ) { -- memcpy((void *)nfrontp, (void *)str, len); -- nfrontp += len; -+ output_datalen(str, len); - return(len); - } - return(0); diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::ext.h b/security/krb5-17/files/patch-appl::telnet::telnetd::ext.h deleted file mode 100644 index 38fd6ac..0000000 --- a/security/krb5-17/files/patch-appl::telnet::telnetd::ext.h +++ /dev/null @@ -1,24 +0,0 @@ ---- appl/telnet/telnetd/ext.h.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/ext.h Mon Jul 23 16:44:35 2001 -@@ -75,7 +75,7 @@ - - extern char netibuf[BUFSIZ], *netip; - --extern char netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp; -+extern char netobuf[BUFSIZ], *nfrontp, *nbackp; - extern char *neturg; /* one past last bye of urgent data */ - - extern int pcc, ncc; -@@ -187,8 +187,10 @@ - tty_setsofttab P((int)), - tty_tspeed P((int)), - willoption P((int)), -- wontoption P((int)), -- writenet P((unsigned char *, int)); -+ wontoption P((int)); -+ -+extern int output_data __P((const char *, ...)) __printflike(1, 2); -+extern int output_datalen __P((const char *, size_t)); - - #ifdef ENCRYPTION - extern char *nclearto; diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::slc.c b/security/krb5-17/files/patch-appl::telnet::telnetd::slc.c deleted file mode 100644 index f4e7d41..0000000 --- a/security/krb5-17/files/patch-appl::telnet::telnetd::slc.c +++ /dev/null @@ -1,11 +0,0 @@ ---- appl/telnet/telnetd/slc.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/slc.c Mon Jul 23 16:45:51 2001 -@@ -198,7 +198,7 @@ - (void) sprintf((char *)slcptr, "%c%c", IAC, SE); - slcptr += 2; - len = slcptr - slcbuf; -- writenet(slcbuf, len); -+ output_datalen(slcbuf, len); - netflush(); /* force it out immediately */ - DIAG(TD_OPTIONS, printsub('>', slcbuf+2, len-2);); - } diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::state.c b/security/krb5-17/files/patch-appl::telnet::telnetd::state.c deleted file mode 100644 index baf2073..0000000 --- a/security/krb5-17/files/patch-appl::telnet::telnetd::state.c +++ /dev/null @@ -1,134 +0,0 @@ ---- appl/telnet/telnetd/state.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/state.c Mon Jul 23 17:48:48 2001 -@@ -33,6 +33,7 @@ - - /* based on @(#)state.c 8.1 (Berkeley) 6/4/93 */ - -+#include <stdarg.h> - #include "telnetd.h" - #if defined(AUTHENTICATION) - #include <libtelnet/auth.h> -@@ -86,7 +87,7 @@ - if (!auth_negotiated) { - static char *error = - "An environment option was sent before authentication negotiation completed.\r\nThis may create a security hazard. Connection dropped.\r\n"; -- writenet(error, strlen(error)); -+ output_datalen(error, strlen(error)); - netflush(); - exit(1); - } -@@ -209,8 +210,7 @@ - } - - netclear(); /* clear buffer back */ -- *nfrontp++ = IAC; -- *nfrontp++ = DM; -+ output_data("%c%c", IAC, DM); - neturg = nfrontp-1; /* off by one XXX */ - DIAG(TD_OPTIONS, - printoption("td: send IAC", DM)); -@@ -463,8 +463,7 @@ - set_his_want_state_will(option); - do_dont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)doopt, option); -- nfrontp += sizeof (dont) - 2; -+ output_data((const char *)doopt, option); - - DIAG(TD_OPTIONS, printoption("td: send do", option)); - } -@@ -683,8 +682,7 @@ - set_his_want_state_wont(option); - do_dont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)dont, option); -- nfrontp += sizeof (doopt) - 2; -+ output_data((const char *)dont, option); - - DIAG(TD_OPTIONS, printoption("td: send dont", option)); - } -@@ -833,8 +831,7 @@ - set_my_want_state_will(option); - will_wont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)will, option); -- nfrontp += sizeof (doopt) - 2; -+ output_data((const char *)will, option); - - DIAG(TD_OPTIONS, printoption("td: send will", option)); - } -@@ -993,8 +990,7 @@ - set_my_want_state_wont(option); - will_wont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)wont, option); -- nfrontp += sizeof (wont) - 2; -+ output_data((const char *)wont, option); - - DIAG(TD_OPTIONS, printoption("td: send wont", option)); - } -@@ -1393,9 +1389,8 @@ - env_ovar_wrong: - env_ovar = OLD_ENV_VALUE; - env_ovalue = OLD_ENV_VAR; -- DIAG(TD_OPTIONS, {sprintf(nfrontp, -- "ENVIRON VALUE and VAR are reversed!\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_OPTIONS, -+ output_data("ENVIRON VALUE and VAR are reversed!\r\n")); - - } - } -@@ -1633,11 +1628,51 @@ - ADD(IAC); - ADD(SE); - -- writenet(statusbuf, ncp - statusbuf); -+ output_datalen(statusbuf, ncp - statusbuf); - netflush(); /* Send it on its way */ - - DIAG(TD_OPTIONS, - {printsub('>', statusbuf, ncp - statusbuf); netflush();}); -+} -+ -+/* -+ * This function appends data to nfrontp and advances nfrontp. -+ */ -+ -+int -+output_data(const char *format, ...) -+{ -+ va_list args; -+ size_t remaining, ret; -+ -+ va_start(args, format); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ /* try a netflush() if the room is too low */ -+ if (strlen(format) > remaining || BUFSIZ / 4 > remaining) { -+ netflush(); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ } -+ ret = vsnprintf(nfrontp, remaining, format, args); -+ nfrontp += ((ret < remaining - 1) ? ret : remaining - 1); -+ va_end(args); -+ return ret; -+} -+ -+int -+output_datalen(const char *buf, size_t len) -+{ -+ size_t remaining; -+ -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ if (remaining < len) { -+ netflush(); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ } -+ if (remaining < len) -+ return -1; -+ memmove(nfrontp, buf, len); -+ nfrontp += len; -+ return (len); - } - - static int envvarok(varp) diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.c b/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.c deleted file mode 100644 index 9eef170..0000000 --- a/security/krb5-17/files/patch-appl::telnet::telnetd::telnetd.c +++ /dev/null @@ -1,169 +0,0 @@ ---- appl/telnet/telnetd/telnetd.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/telnetd.c Mon Jul 23 17:27:05 2001 -@@ -693,7 +693,7 @@ - char *error_message = - "Encryption was not successfully negotiated. Goodbye.\r\n\r\n"; - -- writenet(error_message, strlen(error_message)); -+ output_datalen(error_message, strlen(error_message)); - netflush(); - exit(1); - } -@@ -782,9 +782,7 @@ - { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - if (his_state_is_will(TELOPT_XDISPLOC)) { -@@ -792,9 +790,7 @@ - { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - if (his_state_is_will(TELOPT_NEW_ENVIRON)) { -@@ -802,9 +798,7 @@ - { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - else if (his_state_is_will(TELOPT_OLD_ENVIRON)) { -@@ -812,17 +806,13 @@ - { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - if (his_state_is_will(TELOPT_TTYPE)) { - - if(nfrontp - netobuf + sizeof(ttytype_sbbuf) < sizeof(netobuf)) { -- memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf)); -- nfrontp += sizeof(ttytype_sbbuf); -- *nfrontp = '\0'; -+ output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf); - } - } - if (his_state_is_will(TELOPT_TSPEED)) { -@@ -902,9 +892,7 @@ - return; - settimer(baseline); - if(nfrontp - netobuf + sizeof(ttytype_sbbuf)) { -- memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf)); -- nfrontp += sizeof(ttytype_sbbuf); -- *nfrontp = '\0'; -+ output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf); - } - while (sequenceIs(ttypesubopt, baseline)) - ttloop(); -@@ -1177,9 +1165,7 @@ - * mode, which we do not want. - */ - if (his_want_state_is_will(TELOPT_ECHO)) { -- DIAG(TD_OPTIONS, -- {sprintf(nfrontp, "td: simulating recv\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_OPTIONS, output_data("td: simulating recv\r\n")); - willoption(TELOPT_ECHO); - } - -@@ -1308,9 +1294,7 @@ - localstat(); - #endif /* LINEMODE */ - -- DIAG(TD_REPORT, -- {sprintf(nfrontp, "td: Entering processing loop\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_REPORT, output_data("td: Entering processing loop\r\n")); - - #ifdef convex - startslave(host); -@@ -1435,8 +1419,7 @@ - netip = netibuf; - } - DIAG((TD_REPORT | TD_NETDATA), -- {sprintf(nfrontp, "td: netread %d chars\r\n", ncc); -- nfrontp += strlen(nfrontp);}); -+ output_data("td: netread %d chars\r\n", ncc)); - DIAG(TD_NETDATA, printdata("nd", netip, ncc)); - } - -@@ -1483,8 +1466,7 @@ - * royally if we send them urgent - * mode data. - */ -- *nfrontp++ = IAC; -- *nfrontp++ = DM; -+ output_data("%c%c", IAC, DM); - neturg = nfrontp-1; /* off by one XXX */ - #endif - } -@@ -1495,13 +1477,11 @@ - ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0; - if (newflow != flowmode) { - flowmode = newflow; -- (void) sprintf(nfrontp, -- "%c%c%c%c%c%c", -+ output_data("%c%c%c%c%c%c", - IAC, SB, TELOPT_LFLOW, - flowmode ? LFLOW_ON - : LFLOW_OFF, - IAC, SE); -- nfrontp += 6; - } - } - pcc--; -@@ -1524,19 +1504,19 @@ - break; - c = *ptyip++ & 0377, pcc--; - if (c == IAC) -- *nfrontp++ = c; -+ output_data("%c", c); - #if defined(CRAY2) && defined(UNICOS5) - else if (c == '\n' && - my_state_is_wont(TELOPT_BINARY) && newmap) -- *nfrontp++ = '\r'; -+ output_data("\r"); - #endif /* defined(CRAY2) && defined(UNICOS5) */ -- *nfrontp++ = c; -+ output_data("%c", c); - if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) { - if (pcc > 0 && ((*ptyip & 0377) == '\n')) { -- *nfrontp++ = *ptyip++ & 0377; -+ output_data("%c", *ptyip++ & 0377); - pcc--; - } else -- *nfrontp++ = '\0'; -+ output_data("%c", '\0'); - } - } - #if defined(CRAY2) && defined(UNICOS5) -@@ -1707,10 +1687,7 @@ - return; - } - #endif -- (void) strncpy(nfrontp, "\r\n[Yes]\r\n", -- sizeof(netobuf) - 1 - (nfrontp - netobuf)); -- nfrontp += 9; -- *nfrontp = '\0'; -+ output_data("\r\n[Yes]\r\n"); - } - - void diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::termstat.c b/security/krb5-17/files/patch-appl::telnet::telnetd::termstat.c deleted file mode 100644 index 422f1c8..0000000 --- a/security/krb5-17/files/patch-appl::telnet::telnetd::termstat.c +++ /dev/null @@ -1,74 +0,0 @@ ---- appl/telnet/telnetd/termstat.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/termstat.c Thu Jul 19 19:22:54 2001 -@@ -283,10 +283,9 @@ - # endif /* KLUDGELINEMODE */ - send_do(TELOPT_LINEMODE, 1); - /* send along edit modes */ -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB, -+ output_data("%c%c%c%c%c%c%c", IAC, SB, - TELOPT_LINEMODE, LM_MODE, useeditmode, - IAC, SE); -- nfrontp += 7; - editmode = useeditmode; - # ifdef KLUDGELINEMODE - } -@@ -312,10 +311,9 @@ - /* - * Send along appropriate edit mode mask. - */ -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB, -+ output_data("%c%c%c%c%c%c%c", IAC, SB, - TELOPT_LINEMODE, LM_MODE, useeditmode, - IAC, SE); -- nfrontp += 7; - editmode = useeditmode; - } - -@@ -359,20 +357,18 @@ - if (his_state_is_will(TELOPT_LFLOW)) { - if (tty_flowmode() != flowmode) { - flowmode = tty_flowmode(); -- (void) sprintf(nfrontp, "%c%c%c%c%c%c", -+ output_data("%c%c%c%c%c%c", - IAC, SB, TELOPT_LFLOW, - flowmode ? LFLOW_ON : LFLOW_OFF, - IAC, SE); -- nfrontp += 6; - } - if (tty_restartany() != restartany) { - restartany = tty_restartany(); -- (void) sprintf(nfrontp, "%c%c%c%c%c%c", -+ output_data("%c%c%c%c%c%c", - IAC, SB, TELOPT_LFLOW, - restartany ? LFLOW_RESTART_ANY - : LFLOW_RESTART_XON, - IAC, SE); -- nfrontp += 6; - } - } - } -@@ -445,10 +441,9 @@ - useeditmode |= MODE_SOFT_TAB; - if (tty_islitecho()) - useeditmode |= MODE_LIT_ECHO; -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, -+ output_data("%c%c%c%c%c%c%c", IAC, - SB, TELOPT_LINEMODE, LM_MODE, - useeditmode, IAC, SE); -- nfrontp += 7; - editmode = useeditmode; - } - -@@ -504,11 +499,10 @@ - set_termbuf(); - - if (!ack) { -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, -+ output_data("%c%c%c%c%c%c%c", IAC, - SB, TELOPT_LINEMODE, LM_MODE, - useeditmode|MODE_ACK, - IAC, SE); -- nfrontp += 7; - } - - editmode = useeditmode; diff --git a/security/krb5-17/files/patch-appl::telnet::telnetd::utility.c b/security/krb5-17/files/patch-appl::telnet::telnetd::utility.c index d49598c..8bb656d 100644 --- a/security/krb5-17/files/patch-appl::telnet::telnetd::utility.c +++ b/security/krb5-17/files/patch-appl::telnet::telnetd::utility.c @@ -1,879 +1,38 @@ ---- appl/telnet/telnetd/utility.c.orig Wed Feb 28 14:06:52 2001 -+++ appl/telnet/telnetd/utility.c Mon Jul 23 17:16:27 2001 -@@ -58,8 +58,7 @@ +--- appl/telnet/telnetd/utility.c.orig Wed Jan 9 14:26:59 2002 ++++ appl/telnet/telnetd/utility.c Fri Jan 11 13:10:33 2002 +@@ -408,18 +408,25 @@ + int + netwrite(const char *buf, size_t len) { - void netflush(); - -- DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_REPORT, output_data("td: ttloop\r\n")); - if (nfrontp-nbackp) { - netflush(); - } -@@ -74,8 +73,7 @@ - syslog(LOG_INFO, "ttloop: peer died: %m"); - exit(1); - } -- DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_REPORT, output_data("td: ttloop read %d chars\r\n", ncc)); - netip = netibuf; - telrcv(); /* state machine */ - if (ncc > 0) { -@@ -117,9 +115,8 @@ - int n; - - if ((n = pfrontp - pbackp) > 0) { -- DIAG((TD_REPORT | TD_PTYDATA), -- { sprintf(nfrontp, "td: ptyflush %d chars\r\n", n); -- nfrontp += strlen(nfrontp); }); -+ DIAG(TD_REPORT | TD_PTYDATA, -+ output_data("td: ptyflush %d chars\r\n", n)); - DIAG(TD_PTYDATA, printdata("pd", pbackp, n)); - n = write(pty, pbackp, n); - } -@@ -251,11 +248,9 @@ - extern int not42; - - if ((n = nfrontp - nbackp) > 0) { -- DIAG(TD_REPORT, -- { sprintf(nfrontp, "td: netflush %d chars\r\n", n); -- n += strlen(nfrontp); /* get count first */ -- nfrontp += strlen(nfrontp); /* then move pointer */ -- }); -+ DIAG(TD_REPORT, { -+ n += output_data("td: netflush %d chars\r\n", n); -+ }); - #ifdef ENCRYPTION - if (encrypt_output) { - char *s = nclearto ? nclearto : nbackp; -@@ -314,33 +309,6 @@ - - - /* -- * writenet -- * -- * Just a handy little function to write a bit of raw data to the net. -- * It will force a transmit of the buffer if necessary -- * -- * arguments -- * ptr - A pointer to a character string to write -- * len - How many bytes to write -- */ -- void --writenet(ptr, len) -- register unsigned char *ptr; -- register int len; --{ -- /* flush buffer if no room for new data) */ -- if ((&netobuf[BUFSIZ] - nfrontp) < len) { -- /* if this fails, don't worry, buffer is a little big */ +- size_t remain; ++ int remaining, copied; ++ ++ remaining = BUFSIZ - (nfrontp - netobuf); ++ while (len > 0) { ++ /* Free up enough space if the room is too low*/ ++ if ((len > BUFSIZ ? BUFSIZ : len) > remaining) { ++ netflush(); ++ remaining = BUFSIZ - (nfrontp - netobuf); ++ } + +- remain = sizeof(netobuf) - (nfrontp - netobuf); +- if (remain < len) { - netflush(); -- } -- -- memcpy(nfrontp, ptr, len); -- nfrontp += len; -- --} /* end of writenet */ -- -- --/* - * miscellaneous functions doing a variety of little jobs follow ... - */ - -@@ -528,12 +496,11 @@ - register int option; - { - if (TELOPT_OK(option)) -- sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option)); -+ output_data("%s %s\r\n", fmt, TELOPT(option)); - else if (TELCMD_OK(option)) -- sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option)); -+ output_data("%s %s\r\n", fmt, TELCMD(option)); - else -- sprintf(nfrontp, "%s %d\r\n", fmt, option); -- nfrontp += strlen(nfrontp); -+ output_data("%s %d\r\n", fmt, option); - return; - } - -@@ -550,9 +517,8 @@ - return; - - if (direction) { -- sprintf(nfrontp, "td: %s suboption ", -+ output_data("td: %s suboption ", - direction == '<' ? "recv" : "send"); -- nfrontp += strlen(nfrontp); - if (length >= 3) { - register int j; - -@@ -560,232 +526,192 @@ - j = pointer[length-1]; - - if (i != IAC || j != SE) { -- sprintf(nfrontp, "(terminated by "); -- nfrontp += strlen(nfrontp); -+ output_data("(terminated by "); - if (TELOPT_OK(i)) -- sprintf(nfrontp, "%s ", TELOPT(i)); -+ output_data("%s ", TELOPT(i)); - else if (TELCMD_OK(i)) -- sprintf(nfrontp, "%s ", TELCMD(i)); -+ output_data("%s ", TELCMD(i)); - else -- sprintf(nfrontp, "%d ", i); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", i); - if (TELOPT_OK(j)) -- sprintf(nfrontp, "%s", TELOPT(j)); -+ output_data("%s", TELOPT(j)); - else if (TELCMD_OK(j)) -- sprintf(nfrontp, "%s", TELCMD(j)); -+ output_data("%s", TELCMD(j)); - else -- sprintf(nfrontp, "%d", j); -- nfrontp += strlen(nfrontp); -- sprintf(nfrontp, ", not IAC SE!) "); -- nfrontp += strlen(nfrontp); -+ output_data("%d", j); -+ output_data(", not IAC SE!) "); - } - } - length -= 2; - } - if (length < 1) { -- sprintf(nfrontp, "(Empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(Empty suboption??\?)"); - return; +- remain = sizeof(netobuf) - (nfrontp - netobuf); ++ /* Copy out as much as will fit */ ++ copied = remaining > len ? len : remaining; ++ memmove(nfrontp, buf, copied); ++ nfrontp += copied; ++ len -= copied; ++ remaining -= copied; ++ buf += copied; } - switch (pointer[0]) { - case TELOPT_TTYPE: -- sprintf(nfrontp, "TERMINAL-TYPE "); -- nfrontp += strlen(nfrontp); -+ output_data("TERMINAL-TYPE "); - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2); -+ output_data("IS \"%.*s\"", length-2, (char *)pointer+2); - break; - case TELQUAL_SEND: -- sprintf(nfrontp, "SEND"); -+ output_data("SEND"); - break; - default: -- sprintf(nfrontp, -+ output_data( - "- unknown qualifier %d (0x%x).", - pointer[1], pointer[1]); - } -- nfrontp += strlen(nfrontp); - break; - case TELOPT_TSPEED: -- sprintf(nfrontp, "TERMINAL-SPEED"); -- nfrontp += strlen(nfrontp); -+ output_data("TERMINAL-SPEED"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2); -- nfrontp += strlen(nfrontp); -+ output_data(" IS %.*s", length-2, (char *)pointer+2); - break; - default: - if (pointer[1] == 1) -- sprintf(nfrontp, " SEND"); -+ output_data(" SEND"); - else -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[1]); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - } - break; - - case TELOPT_LFLOW: -- sprintf(nfrontp, "TOGGLE-FLOW-CONTROL"); -- nfrontp += strlen(nfrontp); -+ output_data("TOGGLE-FLOW-CONTROL"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case LFLOW_OFF: -- sprintf(nfrontp, " OFF"); break; -+ output_data(" OFF"); break; - case LFLOW_ON: -- sprintf(nfrontp, " ON"); break; -+ output_data(" ON"); break; - case LFLOW_RESTART_ANY: -- sprintf(nfrontp, " RESTART-ANY"); break; -+ output_data(" RESTART-ANY"); break; - case LFLOW_RESTART_XON: -- sprintf(nfrontp, " RESTART-XON"); break; -+ output_data(" RESTART-XON"); break; - default: -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -+ output_data(" %d (unknown)", pointer[1]); - } -- nfrontp += strlen(nfrontp); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - - case TELOPT_NAWS: -- sprintf(nfrontp, "NAWS"); -- nfrontp += strlen(nfrontp); -+ output_data("NAWS"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - if (length == 2) { -- sprintf(nfrontp, " ?%d?", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[1]); - break; - } -- sprintf(nfrontp, " %d %d (%d)", -+ output_data(" %d %d (%d)", - pointer[1], pointer[2], - (int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2]))); -- nfrontp += strlen(nfrontp); - if (length == 4) { -- sprintf(nfrontp, " ?%d?", pointer[3]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[3]); - break; - } -- sprintf(nfrontp, " %d %d (%d)", -+ output_data(" %d %d (%d)", - pointer[3], pointer[4], - (int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4]))); -- nfrontp += strlen(nfrontp); - for (i = 5; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - - case TELOPT_LINEMODE: -- sprintf(nfrontp, "LINEMODE "); -- nfrontp += strlen(nfrontp); -+ output_data("LINEMODE "); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case WILL: -- sprintf(nfrontp, "WILL "); -+ output_data("WILL "); - goto common; - case WONT: -- sprintf(nfrontp, "WONT "); -+ output_data("WONT "); - goto common; - case DO: -- sprintf(nfrontp, "DO "); -+ output_data("DO "); - goto common; - case DONT: -- sprintf(nfrontp, "DONT "); -+ output_data("DONT "); - common: -- nfrontp += strlen(nfrontp); - if (length < 3) { -- sprintf(nfrontp, "(no option??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(no option??\?)"); - break; - } - switch (pointer[2]) { - case LM_FORWARDMASK: -- sprintf(nfrontp, "Forward Mask"); -- nfrontp += strlen(nfrontp); -+ output_data("Forward Mask"); - for (i = 3; i < length; i++) { -- sprintf(nfrontp, " %x", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %x", pointer[i]); - } - break; - default: -- sprintf(nfrontp, "%d (unknown)", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data("%d (unknown)", pointer[2]); - for (i = 3; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - } - break; - } - break; - - case LM_SLC: -- sprintf(nfrontp, "SLC"); -- nfrontp += strlen(nfrontp); -+ output_data("SLC"); - for (i = 2; i < length - 2; i += 3) { - if (SLC_NAME_OK(pointer[i+SLC_FUNC])) -- sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC])); -+ output_data(" %s", SLC_NAME(pointer[i+SLC_FUNC])); - else -- sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i+SLC_FUNC]); - switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) { - case SLC_NOSUPPORT: -- sprintf(nfrontp, " NOSUPPORT"); break; -+ output_data(" NOSUPPORT"); break; - case SLC_CANTCHANGE: -- sprintf(nfrontp, " CANTCHANGE"); break; -+ output_data(" CANTCHANGE"); break; - case SLC_VARIABLE: -- sprintf(nfrontp, " VARIABLE"); break; -+ output_data(" VARIABLE"); break; - case SLC_DEFAULT: -- sprintf(nfrontp, " DEFAULT"); break; -+ output_data(" DEFAULT"); break; - } -- nfrontp += strlen(nfrontp); -- sprintf(nfrontp, "%s%s%s", -+ output_data("%s%s%s", - pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "", - pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "", - pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : ""); -- nfrontp += strlen(nfrontp); - if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN| - SLC_FLUSHOUT| SLC_LEVELBITS)) { -- sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]); -- nfrontp += strlen(nfrontp); -+ output_data("(0x%x)", pointer[i+SLC_FLAGS]); - } -- sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d;", pointer[i+SLC_VALUE]); - if ((pointer[i+SLC_VALUE] == IAC) && - (pointer[i+SLC_VALUE+1] == IAC)) - i++; - } - for (; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - - case LM_MODE: -- sprintf(nfrontp, "MODE "); -- nfrontp += strlen(nfrontp); -+ output_data("MODE "); - if (length < 3) { -- sprintf(nfrontp, "(no mode??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(no mode??\?)"); - break; - } - { -@@ -796,24 +722,19 @@ - pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "", - pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "", - pointer[2]&MODE_ACK ? "|ACK" : ""); -- sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0"); -- nfrontp += strlen(nfrontp); -+ output_data("%s", tbuf[1] ? &tbuf[1] : "0"); - } - if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) { -- sprintf(nfrontp, " (0x%x)", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data(" (0x%x)", pointer[2]); - } - for (i = 3; i < length; i++) { -- sprintf(nfrontp, " ?0x%x?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?0x%x?", pointer[i]); - } - break; - default: -- sprintf(nfrontp, "%d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data("%d (unknown)", pointer[1]); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - } - } - break; -@@ -822,24 +743,20 @@ - register char *cp; - register int j, k; - -- sprintf(nfrontp, "STATUS"); -- nfrontp += strlen(nfrontp); -+ output_data("STATUS"); - - switch (pointer[1]) { - default: - if (pointer[1] == TELQUAL_SEND) -- sprintf(nfrontp, " SEND"); -+ output_data(" SEND"); - else -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[1]); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - case TELQUAL_IS: -- sprintf(nfrontp, " IS\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data(" IS\r\n"); - - for (i = 2; i < length; i++) { - switch(pointer[i]) { -@@ -850,18 +767,15 @@ - common2: - i++; - if (TELOPT_OK(pointer[i])) -- sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i])); -+ output_data(" %s %s", cp, TELOPT(pointer[i])); - else -- sprintf(nfrontp, " %s %d", cp, pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %s %d", cp, pointer[i]); - -- sprintf(nfrontp, "\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data("\r\n"); - break; - - case SB: -- sprintf(nfrontp, " SB "); -- nfrontp += strlen(nfrontp); -+ output_data(" SB "); - i++; - j = k = i; - while (j < length) { -@@ -877,20 +791,17 @@ - } - printsub(0, &pointer[i], k - i); - if (i < length) { -- sprintf(nfrontp, " SE"); -- nfrontp += strlen(nfrontp); -+ output_data(" SE"); - i = j; - } else - i = j - 1; - -- sprintf(nfrontp, "\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data("\r\n"); - - break; - - default: -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - break; - } - } -@@ -900,86 +811,77 @@ - } - - case TELOPT_XDISPLOC: -- sprintf(nfrontp, "X-DISPLAY-LOCATION "); -- nfrontp += strlen(nfrontp); -+ output_data("X-DISPLAY-LOCATION "); - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2); -+ output_data("IS \"%.*s\"", length-2, (char *)pointer+2); - break; - case TELQUAL_SEND: -- sprintf(nfrontp, "SEND"); -+ output_data("SEND"); - break; - default: -- sprintf(nfrontp, "- unknown qualifier %d (0x%x).", -+ output_data("- unknown qualifier %d (0x%x).", - pointer[1], pointer[1]); - } -- nfrontp += strlen(nfrontp); - break; - - case TELOPT_NEW_ENVIRON: -- sprintf(nfrontp, "NEW-ENVIRON "); -+ output_data("NEW-ENVIRON "); - goto env_common1; - case TELOPT_OLD_ENVIRON: -- sprintf(nfrontp, "OLD-ENVIRON"); -+ output_data("OLD-ENVIRON"); - env_common1: -- nfrontp += strlen(nfrontp); - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, "IS "); -+ output_data("IS "); - goto env_common; - case TELQUAL_SEND: -- sprintf(nfrontp, "SEND "); -+ output_data("SEND "); - goto env_common; - case TELQUAL_INFO: -- sprintf(nfrontp, "INFO "); -+ output_data("INFO "); - env_common: -- nfrontp += strlen(nfrontp); - { - register int noquote = 2; - for (i = 2; i < length; i++ ) { - switch (pointer[i]) { - case NEW_ENV_VAR: -- sprintf(nfrontp, "\" VAR " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" VAR " + noquote); - noquote = 2; - break; - - case NEW_ENV_VALUE: -- sprintf(nfrontp, "\" VALUE " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" VALUE " + noquote); - noquote = 2; - break; - - case ENV_ESC: -- sprintf(nfrontp, "\" ESC " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" ESC " + noquote); - noquote = 2; - break; - - case ENV_USERVAR: -- sprintf(nfrontp, "\" USERVAR " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" USERVAR " + noquote); - noquote = 2; - break; - - default: - if (isprint(pointer[i]) && pointer[i] != '"') { - if (noquote) { -- *nfrontp++ = '"'; -+ output_data("\""); - noquote = 0; - } -- *nfrontp++ = pointer[i]; -+ output_data("%c", pointer[i]); - } else { -- sprintf(nfrontp, "\" %03o " + noquote, -+ output_data("\" %03o " + noquote, - pointer[i]); -- nfrontp += strlen(nfrontp); - noquote = 2; - } - break; - } - } - if (!noquote) -- *nfrontp++ = '"'; -+ output_data("\""); - break; - } - } -@@ -987,90 +889,69 @@ - - #if defined(AUTHENTICATION) - case TELOPT_AUTHENTICATION: -- sprintf(nfrontp, "AUTHENTICATION"); -- nfrontp += strlen(nfrontp); -+ output_data("AUTHENTICATION"); - - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case TELQUAL_REPLY: - case TELQUAL_IS: -- sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ? -+ output_data(" %s ", (pointer[1] == TELQUAL_IS) ? - "IS" : "REPLY"); -- nfrontp += strlen(nfrontp); - if (AUTHTYPE_NAME_OK(pointer[2])) -- sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2])); -+ output_data("%s ", AUTHTYPE_NAME(pointer[2])); - else -- sprintf(nfrontp, "%d ", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", pointer[2]); - if (length < 3) { -- sprintf(nfrontp, "(partial suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(partial suboption??\?)"); - break; - } -- sprintf(nfrontp, "%s|%s%s", -+ output_data("%s|%s", - ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? - "CLIENT" : "SERVER", - ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? - "MUTUAL" : "ONE-WAY", - ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ? - "|ENCRYPT" : ""); -- nfrontp += strlen(nfrontp); - - auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); -- sprintf(nfrontp, "%s", buf); -- nfrontp += strlen(nfrontp); -+ output_data("%s", buf); - break; - - case TELQUAL_SEND: - i = 2; -- sprintf(nfrontp, " SEND "); -- nfrontp += strlen(nfrontp); -+ output_data(" SEND "); - while (i < length) { - if (AUTHTYPE_NAME_OK(pointer[i])) -- sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i])); -+ output_data("%s ", AUTHTYPE_NAME(pointer[i])); - else -- sprintf(nfrontp, "%d ", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", pointer[i]); - if (++i >= length) { -- sprintf(nfrontp, "(partial suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(partial suboption??\?)"); - break; - } -- sprintf(nfrontp, "%s|%s%s ", -+ output_data( "%s|%s%s ", - ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? - "CLIENT" : "SERVER", - ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? - "MUTUAL" : "ONE-WAY", - ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ? - "|ENCRYPT" : ""); -- nfrontp += strlen(nfrontp); - ++i; - } - break; - - case TELQUAL_NAME: -- i = 2; -- sprintf(nfrontp, " NAME \""); -- nfrontp += strlen(nfrontp); -- while (i < length) { -- if (isprint(pointer[i])) -- *nfrontp++ = pointer[i++]; -- else { -- sprintf(nfrontp, "\"%03o",pointer[i++]); -- nfrontp += strlen(nfrontp); -- } -- } -- *nfrontp++ = '"'; -+ output_data(" NAME \"%.*s\"", -+ length - 2, -+ pointer + 2); - break; - - default: - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - } -@@ -1079,86 +960,70 @@ - - #ifdef ENCRYPTION - case TELOPT_ENCRYPT: -- sprintf(nfrontp, "ENCRYPT"); -- nfrontp += strlen(nfrontp); -+ output_data("ENCRYPT"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case ENCRYPT_START: -- sprintf(nfrontp, " START"); -- nfrontp += strlen(nfrontp); -+ output_data(" START"); - break; - - case ENCRYPT_END: -- sprintf(nfrontp, " END"); -- nfrontp += strlen(nfrontp); -+ output_data(" END"); - break; - - case ENCRYPT_REQSTART: -- sprintf(nfrontp, " REQUEST-START"); -- nfrontp += strlen(nfrontp); -+ output_data(" REQUEST-START"); - break; - - case ENCRYPT_REQEND: -- sprintf(nfrontp, " REQUEST-END"); -- nfrontp += strlen(nfrontp); -+ output_data(" REQUEST-END"); - break; - - case ENCRYPT_IS: - case ENCRYPT_REPLY: -- sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ? -+ output_data(" %s ", (pointer[1] == ENCRYPT_IS) ? - "IS" : "REPLY"); -- nfrontp += strlen(nfrontp); - if (length < 3) { -- sprintf(nfrontp, " (partial suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (partial suboption??\?)"); - break; - } - if (ENCTYPE_NAME_OK(pointer[2])) -- sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2])); -+ output_data("%s ", ENCTYPE_NAME(pointer[2])); - else -- sprintf(nfrontp, " %d (unknown)", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[2]); - - encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf)); -- sprintf(nfrontp, "%s", buf); -- nfrontp += strlen(nfrontp); -+ output_data("%s", buf); - break; - - case ENCRYPT_SUPPORT: - i = 2; -- sprintf(nfrontp, " SUPPORT "); -- nfrontp += strlen(nfrontp); -+ output_data(" SUPPORT "); - while (i < length) { - if (ENCTYPE_NAME_OK(pointer[i])) -- sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i])); -+ output_data("%s ", ENCTYPE_NAME(pointer[i])); - else -- sprintf(nfrontp, "%d ", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", pointer[i]); - i++; - } - break; - - case ENCRYPT_ENC_KEYID: -- sprintf(nfrontp, " ENC_KEYID", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" ENC_KEYID"); - goto encommon; - - case ENCRYPT_DEC_KEYID: -- sprintf(nfrontp, " DEC_KEYID", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" DEC_KEYID"); - goto encommon; - - default: -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[1]); - encommon: - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - } - break; - } -@@ -1167,18 +1032,15 @@ - - default: - if (TELOPT_OK(pointer[0])) -- sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0])); -+ output_data( "%s (unknown)", TELOPT(pointer[0])); - else -- sprintf(nfrontp, "%d (unknown)", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data( "%d (unknown)", pointer[i]); - for (i = 1; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data( " %d", pointer[i]); - } - break; - } -- sprintf(nfrontp, "\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data( "\r\n"); +- if (remain < len) +- return 0; +- memcpy(nfrontp, buf, len); +- nfrontp += len; +- return len; ++ return copied; } /* -@@ -1200,26 +1062,22 @@ - } - - /* add a line of output */ -- sprintf(nfrontp, "%s: ", tag); -- nfrontp += strlen(nfrontp); -+ output_data("%s: ", tag); - for (i = 0; i < 20 && cnt; i++) { -- sprintf(nfrontp, "%02x", *ptr); -- nfrontp += strlen(nfrontp); -+ output_data("%02x", *ptr); - if (isprint(*ptr)) { - xbuf[i] = *ptr; - } else { - xbuf[i] = '.'; - } - if (i % 2) { -- *nfrontp = ' '; -- nfrontp++; -+ output_data(" "); - } - cnt--; - ptr++; - } - xbuf[i] = '\0'; -- sprintf(nfrontp, " %s\r\n", xbuf ); -- nfrontp += strlen(nfrontp); -+ output_data(" %s\r\n", xbuf ); - } - } - #endif /* DIAGNOSTICS */ diff --git a/security/krb5-17/files/patch-ay b/security/krb5-17/files/patch-ay index 4ed0c9e..54c041e 100644 --- a/security/krb5-17/files/patch-ay +++ b/security/krb5-17/files/patch-ay @@ -1,6 +1,6 @@ ---- util/pty/getpty.c.orig Fri Feb 6 19:46:42 1998 -+++ util/pty/getpty.c Mon Apr 5 14:00:07 1999 -@@ -21,13 +21,26 @@ +--- util/pty/getpty.c.orig Wed Jan 9 14:28:37 2002 ++++ util/pty/getpty.c Thu Jan 10 21:30:40 2002 +@@ -24,13 +24,26 @@ #include "libpty.h" #include "pty-int.h" @@ -17,19 +17,19 @@ +#define PTYCHARS2 "0123456789abcdef" +#endif + - long pty_getpty (fd, slave, slavelength) - int slavelength; - int *fd; char *slave; + long + ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) { -- char *cp; ++ int ptynum; + char *cp1, *cp2; + #if !defined(HAVE__GETPTY) && !defined(HAVE_OPENPTY) +- char *cp; char *p; - int i,ptynum; -+ int ptynum; struct stat stb; char slavebuf[1024]; - #ifdef HAVE__GETPTY -@@ -109,14 +122,14 @@ + #endif +@@ -115,14 +128,14 @@ strncpy(slave, slavebuf, slavelength); return 0; } else { diff --git a/security/krb5-17/files/patch-bd b/security/krb5-17/files/patch-bd deleted file mode 100644 index b2bf412..0000000 --- a/security/krb5-17/files/patch-bd +++ /dev/null @@ -1,19 +0,0 @@ ---- appl/gssftp/ftpd/ftpcmd.y.ORIG Wed Feb 28 16:06:45 2001 -+++ appl/gssftp/ftpd/ftpcmd.y Fri Apr 27 10:18:01 2001 -@@ -805,11 +805,13 @@ - * This is a valid reply in some cases but not in others. - */ - if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) { -- *(char **)&($$) = *ftpglob((char *) $1); -- if (globerr != NULL) { -+ char **vv; -+ vv = ftpglob((char *) $1); -+ if (vv == NULL || globerr != NULL) { - reply(550, globerr); - $$ = NULL; -- } -+ } else -+ $$ = *vv; - free((char *) $1); - } else - $$ = $1; diff --git a/security/krb5-17/pkg-plist b/security/krb5-17/pkg-plist index 5170610..01977cd 100644 --- a/security/krb5-17/pkg-plist +++ b/security/krb5-17/pkg-plist @@ -63,10 +63,10 @@ lib/libk5crypto.so lib/libk5crypto.so.3 lib/libkadm5clnt.a lib/libkadm5clnt.so -lib/libkadm5clnt.so.4 +lib/libkadm5clnt.so.5 lib/libkadm5srv.a lib/libkadm5srv.so -lib/libkadm5srv.so.4 +lib/libkadm5srv.so.5 lib/libkdb5.a lib/libkdb5.so lib/libkdb5.so.3 diff --git a/security/krb5-appl/Makefile b/security/krb5-appl/Makefile index 3a0bf18..e9c8235 100644 --- a/security/krb5-appl/Makefile +++ b/security/krb5-appl/Makefile @@ -6,8 +6,7 @@ # PORTNAME= krb5 -PORTVERSION= 1.2.2 -PORTREVISION= 5 +PORTVERSION= 1.2.3 CATEGORIES= security MASTER_SITES= # manual download diff --git a/security/krb5-appl/distinfo b/security/krb5-appl/distinfo index e8159e5..3af0278 100644 --- a/security/krb5-appl/distinfo +++ b/security/krb5-appl/distinfo @@ -1 +1 @@ -MD5 (krb5-1.2.2.tar.gz) = 57d1bf3a3c68ee8af64e31a46799551c +MD5 (krb5-1.2.3.tar.gz) = 1e93aed5e6ae13eb4b5b5278b1a6ab46 diff --git a/security/krb5-appl/files/patch-ai b/security/krb5-appl/files/patch-ai index 634db6c..f5b7331 100644 --- a/security/krb5-appl/files/patch-ai +++ b/security/krb5-appl/files/patch-ai @@ -1,6 +1,6 @@ ---- appl/gssftp/ftpd/ftpd.c.orig Wed Feb 28 16:06:45 2001 -+++ appl/gssftp/ftpd/ftpd.c Fri Apr 27 10:18:01 2001 -@@ -485,7 +485,13 @@ +--- appl/gssftp/ftpd/ftpd.c.orig Wed Jan 9 14:26:51 2002 ++++ appl/gssftp/ftpd/ftpd.c Thu Jan 10 19:00:13 2002 +@@ -487,7 +487,13 @@ #ifndef LOG_DAEMON #define LOG_DAEMON 0 #endif @@ -15,273 +15,14 @@ addrlen = sizeof (his_addr); if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { -@@ -761,7 +767,16 @@ - int result; - #ifdef GSSAPI - if (auth_type && strcmp(auth_type, "GSSAPI") == 0) { -+ int len; - authorized = ftpd_gss_userok(&client_name, name) == 0; -+ len = sizeof("GSSAPI user is not authorized as " -+ "; Password required.") -+ + strlen(client_name.value) -+ + strlen(name); -+ if (len >= sizeof(buf)) { -+ syslog(LOG_ERR, "user: username too long"); -+ name = "[username too long]"; -+ } - sprintf(buf, "GSSAPI user %s is%s authorized as %s", - client_name.value, authorized ? "" : " not", - name); -@@ -772,7 +787,18 @@ - #endif /* GSSAPI */ - #ifdef KRB5_KRB4_COMPAT - if (auth_type && strcmp(auth_type, "KERBEROS_V4") == 0) { -+ int len; - authorized = kuserok(&kdata,name) == 0; -+ len = sizeof("Kerberos user .@ is not authorized as " -+ "; Password required.") -+ + strlen(kdata.pname) -+ + strlen(kdata.pinst) -+ + strlen(kdata.prealm) -+ + strlen(name); -+ if (len >= sizeof(buf)) { -+ syslog(LOG_ERR, "user: username too long"); -+ name = "[username too long]"; -+ } - sprintf(buf, "Kerberos user %s%s%s@%s is%s authorized as %s", - kdata.pname, *kdata.pinst ? "." : "", - kdata.pinst, kdata.prealm, -@@ -1179,6 +1205,11 @@ - } else { - char line[FTP_BUFSIZ]; - -+ if (strlen(cmd) + strlen(name) + 1 >= sizeof(line)) { -+ syslog(LOG_ERR, "retrieve: filename too long"); -+ reply(501, "filename too long"); -+ return; -+ } - (void) sprintf(line, cmd, name), name = line; - fin = ftpd_popen(line, "r"), closefunc = ftpd_pclose; - st.st_size = -1; -@@ -1417,6 +1448,10 @@ - return (file); - } - -+/* -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ -+ */ - #ifdef STDARG - secure_error(char *fmt, ...) - #else -@@ -1616,13 +1651,19 @@ - { - char line[FTP_BUFSIZ]; - FILE *fin; -- int c; -+ int c, n; - char str[FTP_BUFSIZ], *p; - -+ if (strlen(filename) + sizeof("/bin/ls -lgA ") -+ >= sizeof(line)) { -+ reply(501, "filename too long"); -+ return; -+ } - (void) sprintf(line, "/bin/ls -lgA %s", filename); - fin = ftpd_popen(line, "r"); - lreply(211, "status of %s:", filename); - p = str; -+ n = 0; - while ((c = getc(fin)) != EOF) { - if (c == '\n') { - if (ferror(stdout)){ -@@ -1639,7 +1680,16 @@ - *p = '\0'; - reply(0, "%s", str); - p = str; -- } else *p++ = c; -+ n = 0; -+ } else { -+ *p++ = c; -+ n++; -+ if (n >= sizeof(str)) { -+ reply(551, "output line too long"); -+ (void) ftpd_pclose(fin); -+ return; -+ } -+ } - } - if (p != str) { - *p = '\0'; -@@ -1723,6 +1773,10 @@ - - char cont_char = ' '; - -+/* -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ bytes for now. -+ */ - #ifdef STDARG - reply(int n, char *fmt, ...) - #else -@@ -1744,22 +1798,32 @@ - #endif - - if (auth_type) { -- char in[FTP_BUFSIZ], out[FTP_BUFSIZ]; -+ /* -+ * Deal with expansion in mk_{safe,priv}, -+ * radix_encode, gss_seal, plus slop. -+ */ -+ char in[FTP_BUFSIZ*3/2], out[FTP_BUFSIZ*3/2]; - int length, kerror; - if (n) sprintf(in, "%d%c", n, cont_char); - else in[0] = '\0'; - strncat(in, buf, sizeof (in) - strlen(in) - 1); - #ifdef KRB5_KRB4_COMPAT - if (strcmp(auth_type, "KERBEROS_V4") == 0) { -- if ((length = clevel == PROT_P ? -- krb_mk_priv((unsigned char *)in, -- (unsigned char *)out, -- strlen(in), schedule, &kdata.session, -- &ctrl_addr, &his_addr) -- : krb_mk_safe((unsigned char *)in, -- (unsigned char *)out, -- strlen(in), &kdata.session, -- &ctrl_addr, &his_addr)) == -1) { -+ if (clevel == PROT_P) -+ length = krb_mk_priv((unsigned char *)in, -+ (unsigned char *)out, -+ strlen(in), -+ schedule, &kdata.session, -+ &ctrl_addr, -+ &his_addr); -+ else -+ length = krb_mk_safe((unsigned char *)in, -+ (unsigned char *)out, -+ strlen(in), -+ &kdata.session, -+ &ctrl_addr, -+ &his_addr); -+ if (length == -1) { - syslog(LOG_ERR, - "krb_mk_%s failed for KERBEROS_V4", - clevel == PROT_P ? "priv" : "safe"); -@@ -1803,13 +1867,16 @@ - } - #endif /* GSSAPI */ - /* Other auth types go here ... */ -- if (kerror = radix_encode(out, in, &length, 0)) { -+ if (length >= sizeof(in) / 4 * 3) { -+ syslog(LOG_ERR, "input to radix_encode too long"); -+ fputs(in, stdout); -+ } else if (kerror = radix_encode(out, in, &length, 0)) { - syslog(LOG_ERR, "Couldn't encode reply (%s)", - radix_error(kerror)); - fputs(in,stdout); - } else -- printf("%s%c%s", clevel == PROT_P ? "632" : "631", -- n ? cont_char : '-', in); -+ printf("%s%c%s", clevel == PROT_P ? "632" : "631", -+ n ? cont_char : '-', in); - } else { - if (n) printf("%d%c", n, cont_char); - fputs(buf, stdout); -@@ -1822,6 +1889,10 @@ - } - } - -+/* -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ -+ */ - #ifdef STDARG - lreply(int n, char *fmt, ...) - #else -@@ -1866,7 +1937,8 @@ - - if (cp = strchr(cbuf,'\n')) - *cp = '\0'; -- reply(500, "'%s': command not understood.", cbuf); -+ reply(500, "'%.*s': command not understood.", -+ FTP_BUFSIZ - sizeof("'': command not understood."), cbuf); - } - - delete_file(name) -@@ -2143,7 +2215,21 @@ - int code; - char *string; - { -- reply(code, "%s: %s.", string, strerror(errno)); -+ char *err_string; -+ size_t extra_len; -+ err_string = strerror(errno); -+ if (err_string == NULL) -+ err_string = "(unknown error)"; -+ extra_len = strlen(err_string) + sizeof("(truncated): ."); -+ /* -+ * XXX knows about FTP_BUFSIZ in reply() -+ */ -+ if (strlen(string) + extra_len > FTP_BUFSIZ) { -+ reply(code, "(truncated)%.*s: %s.", -+ FTP_BUFSIZ - extra_len, string, err_string); -+ } else { -+ reply(code, "%s: %s.", string, err_string); -+ } - } - - auth(type) -@@ -2226,6 +2312,10 @@ +@@ -2312,6 +2318,10 @@ + if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum), + &kdata.session,&ctrl_addr, &his_addr)) == -1) { secure_error("ADAT: krb_mk_safe failed"); - return(0); - } -+ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { -+ secure_error("ADAT: reply too long"); + return(0); + } - if (kerror = radix_encode(out_buf, buf, &length, 0)) { - secure_error("Couldn't encode ADAT reply (%s)", - radix_error(kerror)); -@@ -2360,6 +2450,16 @@ ++ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { ++ secure_error("ADAT: reply too long"); + return(0); } - - if (out_tok.length) { -+ if (out_tok.length >= ((FTP_BUFSIZ - sizeof("ADAT=")) -+ / 4 * 3)) { -+ secure_error("ADAT: reply too long"); -+ syslog(LOG_ERR, "ADAT: reply too long"); -+ (void) gss_release_cred(&stat_min, &server_creds); -+ if (ret_flags & GSS_C_DELEG_FLAG) -+ (void) gss_release_cred(&stat_min, -+ &deleg_creds); -+ return(0); -+ } - if (kerror = radix_encode(out_tok.value, gbuf, &out_tok.length, 0)) { - secure_error("Couldn't encode ADAT reply (%s)", - radix_error(kerror)); -@@ -2458,6 +2558,9 @@ - * n>=0 on success - * -1 on error - * -2 on security error -+ * -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ - */ - #ifdef STDARG - secure_fprintf(FILE *stream, char *fmt, ...) -@@ -2575,6 +2678,15 @@ - dir->d_name[2] == '\0') - continue; - -+ if (strlen(dirname) + strlen(dir->d_name) -+ + 1 /* slash */ -+ + 2 /* CRLF */ -+ + 1 > sizeof(nbuf)) { -+ syslog(LOG_ERR, -+ "send_file_list: pathname too long"); -+ ret = -2; /* XXX */ -+ goto data_err; -+ } - sprintf(nbuf, "%s/%s", dirname, dir->d_name); - - /* + if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::authenc.c b/security/krb5-appl/files/patch-appl::telnet::telnetd::authenc.c deleted file mode 100644 index 9a19ab9..0000000 --- a/security/krb5-appl/files/patch-appl::telnet::telnetd::authenc.c +++ /dev/null @@ -1,12 +0,0 @@ ---- appl/telnet/telnetd/authenc.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/authenc.c Thu Jul 19 19:14:29 2001 -@@ -43,8 +43,7 @@ - int len; - { - if (nfrontp + len < netobuf + BUFSIZ) { -- memcpy((void *)nfrontp, (void *)str, len); -- nfrontp += len; -+ output_datalen(str, len); - return(len); - } - return(0); diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::ext.h b/security/krb5-appl/files/patch-appl::telnet::telnetd::ext.h deleted file mode 100644 index 38fd6ac..0000000 --- a/security/krb5-appl/files/patch-appl::telnet::telnetd::ext.h +++ /dev/null @@ -1,24 +0,0 @@ ---- appl/telnet/telnetd/ext.h.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/ext.h Mon Jul 23 16:44:35 2001 -@@ -75,7 +75,7 @@ - - extern char netibuf[BUFSIZ], *netip; - --extern char netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp; -+extern char netobuf[BUFSIZ], *nfrontp, *nbackp; - extern char *neturg; /* one past last bye of urgent data */ - - extern int pcc, ncc; -@@ -187,8 +187,10 @@ - tty_setsofttab P((int)), - tty_tspeed P((int)), - willoption P((int)), -- wontoption P((int)), -- writenet P((unsigned char *, int)); -+ wontoption P((int)); -+ -+extern int output_data __P((const char *, ...)) __printflike(1, 2); -+extern int output_datalen __P((const char *, size_t)); - - #ifdef ENCRYPTION - extern char *nclearto; diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::slc.c b/security/krb5-appl/files/patch-appl::telnet::telnetd::slc.c deleted file mode 100644 index f4e7d41..0000000 --- a/security/krb5-appl/files/patch-appl::telnet::telnetd::slc.c +++ /dev/null @@ -1,11 +0,0 @@ ---- appl/telnet/telnetd/slc.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/slc.c Mon Jul 23 16:45:51 2001 -@@ -198,7 +198,7 @@ - (void) sprintf((char *)slcptr, "%c%c", IAC, SE); - slcptr += 2; - len = slcptr - slcbuf; -- writenet(slcbuf, len); -+ output_datalen(slcbuf, len); - netflush(); /* force it out immediately */ - DIAG(TD_OPTIONS, printsub('>', slcbuf+2, len-2);); - } diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::state.c b/security/krb5-appl/files/patch-appl::telnet::telnetd::state.c deleted file mode 100644 index baf2073..0000000 --- a/security/krb5-appl/files/patch-appl::telnet::telnetd::state.c +++ /dev/null @@ -1,134 +0,0 @@ ---- appl/telnet/telnetd/state.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/state.c Mon Jul 23 17:48:48 2001 -@@ -33,6 +33,7 @@ - - /* based on @(#)state.c 8.1 (Berkeley) 6/4/93 */ - -+#include <stdarg.h> - #include "telnetd.h" - #if defined(AUTHENTICATION) - #include <libtelnet/auth.h> -@@ -86,7 +87,7 @@ - if (!auth_negotiated) { - static char *error = - "An environment option was sent before authentication negotiation completed.\r\nThis may create a security hazard. Connection dropped.\r\n"; -- writenet(error, strlen(error)); -+ output_datalen(error, strlen(error)); - netflush(); - exit(1); - } -@@ -209,8 +210,7 @@ - } - - netclear(); /* clear buffer back */ -- *nfrontp++ = IAC; -- *nfrontp++ = DM; -+ output_data("%c%c", IAC, DM); - neturg = nfrontp-1; /* off by one XXX */ - DIAG(TD_OPTIONS, - printoption("td: send IAC", DM)); -@@ -463,8 +463,7 @@ - set_his_want_state_will(option); - do_dont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)doopt, option); -- nfrontp += sizeof (dont) - 2; -+ output_data((const char *)doopt, option); - - DIAG(TD_OPTIONS, printoption("td: send do", option)); - } -@@ -683,8 +682,7 @@ - set_his_want_state_wont(option); - do_dont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)dont, option); -- nfrontp += sizeof (doopt) - 2; -+ output_data((const char *)dont, option); - - DIAG(TD_OPTIONS, printoption("td: send dont", option)); - } -@@ -833,8 +831,7 @@ - set_my_want_state_will(option); - will_wont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)will, option); -- nfrontp += sizeof (doopt) - 2; -+ output_data((const char *)will, option); - - DIAG(TD_OPTIONS, printoption("td: send will", option)); - } -@@ -993,8 +990,7 @@ - set_my_want_state_wont(option); - will_wont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)wont, option); -- nfrontp += sizeof (wont) - 2; -+ output_data((const char *)wont, option); - - DIAG(TD_OPTIONS, printoption("td: send wont", option)); - } -@@ -1393,9 +1389,8 @@ - env_ovar_wrong: - env_ovar = OLD_ENV_VALUE; - env_ovalue = OLD_ENV_VAR; -- DIAG(TD_OPTIONS, {sprintf(nfrontp, -- "ENVIRON VALUE and VAR are reversed!\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_OPTIONS, -+ output_data("ENVIRON VALUE and VAR are reversed!\r\n")); - - } - } -@@ -1633,11 +1628,51 @@ - ADD(IAC); - ADD(SE); - -- writenet(statusbuf, ncp - statusbuf); -+ output_datalen(statusbuf, ncp - statusbuf); - netflush(); /* Send it on its way */ - - DIAG(TD_OPTIONS, - {printsub('>', statusbuf, ncp - statusbuf); netflush();}); -+} -+ -+/* -+ * This function appends data to nfrontp and advances nfrontp. -+ */ -+ -+int -+output_data(const char *format, ...) -+{ -+ va_list args; -+ size_t remaining, ret; -+ -+ va_start(args, format); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ /* try a netflush() if the room is too low */ -+ if (strlen(format) > remaining || BUFSIZ / 4 > remaining) { -+ netflush(); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ } -+ ret = vsnprintf(nfrontp, remaining, format, args); -+ nfrontp += ((ret < remaining - 1) ? ret : remaining - 1); -+ va_end(args); -+ return ret; -+} -+ -+int -+output_datalen(const char *buf, size_t len) -+{ -+ size_t remaining; -+ -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ if (remaining < len) { -+ netflush(); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ } -+ if (remaining < len) -+ return -1; -+ memmove(nfrontp, buf, len); -+ nfrontp += len; -+ return (len); - } - - static int envvarok(varp) diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.c b/security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.c deleted file mode 100644 index 9eef170..0000000 --- a/security/krb5-appl/files/patch-appl::telnet::telnetd::telnetd.c +++ /dev/null @@ -1,169 +0,0 @@ ---- appl/telnet/telnetd/telnetd.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/telnetd.c Mon Jul 23 17:27:05 2001 -@@ -693,7 +693,7 @@ - char *error_message = - "Encryption was not successfully negotiated. Goodbye.\r\n\r\n"; - -- writenet(error_message, strlen(error_message)); -+ output_datalen(error_message, strlen(error_message)); - netflush(); - exit(1); - } -@@ -782,9 +782,7 @@ - { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - if (his_state_is_will(TELOPT_XDISPLOC)) { -@@ -792,9 +790,7 @@ - { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - if (his_state_is_will(TELOPT_NEW_ENVIRON)) { -@@ -802,9 +798,7 @@ - { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - else if (his_state_is_will(TELOPT_OLD_ENVIRON)) { -@@ -812,17 +806,13 @@ - { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - if (his_state_is_will(TELOPT_TTYPE)) { - - if(nfrontp - netobuf + sizeof(ttytype_sbbuf) < sizeof(netobuf)) { -- memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf)); -- nfrontp += sizeof(ttytype_sbbuf); -- *nfrontp = '\0'; -+ output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf); - } - } - if (his_state_is_will(TELOPT_TSPEED)) { -@@ -902,9 +892,7 @@ - return; - settimer(baseline); - if(nfrontp - netobuf + sizeof(ttytype_sbbuf)) { -- memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf)); -- nfrontp += sizeof(ttytype_sbbuf); -- *nfrontp = '\0'; -+ output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf); - } - while (sequenceIs(ttypesubopt, baseline)) - ttloop(); -@@ -1177,9 +1165,7 @@ - * mode, which we do not want. - */ - if (his_want_state_is_will(TELOPT_ECHO)) { -- DIAG(TD_OPTIONS, -- {sprintf(nfrontp, "td: simulating recv\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_OPTIONS, output_data("td: simulating recv\r\n")); - willoption(TELOPT_ECHO); - } - -@@ -1308,9 +1294,7 @@ - localstat(); - #endif /* LINEMODE */ - -- DIAG(TD_REPORT, -- {sprintf(nfrontp, "td: Entering processing loop\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_REPORT, output_data("td: Entering processing loop\r\n")); - - #ifdef convex - startslave(host); -@@ -1435,8 +1419,7 @@ - netip = netibuf; - } - DIAG((TD_REPORT | TD_NETDATA), -- {sprintf(nfrontp, "td: netread %d chars\r\n", ncc); -- nfrontp += strlen(nfrontp);}); -+ output_data("td: netread %d chars\r\n", ncc)); - DIAG(TD_NETDATA, printdata("nd", netip, ncc)); - } - -@@ -1483,8 +1466,7 @@ - * royally if we send them urgent - * mode data. - */ -- *nfrontp++ = IAC; -- *nfrontp++ = DM; -+ output_data("%c%c", IAC, DM); - neturg = nfrontp-1; /* off by one XXX */ - #endif - } -@@ -1495,13 +1477,11 @@ - ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0; - if (newflow != flowmode) { - flowmode = newflow; -- (void) sprintf(nfrontp, -- "%c%c%c%c%c%c", -+ output_data("%c%c%c%c%c%c", - IAC, SB, TELOPT_LFLOW, - flowmode ? LFLOW_ON - : LFLOW_OFF, - IAC, SE); -- nfrontp += 6; - } - } - pcc--; -@@ -1524,19 +1504,19 @@ - break; - c = *ptyip++ & 0377, pcc--; - if (c == IAC) -- *nfrontp++ = c; -+ output_data("%c", c); - #if defined(CRAY2) && defined(UNICOS5) - else if (c == '\n' && - my_state_is_wont(TELOPT_BINARY) && newmap) -- *nfrontp++ = '\r'; -+ output_data("\r"); - #endif /* defined(CRAY2) && defined(UNICOS5) */ -- *nfrontp++ = c; -+ output_data("%c", c); - if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) { - if (pcc > 0 && ((*ptyip & 0377) == '\n')) { -- *nfrontp++ = *ptyip++ & 0377; -+ output_data("%c", *ptyip++ & 0377); - pcc--; - } else -- *nfrontp++ = '\0'; -+ output_data("%c", '\0'); - } - } - #if defined(CRAY2) && defined(UNICOS5) -@@ -1707,10 +1687,7 @@ - return; - } - #endif -- (void) strncpy(nfrontp, "\r\n[Yes]\r\n", -- sizeof(netobuf) - 1 - (nfrontp - netobuf)); -- nfrontp += 9; -- *nfrontp = '\0'; -+ output_data("\r\n[Yes]\r\n"); - } - - void diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::termstat.c b/security/krb5-appl/files/patch-appl::telnet::telnetd::termstat.c deleted file mode 100644 index 422f1c8..0000000 --- a/security/krb5-appl/files/patch-appl::telnet::telnetd::termstat.c +++ /dev/null @@ -1,74 +0,0 @@ ---- appl/telnet/telnetd/termstat.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/termstat.c Thu Jul 19 19:22:54 2001 -@@ -283,10 +283,9 @@ - # endif /* KLUDGELINEMODE */ - send_do(TELOPT_LINEMODE, 1); - /* send along edit modes */ -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB, -+ output_data("%c%c%c%c%c%c%c", IAC, SB, - TELOPT_LINEMODE, LM_MODE, useeditmode, - IAC, SE); -- nfrontp += 7; - editmode = useeditmode; - # ifdef KLUDGELINEMODE - } -@@ -312,10 +311,9 @@ - /* - * Send along appropriate edit mode mask. - */ -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB, -+ output_data("%c%c%c%c%c%c%c", IAC, SB, - TELOPT_LINEMODE, LM_MODE, useeditmode, - IAC, SE); -- nfrontp += 7; - editmode = useeditmode; - } - -@@ -359,20 +357,18 @@ - if (his_state_is_will(TELOPT_LFLOW)) { - if (tty_flowmode() != flowmode) { - flowmode = tty_flowmode(); -- (void) sprintf(nfrontp, "%c%c%c%c%c%c", -+ output_data("%c%c%c%c%c%c", - IAC, SB, TELOPT_LFLOW, - flowmode ? LFLOW_ON : LFLOW_OFF, - IAC, SE); -- nfrontp += 6; - } - if (tty_restartany() != restartany) { - restartany = tty_restartany(); -- (void) sprintf(nfrontp, "%c%c%c%c%c%c", -+ output_data("%c%c%c%c%c%c", - IAC, SB, TELOPT_LFLOW, - restartany ? LFLOW_RESTART_ANY - : LFLOW_RESTART_XON, - IAC, SE); -- nfrontp += 6; - } - } - } -@@ -445,10 +441,9 @@ - useeditmode |= MODE_SOFT_TAB; - if (tty_islitecho()) - useeditmode |= MODE_LIT_ECHO; -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, -+ output_data("%c%c%c%c%c%c%c", IAC, - SB, TELOPT_LINEMODE, LM_MODE, - useeditmode, IAC, SE); -- nfrontp += 7; - editmode = useeditmode; - } - -@@ -504,11 +499,10 @@ - set_termbuf(); - - if (!ack) { -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, -+ output_data("%c%c%c%c%c%c%c", IAC, - SB, TELOPT_LINEMODE, LM_MODE, - useeditmode|MODE_ACK, - IAC, SE); -- nfrontp += 7; - } - - editmode = useeditmode; diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::utility.c b/security/krb5-appl/files/patch-appl::telnet::telnetd::utility.c index d49598c..8bb656d 100644 --- a/security/krb5-appl/files/patch-appl::telnet::telnetd::utility.c +++ b/security/krb5-appl/files/patch-appl::telnet::telnetd::utility.c @@ -1,879 +1,38 @@ ---- appl/telnet/telnetd/utility.c.orig Wed Feb 28 14:06:52 2001 -+++ appl/telnet/telnetd/utility.c Mon Jul 23 17:16:27 2001 -@@ -58,8 +58,7 @@ +--- appl/telnet/telnetd/utility.c.orig Wed Jan 9 14:26:59 2002 ++++ appl/telnet/telnetd/utility.c Fri Jan 11 13:10:33 2002 +@@ -408,18 +408,25 @@ + int + netwrite(const char *buf, size_t len) { - void netflush(); - -- DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_REPORT, output_data("td: ttloop\r\n")); - if (nfrontp-nbackp) { - netflush(); - } -@@ -74,8 +73,7 @@ - syslog(LOG_INFO, "ttloop: peer died: %m"); - exit(1); - } -- DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_REPORT, output_data("td: ttloop read %d chars\r\n", ncc)); - netip = netibuf; - telrcv(); /* state machine */ - if (ncc > 0) { -@@ -117,9 +115,8 @@ - int n; - - if ((n = pfrontp - pbackp) > 0) { -- DIAG((TD_REPORT | TD_PTYDATA), -- { sprintf(nfrontp, "td: ptyflush %d chars\r\n", n); -- nfrontp += strlen(nfrontp); }); -+ DIAG(TD_REPORT | TD_PTYDATA, -+ output_data("td: ptyflush %d chars\r\n", n)); - DIAG(TD_PTYDATA, printdata("pd", pbackp, n)); - n = write(pty, pbackp, n); - } -@@ -251,11 +248,9 @@ - extern int not42; - - if ((n = nfrontp - nbackp) > 0) { -- DIAG(TD_REPORT, -- { sprintf(nfrontp, "td: netflush %d chars\r\n", n); -- n += strlen(nfrontp); /* get count first */ -- nfrontp += strlen(nfrontp); /* then move pointer */ -- }); -+ DIAG(TD_REPORT, { -+ n += output_data("td: netflush %d chars\r\n", n); -+ }); - #ifdef ENCRYPTION - if (encrypt_output) { - char *s = nclearto ? nclearto : nbackp; -@@ -314,33 +309,6 @@ - - - /* -- * writenet -- * -- * Just a handy little function to write a bit of raw data to the net. -- * It will force a transmit of the buffer if necessary -- * -- * arguments -- * ptr - A pointer to a character string to write -- * len - How many bytes to write -- */ -- void --writenet(ptr, len) -- register unsigned char *ptr; -- register int len; --{ -- /* flush buffer if no room for new data) */ -- if ((&netobuf[BUFSIZ] - nfrontp) < len) { -- /* if this fails, don't worry, buffer is a little big */ +- size_t remain; ++ int remaining, copied; ++ ++ remaining = BUFSIZ - (nfrontp - netobuf); ++ while (len > 0) { ++ /* Free up enough space if the room is too low*/ ++ if ((len > BUFSIZ ? BUFSIZ : len) > remaining) { ++ netflush(); ++ remaining = BUFSIZ - (nfrontp - netobuf); ++ } + +- remain = sizeof(netobuf) - (nfrontp - netobuf); +- if (remain < len) { - netflush(); -- } -- -- memcpy(nfrontp, ptr, len); -- nfrontp += len; -- --} /* end of writenet */ -- -- --/* - * miscellaneous functions doing a variety of little jobs follow ... - */ - -@@ -528,12 +496,11 @@ - register int option; - { - if (TELOPT_OK(option)) -- sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option)); -+ output_data("%s %s\r\n", fmt, TELOPT(option)); - else if (TELCMD_OK(option)) -- sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option)); -+ output_data("%s %s\r\n", fmt, TELCMD(option)); - else -- sprintf(nfrontp, "%s %d\r\n", fmt, option); -- nfrontp += strlen(nfrontp); -+ output_data("%s %d\r\n", fmt, option); - return; - } - -@@ -550,9 +517,8 @@ - return; - - if (direction) { -- sprintf(nfrontp, "td: %s suboption ", -+ output_data("td: %s suboption ", - direction == '<' ? "recv" : "send"); -- nfrontp += strlen(nfrontp); - if (length >= 3) { - register int j; - -@@ -560,232 +526,192 @@ - j = pointer[length-1]; - - if (i != IAC || j != SE) { -- sprintf(nfrontp, "(terminated by "); -- nfrontp += strlen(nfrontp); -+ output_data("(terminated by "); - if (TELOPT_OK(i)) -- sprintf(nfrontp, "%s ", TELOPT(i)); -+ output_data("%s ", TELOPT(i)); - else if (TELCMD_OK(i)) -- sprintf(nfrontp, "%s ", TELCMD(i)); -+ output_data("%s ", TELCMD(i)); - else -- sprintf(nfrontp, "%d ", i); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", i); - if (TELOPT_OK(j)) -- sprintf(nfrontp, "%s", TELOPT(j)); -+ output_data("%s", TELOPT(j)); - else if (TELCMD_OK(j)) -- sprintf(nfrontp, "%s", TELCMD(j)); -+ output_data("%s", TELCMD(j)); - else -- sprintf(nfrontp, "%d", j); -- nfrontp += strlen(nfrontp); -- sprintf(nfrontp, ", not IAC SE!) "); -- nfrontp += strlen(nfrontp); -+ output_data("%d", j); -+ output_data(", not IAC SE!) "); - } - } - length -= 2; - } - if (length < 1) { -- sprintf(nfrontp, "(Empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(Empty suboption??\?)"); - return; +- remain = sizeof(netobuf) - (nfrontp - netobuf); ++ /* Copy out as much as will fit */ ++ copied = remaining > len ? len : remaining; ++ memmove(nfrontp, buf, copied); ++ nfrontp += copied; ++ len -= copied; ++ remaining -= copied; ++ buf += copied; } - switch (pointer[0]) { - case TELOPT_TTYPE: -- sprintf(nfrontp, "TERMINAL-TYPE "); -- nfrontp += strlen(nfrontp); -+ output_data("TERMINAL-TYPE "); - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2); -+ output_data("IS \"%.*s\"", length-2, (char *)pointer+2); - break; - case TELQUAL_SEND: -- sprintf(nfrontp, "SEND"); -+ output_data("SEND"); - break; - default: -- sprintf(nfrontp, -+ output_data( - "- unknown qualifier %d (0x%x).", - pointer[1], pointer[1]); - } -- nfrontp += strlen(nfrontp); - break; - case TELOPT_TSPEED: -- sprintf(nfrontp, "TERMINAL-SPEED"); -- nfrontp += strlen(nfrontp); -+ output_data("TERMINAL-SPEED"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2); -- nfrontp += strlen(nfrontp); -+ output_data(" IS %.*s", length-2, (char *)pointer+2); - break; - default: - if (pointer[1] == 1) -- sprintf(nfrontp, " SEND"); -+ output_data(" SEND"); - else -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[1]); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - } - break; - - case TELOPT_LFLOW: -- sprintf(nfrontp, "TOGGLE-FLOW-CONTROL"); -- nfrontp += strlen(nfrontp); -+ output_data("TOGGLE-FLOW-CONTROL"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case LFLOW_OFF: -- sprintf(nfrontp, " OFF"); break; -+ output_data(" OFF"); break; - case LFLOW_ON: -- sprintf(nfrontp, " ON"); break; -+ output_data(" ON"); break; - case LFLOW_RESTART_ANY: -- sprintf(nfrontp, " RESTART-ANY"); break; -+ output_data(" RESTART-ANY"); break; - case LFLOW_RESTART_XON: -- sprintf(nfrontp, " RESTART-XON"); break; -+ output_data(" RESTART-XON"); break; - default: -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -+ output_data(" %d (unknown)", pointer[1]); - } -- nfrontp += strlen(nfrontp); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - - case TELOPT_NAWS: -- sprintf(nfrontp, "NAWS"); -- nfrontp += strlen(nfrontp); -+ output_data("NAWS"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - if (length == 2) { -- sprintf(nfrontp, " ?%d?", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[1]); - break; - } -- sprintf(nfrontp, " %d %d (%d)", -+ output_data(" %d %d (%d)", - pointer[1], pointer[2], - (int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2]))); -- nfrontp += strlen(nfrontp); - if (length == 4) { -- sprintf(nfrontp, " ?%d?", pointer[3]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[3]); - break; - } -- sprintf(nfrontp, " %d %d (%d)", -+ output_data(" %d %d (%d)", - pointer[3], pointer[4], - (int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4]))); -- nfrontp += strlen(nfrontp); - for (i = 5; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - - case TELOPT_LINEMODE: -- sprintf(nfrontp, "LINEMODE "); -- nfrontp += strlen(nfrontp); -+ output_data("LINEMODE "); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case WILL: -- sprintf(nfrontp, "WILL "); -+ output_data("WILL "); - goto common; - case WONT: -- sprintf(nfrontp, "WONT "); -+ output_data("WONT "); - goto common; - case DO: -- sprintf(nfrontp, "DO "); -+ output_data("DO "); - goto common; - case DONT: -- sprintf(nfrontp, "DONT "); -+ output_data("DONT "); - common: -- nfrontp += strlen(nfrontp); - if (length < 3) { -- sprintf(nfrontp, "(no option??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(no option??\?)"); - break; - } - switch (pointer[2]) { - case LM_FORWARDMASK: -- sprintf(nfrontp, "Forward Mask"); -- nfrontp += strlen(nfrontp); -+ output_data("Forward Mask"); - for (i = 3; i < length; i++) { -- sprintf(nfrontp, " %x", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %x", pointer[i]); - } - break; - default: -- sprintf(nfrontp, "%d (unknown)", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data("%d (unknown)", pointer[2]); - for (i = 3; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - } - break; - } - break; - - case LM_SLC: -- sprintf(nfrontp, "SLC"); -- nfrontp += strlen(nfrontp); -+ output_data("SLC"); - for (i = 2; i < length - 2; i += 3) { - if (SLC_NAME_OK(pointer[i+SLC_FUNC])) -- sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC])); -+ output_data(" %s", SLC_NAME(pointer[i+SLC_FUNC])); - else -- sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i+SLC_FUNC]); - switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) { - case SLC_NOSUPPORT: -- sprintf(nfrontp, " NOSUPPORT"); break; -+ output_data(" NOSUPPORT"); break; - case SLC_CANTCHANGE: -- sprintf(nfrontp, " CANTCHANGE"); break; -+ output_data(" CANTCHANGE"); break; - case SLC_VARIABLE: -- sprintf(nfrontp, " VARIABLE"); break; -+ output_data(" VARIABLE"); break; - case SLC_DEFAULT: -- sprintf(nfrontp, " DEFAULT"); break; -+ output_data(" DEFAULT"); break; - } -- nfrontp += strlen(nfrontp); -- sprintf(nfrontp, "%s%s%s", -+ output_data("%s%s%s", - pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "", - pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "", - pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : ""); -- nfrontp += strlen(nfrontp); - if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN| - SLC_FLUSHOUT| SLC_LEVELBITS)) { -- sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]); -- nfrontp += strlen(nfrontp); -+ output_data("(0x%x)", pointer[i+SLC_FLAGS]); - } -- sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d;", pointer[i+SLC_VALUE]); - if ((pointer[i+SLC_VALUE] == IAC) && - (pointer[i+SLC_VALUE+1] == IAC)) - i++; - } - for (; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - - case LM_MODE: -- sprintf(nfrontp, "MODE "); -- nfrontp += strlen(nfrontp); -+ output_data("MODE "); - if (length < 3) { -- sprintf(nfrontp, "(no mode??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(no mode??\?)"); - break; - } - { -@@ -796,24 +722,19 @@ - pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "", - pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "", - pointer[2]&MODE_ACK ? "|ACK" : ""); -- sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0"); -- nfrontp += strlen(nfrontp); -+ output_data("%s", tbuf[1] ? &tbuf[1] : "0"); - } - if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) { -- sprintf(nfrontp, " (0x%x)", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data(" (0x%x)", pointer[2]); - } - for (i = 3; i < length; i++) { -- sprintf(nfrontp, " ?0x%x?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?0x%x?", pointer[i]); - } - break; - default: -- sprintf(nfrontp, "%d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data("%d (unknown)", pointer[1]); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - } - } - break; -@@ -822,24 +743,20 @@ - register char *cp; - register int j, k; - -- sprintf(nfrontp, "STATUS"); -- nfrontp += strlen(nfrontp); -+ output_data("STATUS"); - - switch (pointer[1]) { - default: - if (pointer[1] == TELQUAL_SEND) -- sprintf(nfrontp, " SEND"); -+ output_data(" SEND"); - else -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[1]); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - case TELQUAL_IS: -- sprintf(nfrontp, " IS\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data(" IS\r\n"); - - for (i = 2; i < length; i++) { - switch(pointer[i]) { -@@ -850,18 +767,15 @@ - common2: - i++; - if (TELOPT_OK(pointer[i])) -- sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i])); -+ output_data(" %s %s", cp, TELOPT(pointer[i])); - else -- sprintf(nfrontp, " %s %d", cp, pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %s %d", cp, pointer[i]); - -- sprintf(nfrontp, "\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data("\r\n"); - break; - - case SB: -- sprintf(nfrontp, " SB "); -- nfrontp += strlen(nfrontp); -+ output_data(" SB "); - i++; - j = k = i; - while (j < length) { -@@ -877,20 +791,17 @@ - } - printsub(0, &pointer[i], k - i); - if (i < length) { -- sprintf(nfrontp, " SE"); -- nfrontp += strlen(nfrontp); -+ output_data(" SE"); - i = j; - } else - i = j - 1; - -- sprintf(nfrontp, "\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data("\r\n"); - - break; - - default: -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - break; - } - } -@@ -900,86 +811,77 @@ - } - - case TELOPT_XDISPLOC: -- sprintf(nfrontp, "X-DISPLAY-LOCATION "); -- nfrontp += strlen(nfrontp); -+ output_data("X-DISPLAY-LOCATION "); - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2); -+ output_data("IS \"%.*s\"", length-2, (char *)pointer+2); - break; - case TELQUAL_SEND: -- sprintf(nfrontp, "SEND"); -+ output_data("SEND"); - break; - default: -- sprintf(nfrontp, "- unknown qualifier %d (0x%x).", -+ output_data("- unknown qualifier %d (0x%x).", - pointer[1], pointer[1]); - } -- nfrontp += strlen(nfrontp); - break; - - case TELOPT_NEW_ENVIRON: -- sprintf(nfrontp, "NEW-ENVIRON "); -+ output_data("NEW-ENVIRON "); - goto env_common1; - case TELOPT_OLD_ENVIRON: -- sprintf(nfrontp, "OLD-ENVIRON"); -+ output_data("OLD-ENVIRON"); - env_common1: -- nfrontp += strlen(nfrontp); - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, "IS "); -+ output_data("IS "); - goto env_common; - case TELQUAL_SEND: -- sprintf(nfrontp, "SEND "); -+ output_data("SEND "); - goto env_common; - case TELQUAL_INFO: -- sprintf(nfrontp, "INFO "); -+ output_data("INFO "); - env_common: -- nfrontp += strlen(nfrontp); - { - register int noquote = 2; - for (i = 2; i < length; i++ ) { - switch (pointer[i]) { - case NEW_ENV_VAR: -- sprintf(nfrontp, "\" VAR " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" VAR " + noquote); - noquote = 2; - break; - - case NEW_ENV_VALUE: -- sprintf(nfrontp, "\" VALUE " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" VALUE " + noquote); - noquote = 2; - break; - - case ENV_ESC: -- sprintf(nfrontp, "\" ESC " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" ESC " + noquote); - noquote = 2; - break; - - case ENV_USERVAR: -- sprintf(nfrontp, "\" USERVAR " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" USERVAR " + noquote); - noquote = 2; - break; - - default: - if (isprint(pointer[i]) && pointer[i] != '"') { - if (noquote) { -- *nfrontp++ = '"'; -+ output_data("\""); - noquote = 0; - } -- *nfrontp++ = pointer[i]; -+ output_data("%c", pointer[i]); - } else { -- sprintf(nfrontp, "\" %03o " + noquote, -+ output_data("\" %03o " + noquote, - pointer[i]); -- nfrontp += strlen(nfrontp); - noquote = 2; - } - break; - } - } - if (!noquote) -- *nfrontp++ = '"'; -+ output_data("\""); - break; - } - } -@@ -987,90 +889,69 @@ - - #if defined(AUTHENTICATION) - case TELOPT_AUTHENTICATION: -- sprintf(nfrontp, "AUTHENTICATION"); -- nfrontp += strlen(nfrontp); -+ output_data("AUTHENTICATION"); - - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case TELQUAL_REPLY: - case TELQUAL_IS: -- sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ? -+ output_data(" %s ", (pointer[1] == TELQUAL_IS) ? - "IS" : "REPLY"); -- nfrontp += strlen(nfrontp); - if (AUTHTYPE_NAME_OK(pointer[2])) -- sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2])); -+ output_data("%s ", AUTHTYPE_NAME(pointer[2])); - else -- sprintf(nfrontp, "%d ", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", pointer[2]); - if (length < 3) { -- sprintf(nfrontp, "(partial suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(partial suboption??\?)"); - break; - } -- sprintf(nfrontp, "%s|%s%s", -+ output_data("%s|%s", - ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? - "CLIENT" : "SERVER", - ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? - "MUTUAL" : "ONE-WAY", - ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ? - "|ENCRYPT" : ""); -- nfrontp += strlen(nfrontp); - - auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); -- sprintf(nfrontp, "%s", buf); -- nfrontp += strlen(nfrontp); -+ output_data("%s", buf); - break; - - case TELQUAL_SEND: - i = 2; -- sprintf(nfrontp, " SEND "); -- nfrontp += strlen(nfrontp); -+ output_data(" SEND "); - while (i < length) { - if (AUTHTYPE_NAME_OK(pointer[i])) -- sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i])); -+ output_data("%s ", AUTHTYPE_NAME(pointer[i])); - else -- sprintf(nfrontp, "%d ", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", pointer[i]); - if (++i >= length) { -- sprintf(nfrontp, "(partial suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(partial suboption??\?)"); - break; - } -- sprintf(nfrontp, "%s|%s%s ", -+ output_data( "%s|%s%s ", - ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? - "CLIENT" : "SERVER", - ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? - "MUTUAL" : "ONE-WAY", - ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ? - "|ENCRYPT" : ""); -- nfrontp += strlen(nfrontp); - ++i; - } - break; - - case TELQUAL_NAME: -- i = 2; -- sprintf(nfrontp, " NAME \""); -- nfrontp += strlen(nfrontp); -- while (i < length) { -- if (isprint(pointer[i])) -- *nfrontp++ = pointer[i++]; -- else { -- sprintf(nfrontp, "\"%03o",pointer[i++]); -- nfrontp += strlen(nfrontp); -- } -- } -- *nfrontp++ = '"'; -+ output_data(" NAME \"%.*s\"", -+ length - 2, -+ pointer + 2); - break; - - default: - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - } -@@ -1079,86 +960,70 @@ - - #ifdef ENCRYPTION - case TELOPT_ENCRYPT: -- sprintf(nfrontp, "ENCRYPT"); -- nfrontp += strlen(nfrontp); -+ output_data("ENCRYPT"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case ENCRYPT_START: -- sprintf(nfrontp, " START"); -- nfrontp += strlen(nfrontp); -+ output_data(" START"); - break; - - case ENCRYPT_END: -- sprintf(nfrontp, " END"); -- nfrontp += strlen(nfrontp); -+ output_data(" END"); - break; - - case ENCRYPT_REQSTART: -- sprintf(nfrontp, " REQUEST-START"); -- nfrontp += strlen(nfrontp); -+ output_data(" REQUEST-START"); - break; - - case ENCRYPT_REQEND: -- sprintf(nfrontp, " REQUEST-END"); -- nfrontp += strlen(nfrontp); -+ output_data(" REQUEST-END"); - break; - - case ENCRYPT_IS: - case ENCRYPT_REPLY: -- sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ? -+ output_data(" %s ", (pointer[1] == ENCRYPT_IS) ? - "IS" : "REPLY"); -- nfrontp += strlen(nfrontp); - if (length < 3) { -- sprintf(nfrontp, " (partial suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (partial suboption??\?)"); - break; - } - if (ENCTYPE_NAME_OK(pointer[2])) -- sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2])); -+ output_data("%s ", ENCTYPE_NAME(pointer[2])); - else -- sprintf(nfrontp, " %d (unknown)", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[2]); - - encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf)); -- sprintf(nfrontp, "%s", buf); -- nfrontp += strlen(nfrontp); -+ output_data("%s", buf); - break; - - case ENCRYPT_SUPPORT: - i = 2; -- sprintf(nfrontp, " SUPPORT "); -- nfrontp += strlen(nfrontp); -+ output_data(" SUPPORT "); - while (i < length) { - if (ENCTYPE_NAME_OK(pointer[i])) -- sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i])); -+ output_data("%s ", ENCTYPE_NAME(pointer[i])); - else -- sprintf(nfrontp, "%d ", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", pointer[i]); - i++; - } - break; - - case ENCRYPT_ENC_KEYID: -- sprintf(nfrontp, " ENC_KEYID", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" ENC_KEYID"); - goto encommon; - - case ENCRYPT_DEC_KEYID: -- sprintf(nfrontp, " DEC_KEYID", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" DEC_KEYID"); - goto encommon; - - default: -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[1]); - encommon: - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - } - break; - } -@@ -1167,18 +1032,15 @@ - - default: - if (TELOPT_OK(pointer[0])) -- sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0])); -+ output_data( "%s (unknown)", TELOPT(pointer[0])); - else -- sprintf(nfrontp, "%d (unknown)", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data( "%d (unknown)", pointer[i]); - for (i = 1; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data( " %d", pointer[i]); - } - break; - } -- sprintf(nfrontp, "\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data( "\r\n"); +- if (remain < len) +- return 0; +- memcpy(nfrontp, buf, len); +- nfrontp += len; +- return len; ++ return copied; } /* -@@ -1200,26 +1062,22 @@ - } - - /* add a line of output */ -- sprintf(nfrontp, "%s: ", tag); -- nfrontp += strlen(nfrontp); -+ output_data("%s: ", tag); - for (i = 0; i < 20 && cnt; i++) { -- sprintf(nfrontp, "%02x", *ptr); -- nfrontp += strlen(nfrontp); -+ output_data("%02x", *ptr); - if (isprint(*ptr)) { - xbuf[i] = *ptr; - } else { - xbuf[i] = '.'; - } - if (i % 2) { -- *nfrontp = ' '; -- nfrontp++; -+ output_data(" "); - } - cnt--; - ptr++; - } - xbuf[i] = '\0'; -- sprintf(nfrontp, " %s\r\n", xbuf ); -- nfrontp += strlen(nfrontp); -+ output_data(" %s\r\n", xbuf ); - } - } - #endif /* DIAGNOSTICS */ diff --git a/security/krb5-appl/files/patch-ay b/security/krb5-appl/files/patch-ay index 4ed0c9e..54c041e 100644 --- a/security/krb5-appl/files/patch-ay +++ b/security/krb5-appl/files/patch-ay @@ -1,6 +1,6 @@ ---- util/pty/getpty.c.orig Fri Feb 6 19:46:42 1998 -+++ util/pty/getpty.c Mon Apr 5 14:00:07 1999 -@@ -21,13 +21,26 @@ +--- util/pty/getpty.c.orig Wed Jan 9 14:28:37 2002 ++++ util/pty/getpty.c Thu Jan 10 21:30:40 2002 +@@ -24,13 +24,26 @@ #include "libpty.h" #include "pty-int.h" @@ -17,19 +17,19 @@ +#define PTYCHARS2 "0123456789abcdef" +#endif + - long pty_getpty (fd, slave, slavelength) - int slavelength; - int *fd; char *slave; + long + ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) { -- char *cp; ++ int ptynum; + char *cp1, *cp2; + #if !defined(HAVE__GETPTY) && !defined(HAVE_OPENPTY) +- char *cp; char *p; - int i,ptynum; -+ int ptynum; struct stat stb; char slavebuf[1024]; - #ifdef HAVE__GETPTY -@@ -109,14 +122,14 @@ + #endif +@@ -115,14 +128,14 @@ strncpy(slave, slavebuf, slavelength); return 0; } else { diff --git a/security/krb5-appl/files/patch-bd b/security/krb5-appl/files/patch-bd deleted file mode 100644 index b2bf412..0000000 --- a/security/krb5-appl/files/patch-bd +++ /dev/null @@ -1,19 +0,0 @@ ---- appl/gssftp/ftpd/ftpcmd.y.ORIG Wed Feb 28 16:06:45 2001 -+++ appl/gssftp/ftpd/ftpcmd.y Fri Apr 27 10:18:01 2001 -@@ -805,11 +805,13 @@ - * This is a valid reply in some cases but not in others. - */ - if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) { -- *(char **)&($$) = *ftpglob((char *) $1); -- if (globerr != NULL) { -+ char **vv; -+ vv = ftpglob((char *) $1); -+ if (vv == NULL || globerr != NULL) { - reply(550, globerr); - $$ = NULL; -- } -+ } else -+ $$ = *vv; - free((char *) $1); - } else - $$ = $1; diff --git a/security/krb5-appl/pkg-plist b/security/krb5-appl/pkg-plist index 5170610..01977cd 100644 --- a/security/krb5-appl/pkg-plist +++ b/security/krb5-appl/pkg-plist @@ -63,10 +63,10 @@ lib/libk5crypto.so lib/libk5crypto.so.3 lib/libkadm5clnt.a lib/libkadm5clnt.so -lib/libkadm5clnt.so.4 +lib/libkadm5clnt.so.5 lib/libkadm5srv.a lib/libkadm5srv.so -lib/libkadm5srv.so.4 +lib/libkadm5srv.so.5 lib/libkdb5.a lib/libkdb5.so lib/libkdb5.so.3 diff --git a/security/krb5/Makefile b/security/krb5/Makefile index 3a0bf18..e9c8235 100644 --- a/security/krb5/Makefile +++ b/security/krb5/Makefile @@ -6,8 +6,7 @@ # PORTNAME= krb5 -PORTVERSION= 1.2.2 -PORTREVISION= 5 +PORTVERSION= 1.2.3 CATEGORIES= security MASTER_SITES= # manual download diff --git a/security/krb5/distinfo b/security/krb5/distinfo index e8159e5..3af0278 100644 --- a/security/krb5/distinfo +++ b/security/krb5/distinfo @@ -1 +1 @@ -MD5 (krb5-1.2.2.tar.gz) = 57d1bf3a3c68ee8af64e31a46799551c +MD5 (krb5-1.2.3.tar.gz) = 1e93aed5e6ae13eb4b5b5278b1a6ab46 diff --git a/security/krb5/files/patch-ai b/security/krb5/files/patch-ai index 634db6c..f5b7331 100644 --- a/security/krb5/files/patch-ai +++ b/security/krb5/files/patch-ai @@ -1,6 +1,6 @@ ---- appl/gssftp/ftpd/ftpd.c.orig Wed Feb 28 16:06:45 2001 -+++ appl/gssftp/ftpd/ftpd.c Fri Apr 27 10:18:01 2001 -@@ -485,7 +485,13 @@ +--- appl/gssftp/ftpd/ftpd.c.orig Wed Jan 9 14:26:51 2002 ++++ appl/gssftp/ftpd/ftpd.c Thu Jan 10 19:00:13 2002 +@@ -487,7 +487,13 @@ #ifndef LOG_DAEMON #define LOG_DAEMON 0 #endif @@ -15,273 +15,14 @@ addrlen = sizeof (his_addr); if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { -@@ -761,7 +767,16 @@ - int result; - #ifdef GSSAPI - if (auth_type && strcmp(auth_type, "GSSAPI") == 0) { -+ int len; - authorized = ftpd_gss_userok(&client_name, name) == 0; -+ len = sizeof("GSSAPI user is not authorized as " -+ "; Password required.") -+ + strlen(client_name.value) -+ + strlen(name); -+ if (len >= sizeof(buf)) { -+ syslog(LOG_ERR, "user: username too long"); -+ name = "[username too long]"; -+ } - sprintf(buf, "GSSAPI user %s is%s authorized as %s", - client_name.value, authorized ? "" : " not", - name); -@@ -772,7 +787,18 @@ - #endif /* GSSAPI */ - #ifdef KRB5_KRB4_COMPAT - if (auth_type && strcmp(auth_type, "KERBEROS_V4") == 0) { -+ int len; - authorized = kuserok(&kdata,name) == 0; -+ len = sizeof("Kerberos user .@ is not authorized as " -+ "; Password required.") -+ + strlen(kdata.pname) -+ + strlen(kdata.pinst) -+ + strlen(kdata.prealm) -+ + strlen(name); -+ if (len >= sizeof(buf)) { -+ syslog(LOG_ERR, "user: username too long"); -+ name = "[username too long]"; -+ } - sprintf(buf, "Kerberos user %s%s%s@%s is%s authorized as %s", - kdata.pname, *kdata.pinst ? "." : "", - kdata.pinst, kdata.prealm, -@@ -1179,6 +1205,11 @@ - } else { - char line[FTP_BUFSIZ]; - -+ if (strlen(cmd) + strlen(name) + 1 >= sizeof(line)) { -+ syslog(LOG_ERR, "retrieve: filename too long"); -+ reply(501, "filename too long"); -+ return; -+ } - (void) sprintf(line, cmd, name), name = line; - fin = ftpd_popen(line, "r"), closefunc = ftpd_pclose; - st.st_size = -1; -@@ -1417,6 +1448,10 @@ - return (file); - } - -+/* -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ -+ */ - #ifdef STDARG - secure_error(char *fmt, ...) - #else -@@ -1616,13 +1651,19 @@ - { - char line[FTP_BUFSIZ]; - FILE *fin; -- int c; -+ int c, n; - char str[FTP_BUFSIZ], *p; - -+ if (strlen(filename) + sizeof("/bin/ls -lgA ") -+ >= sizeof(line)) { -+ reply(501, "filename too long"); -+ return; -+ } - (void) sprintf(line, "/bin/ls -lgA %s", filename); - fin = ftpd_popen(line, "r"); - lreply(211, "status of %s:", filename); - p = str; -+ n = 0; - while ((c = getc(fin)) != EOF) { - if (c == '\n') { - if (ferror(stdout)){ -@@ -1639,7 +1680,16 @@ - *p = '\0'; - reply(0, "%s", str); - p = str; -- } else *p++ = c; -+ n = 0; -+ } else { -+ *p++ = c; -+ n++; -+ if (n >= sizeof(str)) { -+ reply(551, "output line too long"); -+ (void) ftpd_pclose(fin); -+ return; -+ } -+ } - } - if (p != str) { - *p = '\0'; -@@ -1723,6 +1773,10 @@ - - char cont_char = ' '; - -+/* -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ bytes for now. -+ */ - #ifdef STDARG - reply(int n, char *fmt, ...) - #else -@@ -1744,22 +1798,32 @@ - #endif - - if (auth_type) { -- char in[FTP_BUFSIZ], out[FTP_BUFSIZ]; -+ /* -+ * Deal with expansion in mk_{safe,priv}, -+ * radix_encode, gss_seal, plus slop. -+ */ -+ char in[FTP_BUFSIZ*3/2], out[FTP_BUFSIZ*3/2]; - int length, kerror; - if (n) sprintf(in, "%d%c", n, cont_char); - else in[0] = '\0'; - strncat(in, buf, sizeof (in) - strlen(in) - 1); - #ifdef KRB5_KRB4_COMPAT - if (strcmp(auth_type, "KERBEROS_V4") == 0) { -- if ((length = clevel == PROT_P ? -- krb_mk_priv((unsigned char *)in, -- (unsigned char *)out, -- strlen(in), schedule, &kdata.session, -- &ctrl_addr, &his_addr) -- : krb_mk_safe((unsigned char *)in, -- (unsigned char *)out, -- strlen(in), &kdata.session, -- &ctrl_addr, &his_addr)) == -1) { -+ if (clevel == PROT_P) -+ length = krb_mk_priv((unsigned char *)in, -+ (unsigned char *)out, -+ strlen(in), -+ schedule, &kdata.session, -+ &ctrl_addr, -+ &his_addr); -+ else -+ length = krb_mk_safe((unsigned char *)in, -+ (unsigned char *)out, -+ strlen(in), -+ &kdata.session, -+ &ctrl_addr, -+ &his_addr); -+ if (length == -1) { - syslog(LOG_ERR, - "krb_mk_%s failed for KERBEROS_V4", - clevel == PROT_P ? "priv" : "safe"); -@@ -1803,13 +1867,16 @@ - } - #endif /* GSSAPI */ - /* Other auth types go here ... */ -- if (kerror = radix_encode(out, in, &length, 0)) { -+ if (length >= sizeof(in) / 4 * 3) { -+ syslog(LOG_ERR, "input to radix_encode too long"); -+ fputs(in, stdout); -+ } else if (kerror = radix_encode(out, in, &length, 0)) { - syslog(LOG_ERR, "Couldn't encode reply (%s)", - radix_error(kerror)); - fputs(in,stdout); - } else -- printf("%s%c%s", clevel == PROT_P ? "632" : "631", -- n ? cont_char : '-', in); -+ printf("%s%c%s", clevel == PROT_P ? "632" : "631", -+ n ? cont_char : '-', in); - } else { - if (n) printf("%d%c", n, cont_char); - fputs(buf, stdout); -@@ -1822,6 +1889,10 @@ - } - } - -+/* -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ -+ */ - #ifdef STDARG - lreply(int n, char *fmt, ...) - #else -@@ -1866,7 +1937,8 @@ - - if (cp = strchr(cbuf,'\n')) - *cp = '\0'; -- reply(500, "'%s': command not understood.", cbuf); -+ reply(500, "'%.*s': command not understood.", -+ FTP_BUFSIZ - sizeof("'': command not understood."), cbuf); - } - - delete_file(name) -@@ -2143,7 +2215,21 @@ - int code; - char *string; - { -- reply(code, "%s: %s.", string, strerror(errno)); -+ char *err_string; -+ size_t extra_len; -+ err_string = strerror(errno); -+ if (err_string == NULL) -+ err_string = "(unknown error)"; -+ extra_len = strlen(err_string) + sizeof("(truncated): ."); -+ /* -+ * XXX knows about FTP_BUFSIZ in reply() -+ */ -+ if (strlen(string) + extra_len > FTP_BUFSIZ) { -+ reply(code, "(truncated)%.*s: %s.", -+ FTP_BUFSIZ - extra_len, string, err_string); -+ } else { -+ reply(code, "%s: %s.", string, err_string); -+ } - } - - auth(type) -@@ -2226,6 +2312,10 @@ +@@ -2312,6 +2318,10 @@ + if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum), + &kdata.session,&ctrl_addr, &his_addr)) == -1) { secure_error("ADAT: krb_mk_safe failed"); - return(0); - } -+ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { -+ secure_error("ADAT: reply too long"); + return(0); + } - if (kerror = radix_encode(out_buf, buf, &length, 0)) { - secure_error("Couldn't encode ADAT reply (%s)", - radix_error(kerror)); -@@ -2360,6 +2450,16 @@ ++ if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { ++ secure_error("ADAT: reply too long"); + return(0); } - - if (out_tok.length) { -+ if (out_tok.length >= ((FTP_BUFSIZ - sizeof("ADAT=")) -+ / 4 * 3)) { -+ secure_error("ADAT: reply too long"); -+ syslog(LOG_ERR, "ADAT: reply too long"); -+ (void) gss_release_cred(&stat_min, &server_creds); -+ if (ret_flags & GSS_C_DELEG_FLAG) -+ (void) gss_release_cred(&stat_min, -+ &deleg_creds); -+ return(0); -+ } - if (kerror = radix_encode(out_tok.value, gbuf, &out_tok.length, 0)) { - secure_error("Couldn't encode ADAT reply (%s)", - radix_error(kerror)); -@@ -2458,6 +2558,9 @@ - * n>=0 on success - * -1 on error - * -2 on security error -+ * -+ * XXX callers need to limit total length of output string to -+ * FTP_BUFSIZ - */ - #ifdef STDARG - secure_fprintf(FILE *stream, char *fmt, ...) -@@ -2575,6 +2678,15 @@ - dir->d_name[2] == '\0') - continue; - -+ if (strlen(dirname) + strlen(dir->d_name) -+ + 1 /* slash */ -+ + 2 /* CRLF */ -+ + 1 > sizeof(nbuf)) { -+ syslog(LOG_ERR, -+ "send_file_list: pathname too long"); -+ ret = -2; /* XXX */ -+ goto data_err; -+ } - sprintf(nbuf, "%s/%s", dirname, dir->d_name); - - /* + if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { diff --git a/security/krb5/files/patch-appl::telnet::telnetd::authenc.c b/security/krb5/files/patch-appl::telnet::telnetd::authenc.c deleted file mode 100644 index 9a19ab9..0000000 --- a/security/krb5/files/patch-appl::telnet::telnetd::authenc.c +++ /dev/null @@ -1,12 +0,0 @@ ---- appl/telnet/telnetd/authenc.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/authenc.c Thu Jul 19 19:14:29 2001 -@@ -43,8 +43,7 @@ - int len; - { - if (nfrontp + len < netobuf + BUFSIZ) { -- memcpy((void *)nfrontp, (void *)str, len); -- nfrontp += len; -+ output_datalen(str, len); - return(len); - } - return(0); diff --git a/security/krb5/files/patch-appl::telnet::telnetd::ext.h b/security/krb5/files/patch-appl::telnet::telnetd::ext.h deleted file mode 100644 index 38fd6ac..0000000 --- a/security/krb5/files/patch-appl::telnet::telnetd::ext.h +++ /dev/null @@ -1,24 +0,0 @@ ---- appl/telnet/telnetd/ext.h.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/ext.h Mon Jul 23 16:44:35 2001 -@@ -75,7 +75,7 @@ - - extern char netibuf[BUFSIZ], *netip; - --extern char netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp; -+extern char netobuf[BUFSIZ], *nfrontp, *nbackp; - extern char *neturg; /* one past last bye of urgent data */ - - extern int pcc, ncc; -@@ -187,8 +187,10 @@ - tty_setsofttab P((int)), - tty_tspeed P((int)), - willoption P((int)), -- wontoption P((int)), -- writenet P((unsigned char *, int)); -+ wontoption P((int)); -+ -+extern int output_data __P((const char *, ...)) __printflike(1, 2); -+extern int output_datalen __P((const char *, size_t)); - - #ifdef ENCRYPTION - extern char *nclearto; diff --git a/security/krb5/files/patch-appl::telnet::telnetd::slc.c b/security/krb5/files/patch-appl::telnet::telnetd::slc.c deleted file mode 100644 index f4e7d41..0000000 --- a/security/krb5/files/patch-appl::telnet::telnetd::slc.c +++ /dev/null @@ -1,11 +0,0 @@ ---- appl/telnet/telnetd/slc.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/slc.c Mon Jul 23 16:45:51 2001 -@@ -198,7 +198,7 @@ - (void) sprintf((char *)slcptr, "%c%c", IAC, SE); - slcptr += 2; - len = slcptr - slcbuf; -- writenet(slcbuf, len); -+ output_datalen(slcbuf, len); - netflush(); /* force it out immediately */ - DIAG(TD_OPTIONS, printsub('>', slcbuf+2, len-2);); - } diff --git a/security/krb5/files/patch-appl::telnet::telnetd::state.c b/security/krb5/files/patch-appl::telnet::telnetd::state.c deleted file mode 100644 index baf2073..0000000 --- a/security/krb5/files/patch-appl::telnet::telnetd::state.c +++ /dev/null @@ -1,134 +0,0 @@ ---- appl/telnet/telnetd/state.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/state.c Mon Jul 23 17:48:48 2001 -@@ -33,6 +33,7 @@ - - /* based on @(#)state.c 8.1 (Berkeley) 6/4/93 */ - -+#include <stdarg.h> - #include "telnetd.h" - #if defined(AUTHENTICATION) - #include <libtelnet/auth.h> -@@ -86,7 +87,7 @@ - if (!auth_negotiated) { - static char *error = - "An environment option was sent before authentication negotiation completed.\r\nThis may create a security hazard. Connection dropped.\r\n"; -- writenet(error, strlen(error)); -+ output_datalen(error, strlen(error)); - netflush(); - exit(1); - } -@@ -209,8 +210,7 @@ - } - - netclear(); /* clear buffer back */ -- *nfrontp++ = IAC; -- *nfrontp++ = DM; -+ output_data("%c%c", IAC, DM); - neturg = nfrontp-1; /* off by one XXX */ - DIAG(TD_OPTIONS, - printoption("td: send IAC", DM)); -@@ -463,8 +463,7 @@ - set_his_want_state_will(option); - do_dont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)doopt, option); -- nfrontp += sizeof (dont) - 2; -+ output_data((const char *)doopt, option); - - DIAG(TD_OPTIONS, printoption("td: send do", option)); - } -@@ -683,8 +682,7 @@ - set_his_want_state_wont(option); - do_dont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)dont, option); -- nfrontp += sizeof (doopt) - 2; -+ output_data((const char *)dont, option); - - DIAG(TD_OPTIONS, printoption("td: send dont", option)); - } -@@ -833,8 +831,7 @@ - set_my_want_state_will(option); - will_wont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)will, option); -- nfrontp += sizeof (doopt) - 2; -+ output_data((const char *)will, option); - - DIAG(TD_OPTIONS, printoption("td: send will", option)); - } -@@ -993,8 +990,7 @@ - set_my_want_state_wont(option); - will_wont_resp[option]++; - } -- (void) sprintf(nfrontp, (char *)wont, option); -- nfrontp += sizeof (wont) - 2; -+ output_data((const char *)wont, option); - - DIAG(TD_OPTIONS, printoption("td: send wont", option)); - } -@@ -1393,9 +1389,8 @@ - env_ovar_wrong: - env_ovar = OLD_ENV_VALUE; - env_ovalue = OLD_ENV_VAR; -- DIAG(TD_OPTIONS, {sprintf(nfrontp, -- "ENVIRON VALUE and VAR are reversed!\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_OPTIONS, -+ output_data("ENVIRON VALUE and VAR are reversed!\r\n")); - - } - } -@@ -1633,11 +1628,51 @@ - ADD(IAC); - ADD(SE); - -- writenet(statusbuf, ncp - statusbuf); -+ output_datalen(statusbuf, ncp - statusbuf); - netflush(); /* Send it on its way */ - - DIAG(TD_OPTIONS, - {printsub('>', statusbuf, ncp - statusbuf); netflush();}); -+} -+ -+/* -+ * This function appends data to nfrontp and advances nfrontp. -+ */ -+ -+int -+output_data(const char *format, ...) -+{ -+ va_list args; -+ size_t remaining, ret; -+ -+ va_start(args, format); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ /* try a netflush() if the room is too low */ -+ if (strlen(format) > remaining || BUFSIZ / 4 > remaining) { -+ netflush(); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ } -+ ret = vsnprintf(nfrontp, remaining, format, args); -+ nfrontp += ((ret < remaining - 1) ? ret : remaining - 1); -+ va_end(args); -+ return ret; -+} -+ -+int -+output_datalen(const char *buf, size_t len) -+{ -+ size_t remaining; -+ -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ if (remaining < len) { -+ netflush(); -+ remaining = BUFSIZ - (nfrontp - netobuf); -+ } -+ if (remaining < len) -+ return -1; -+ memmove(nfrontp, buf, len); -+ nfrontp += len; -+ return (len); - } - - static int envvarok(varp) diff --git a/security/krb5/files/patch-appl::telnet::telnetd::telnetd.c b/security/krb5/files/patch-appl::telnet::telnetd::telnetd.c deleted file mode 100644 index 9eef170..0000000 --- a/security/krb5/files/patch-appl::telnet::telnetd::telnetd.c +++ /dev/null @@ -1,169 +0,0 @@ ---- appl/telnet/telnetd/telnetd.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/telnetd.c Mon Jul 23 17:27:05 2001 -@@ -693,7 +693,7 @@ - char *error_message = - "Encryption was not successfully negotiated. Goodbye.\r\n\r\n"; - -- writenet(error_message, strlen(error_message)); -+ output_datalen(error_message, strlen(error_message)); - netflush(); - exit(1); - } -@@ -782,9 +782,7 @@ - { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - if (his_state_is_will(TELOPT_XDISPLOC)) { -@@ -792,9 +790,7 @@ - { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - if (his_state_is_will(TELOPT_NEW_ENVIRON)) { -@@ -802,9 +798,7 @@ - { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - else if (his_state_is_will(TELOPT_OLD_ENVIRON)) { -@@ -812,17 +806,13 @@ - { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE }; - - if(nfrontp - netobuf + sizeof(sb) < sizeof(netobuf)) { -- memcpy(nfrontp, sb, sizeof(sb)); -- nfrontp += sizeof(sb); -- *nfrontp = '\0'; -+ output_datalen(sb, sizeof sb); - } - } - if (his_state_is_will(TELOPT_TTYPE)) { - - if(nfrontp - netobuf + sizeof(ttytype_sbbuf) < sizeof(netobuf)) { -- memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf)); -- nfrontp += sizeof(ttytype_sbbuf); -- *nfrontp = '\0'; -+ output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf); - } - } - if (his_state_is_will(TELOPT_TSPEED)) { -@@ -902,9 +892,7 @@ - return; - settimer(baseline); - if(nfrontp - netobuf + sizeof(ttytype_sbbuf)) { -- memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf)); -- nfrontp += sizeof(ttytype_sbbuf); -- *nfrontp = '\0'; -+ output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf); - } - while (sequenceIs(ttypesubopt, baseline)) - ttloop(); -@@ -1177,9 +1165,7 @@ - * mode, which we do not want. - */ - if (his_want_state_is_will(TELOPT_ECHO)) { -- DIAG(TD_OPTIONS, -- {sprintf(nfrontp, "td: simulating recv\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_OPTIONS, output_data("td: simulating recv\r\n")); - willoption(TELOPT_ECHO); - } - -@@ -1308,9 +1294,7 @@ - localstat(); - #endif /* LINEMODE */ - -- DIAG(TD_REPORT, -- {sprintf(nfrontp, "td: Entering processing loop\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_REPORT, output_data("td: Entering processing loop\r\n")); - - #ifdef convex - startslave(host); -@@ -1435,8 +1419,7 @@ - netip = netibuf; - } - DIAG((TD_REPORT | TD_NETDATA), -- {sprintf(nfrontp, "td: netread %d chars\r\n", ncc); -- nfrontp += strlen(nfrontp);}); -+ output_data("td: netread %d chars\r\n", ncc)); - DIAG(TD_NETDATA, printdata("nd", netip, ncc)); - } - -@@ -1483,8 +1466,7 @@ - * royally if we send them urgent - * mode data. - */ -- *nfrontp++ = IAC; -- *nfrontp++ = DM; -+ output_data("%c%c", IAC, DM); - neturg = nfrontp-1; /* off by one XXX */ - #endif - } -@@ -1495,13 +1477,11 @@ - ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0; - if (newflow != flowmode) { - flowmode = newflow; -- (void) sprintf(nfrontp, -- "%c%c%c%c%c%c", -+ output_data("%c%c%c%c%c%c", - IAC, SB, TELOPT_LFLOW, - flowmode ? LFLOW_ON - : LFLOW_OFF, - IAC, SE); -- nfrontp += 6; - } - } - pcc--; -@@ -1524,19 +1504,19 @@ - break; - c = *ptyip++ & 0377, pcc--; - if (c == IAC) -- *nfrontp++ = c; -+ output_data("%c", c); - #if defined(CRAY2) && defined(UNICOS5) - else if (c == '\n' && - my_state_is_wont(TELOPT_BINARY) && newmap) -- *nfrontp++ = '\r'; -+ output_data("\r"); - #endif /* defined(CRAY2) && defined(UNICOS5) */ -- *nfrontp++ = c; -+ output_data("%c", c); - if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) { - if (pcc > 0 && ((*ptyip & 0377) == '\n')) { -- *nfrontp++ = *ptyip++ & 0377; -+ output_data("%c", *ptyip++ & 0377); - pcc--; - } else -- *nfrontp++ = '\0'; -+ output_data("%c", '\0'); - } - } - #if defined(CRAY2) && defined(UNICOS5) -@@ -1707,10 +1687,7 @@ - return; - } - #endif -- (void) strncpy(nfrontp, "\r\n[Yes]\r\n", -- sizeof(netobuf) - 1 - (nfrontp - netobuf)); -- nfrontp += 9; -- *nfrontp = '\0'; -+ output_data("\r\n[Yes]\r\n"); - } - - void diff --git a/security/krb5/files/patch-appl::telnet::telnetd::termstat.c b/security/krb5/files/patch-appl::telnet::telnetd::termstat.c deleted file mode 100644 index 422f1c8..0000000 --- a/security/krb5/files/patch-appl::telnet::telnetd::termstat.c +++ /dev/null @@ -1,74 +0,0 @@ ---- appl/telnet/telnetd/termstat.c.orig Wed Feb 28 14:06:51 2001 -+++ appl/telnet/telnetd/termstat.c Thu Jul 19 19:22:54 2001 -@@ -283,10 +283,9 @@ - # endif /* KLUDGELINEMODE */ - send_do(TELOPT_LINEMODE, 1); - /* send along edit modes */ -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB, -+ output_data("%c%c%c%c%c%c%c", IAC, SB, - TELOPT_LINEMODE, LM_MODE, useeditmode, - IAC, SE); -- nfrontp += 7; - editmode = useeditmode; - # ifdef KLUDGELINEMODE - } -@@ -312,10 +311,9 @@ - /* - * Send along appropriate edit mode mask. - */ -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB, -+ output_data("%c%c%c%c%c%c%c", IAC, SB, - TELOPT_LINEMODE, LM_MODE, useeditmode, - IAC, SE); -- nfrontp += 7; - editmode = useeditmode; - } - -@@ -359,20 +357,18 @@ - if (his_state_is_will(TELOPT_LFLOW)) { - if (tty_flowmode() != flowmode) { - flowmode = tty_flowmode(); -- (void) sprintf(nfrontp, "%c%c%c%c%c%c", -+ output_data("%c%c%c%c%c%c", - IAC, SB, TELOPT_LFLOW, - flowmode ? LFLOW_ON : LFLOW_OFF, - IAC, SE); -- nfrontp += 6; - } - if (tty_restartany() != restartany) { - restartany = tty_restartany(); -- (void) sprintf(nfrontp, "%c%c%c%c%c%c", -+ output_data("%c%c%c%c%c%c", - IAC, SB, TELOPT_LFLOW, - restartany ? LFLOW_RESTART_ANY - : LFLOW_RESTART_XON, - IAC, SE); -- nfrontp += 6; - } - } - } -@@ -445,10 +441,9 @@ - useeditmode |= MODE_SOFT_TAB; - if (tty_islitecho()) - useeditmode |= MODE_LIT_ECHO; -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, -+ output_data("%c%c%c%c%c%c%c", IAC, - SB, TELOPT_LINEMODE, LM_MODE, - useeditmode, IAC, SE); -- nfrontp += 7; - editmode = useeditmode; - } - -@@ -504,11 +499,10 @@ - set_termbuf(); - - if (!ack) { -- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, -+ output_data("%c%c%c%c%c%c%c", IAC, - SB, TELOPT_LINEMODE, LM_MODE, - useeditmode|MODE_ACK, - IAC, SE); -- nfrontp += 7; - } - - editmode = useeditmode; diff --git a/security/krb5/files/patch-appl::telnet::telnetd::utility.c b/security/krb5/files/patch-appl::telnet::telnetd::utility.c index d49598c..8bb656d 100644 --- a/security/krb5/files/patch-appl::telnet::telnetd::utility.c +++ b/security/krb5/files/patch-appl::telnet::telnetd::utility.c @@ -1,879 +1,38 @@ ---- appl/telnet/telnetd/utility.c.orig Wed Feb 28 14:06:52 2001 -+++ appl/telnet/telnetd/utility.c Mon Jul 23 17:16:27 2001 -@@ -58,8 +58,7 @@ +--- appl/telnet/telnetd/utility.c.orig Wed Jan 9 14:26:59 2002 ++++ appl/telnet/telnetd/utility.c Fri Jan 11 13:10:33 2002 +@@ -408,18 +408,25 @@ + int + netwrite(const char *buf, size_t len) { - void netflush(); - -- DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n"); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_REPORT, output_data("td: ttloop\r\n")); - if (nfrontp-nbackp) { - netflush(); - } -@@ -74,8 +73,7 @@ - syslog(LOG_INFO, "ttloop: peer died: %m"); - exit(1); - } -- DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc); -- nfrontp += strlen(nfrontp);}); -+ DIAG(TD_REPORT, output_data("td: ttloop read %d chars\r\n", ncc)); - netip = netibuf; - telrcv(); /* state machine */ - if (ncc > 0) { -@@ -117,9 +115,8 @@ - int n; - - if ((n = pfrontp - pbackp) > 0) { -- DIAG((TD_REPORT | TD_PTYDATA), -- { sprintf(nfrontp, "td: ptyflush %d chars\r\n", n); -- nfrontp += strlen(nfrontp); }); -+ DIAG(TD_REPORT | TD_PTYDATA, -+ output_data("td: ptyflush %d chars\r\n", n)); - DIAG(TD_PTYDATA, printdata("pd", pbackp, n)); - n = write(pty, pbackp, n); - } -@@ -251,11 +248,9 @@ - extern int not42; - - if ((n = nfrontp - nbackp) > 0) { -- DIAG(TD_REPORT, -- { sprintf(nfrontp, "td: netflush %d chars\r\n", n); -- n += strlen(nfrontp); /* get count first */ -- nfrontp += strlen(nfrontp); /* then move pointer */ -- }); -+ DIAG(TD_REPORT, { -+ n += output_data("td: netflush %d chars\r\n", n); -+ }); - #ifdef ENCRYPTION - if (encrypt_output) { - char *s = nclearto ? nclearto : nbackp; -@@ -314,33 +309,6 @@ - - - /* -- * writenet -- * -- * Just a handy little function to write a bit of raw data to the net. -- * It will force a transmit of the buffer if necessary -- * -- * arguments -- * ptr - A pointer to a character string to write -- * len - How many bytes to write -- */ -- void --writenet(ptr, len) -- register unsigned char *ptr; -- register int len; --{ -- /* flush buffer if no room for new data) */ -- if ((&netobuf[BUFSIZ] - nfrontp) < len) { -- /* if this fails, don't worry, buffer is a little big */ +- size_t remain; ++ int remaining, copied; ++ ++ remaining = BUFSIZ - (nfrontp - netobuf); ++ while (len > 0) { ++ /* Free up enough space if the room is too low*/ ++ if ((len > BUFSIZ ? BUFSIZ : len) > remaining) { ++ netflush(); ++ remaining = BUFSIZ - (nfrontp - netobuf); ++ } + +- remain = sizeof(netobuf) - (nfrontp - netobuf); +- if (remain < len) { - netflush(); -- } -- -- memcpy(nfrontp, ptr, len); -- nfrontp += len; -- --} /* end of writenet */ -- -- --/* - * miscellaneous functions doing a variety of little jobs follow ... - */ - -@@ -528,12 +496,11 @@ - register int option; - { - if (TELOPT_OK(option)) -- sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option)); -+ output_data("%s %s\r\n", fmt, TELOPT(option)); - else if (TELCMD_OK(option)) -- sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option)); -+ output_data("%s %s\r\n", fmt, TELCMD(option)); - else -- sprintf(nfrontp, "%s %d\r\n", fmt, option); -- nfrontp += strlen(nfrontp); -+ output_data("%s %d\r\n", fmt, option); - return; - } - -@@ -550,9 +517,8 @@ - return; - - if (direction) { -- sprintf(nfrontp, "td: %s suboption ", -+ output_data("td: %s suboption ", - direction == '<' ? "recv" : "send"); -- nfrontp += strlen(nfrontp); - if (length >= 3) { - register int j; - -@@ -560,232 +526,192 @@ - j = pointer[length-1]; - - if (i != IAC || j != SE) { -- sprintf(nfrontp, "(terminated by "); -- nfrontp += strlen(nfrontp); -+ output_data("(terminated by "); - if (TELOPT_OK(i)) -- sprintf(nfrontp, "%s ", TELOPT(i)); -+ output_data("%s ", TELOPT(i)); - else if (TELCMD_OK(i)) -- sprintf(nfrontp, "%s ", TELCMD(i)); -+ output_data("%s ", TELCMD(i)); - else -- sprintf(nfrontp, "%d ", i); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", i); - if (TELOPT_OK(j)) -- sprintf(nfrontp, "%s", TELOPT(j)); -+ output_data("%s", TELOPT(j)); - else if (TELCMD_OK(j)) -- sprintf(nfrontp, "%s", TELCMD(j)); -+ output_data("%s", TELCMD(j)); - else -- sprintf(nfrontp, "%d", j); -- nfrontp += strlen(nfrontp); -- sprintf(nfrontp, ", not IAC SE!) "); -- nfrontp += strlen(nfrontp); -+ output_data("%d", j); -+ output_data(", not IAC SE!) "); - } - } - length -= 2; - } - if (length < 1) { -- sprintf(nfrontp, "(Empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(Empty suboption??\?)"); - return; +- remain = sizeof(netobuf) - (nfrontp - netobuf); ++ /* Copy out as much as will fit */ ++ copied = remaining > len ? len : remaining; ++ memmove(nfrontp, buf, copied); ++ nfrontp += copied; ++ len -= copied; ++ remaining -= copied; ++ buf += copied; } - switch (pointer[0]) { - case TELOPT_TTYPE: -- sprintf(nfrontp, "TERMINAL-TYPE "); -- nfrontp += strlen(nfrontp); -+ output_data("TERMINAL-TYPE "); - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2); -+ output_data("IS \"%.*s\"", length-2, (char *)pointer+2); - break; - case TELQUAL_SEND: -- sprintf(nfrontp, "SEND"); -+ output_data("SEND"); - break; - default: -- sprintf(nfrontp, -+ output_data( - "- unknown qualifier %d (0x%x).", - pointer[1], pointer[1]); - } -- nfrontp += strlen(nfrontp); - break; - case TELOPT_TSPEED: -- sprintf(nfrontp, "TERMINAL-SPEED"); -- nfrontp += strlen(nfrontp); -+ output_data("TERMINAL-SPEED"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2); -- nfrontp += strlen(nfrontp); -+ output_data(" IS %.*s", length-2, (char *)pointer+2); - break; - default: - if (pointer[1] == 1) -- sprintf(nfrontp, " SEND"); -+ output_data(" SEND"); - else -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[1]); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - } - break; - - case TELOPT_LFLOW: -- sprintf(nfrontp, "TOGGLE-FLOW-CONTROL"); -- nfrontp += strlen(nfrontp); -+ output_data("TOGGLE-FLOW-CONTROL"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case LFLOW_OFF: -- sprintf(nfrontp, " OFF"); break; -+ output_data(" OFF"); break; - case LFLOW_ON: -- sprintf(nfrontp, " ON"); break; -+ output_data(" ON"); break; - case LFLOW_RESTART_ANY: -- sprintf(nfrontp, " RESTART-ANY"); break; -+ output_data(" RESTART-ANY"); break; - case LFLOW_RESTART_XON: -- sprintf(nfrontp, " RESTART-XON"); break; -+ output_data(" RESTART-XON"); break; - default: -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -+ output_data(" %d (unknown)", pointer[1]); - } -- nfrontp += strlen(nfrontp); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - - case TELOPT_NAWS: -- sprintf(nfrontp, "NAWS"); -- nfrontp += strlen(nfrontp); -+ output_data("NAWS"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - if (length == 2) { -- sprintf(nfrontp, " ?%d?", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[1]); - break; - } -- sprintf(nfrontp, " %d %d (%d)", -+ output_data(" %d %d (%d)", - pointer[1], pointer[2], - (int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2]))); -- nfrontp += strlen(nfrontp); - if (length == 4) { -- sprintf(nfrontp, " ?%d?", pointer[3]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[3]); - break; - } -- sprintf(nfrontp, " %d %d (%d)", -+ output_data(" %d %d (%d)", - pointer[3], pointer[4], - (int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4]))); -- nfrontp += strlen(nfrontp); - for (i = 5; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - - case TELOPT_LINEMODE: -- sprintf(nfrontp, "LINEMODE "); -- nfrontp += strlen(nfrontp); -+ output_data("LINEMODE "); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case WILL: -- sprintf(nfrontp, "WILL "); -+ output_data("WILL "); - goto common; - case WONT: -- sprintf(nfrontp, "WONT "); -+ output_data("WONT "); - goto common; - case DO: -- sprintf(nfrontp, "DO "); -+ output_data("DO "); - goto common; - case DONT: -- sprintf(nfrontp, "DONT "); -+ output_data("DONT "); - common: -- nfrontp += strlen(nfrontp); - if (length < 3) { -- sprintf(nfrontp, "(no option??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(no option??\?)"); - break; - } - switch (pointer[2]) { - case LM_FORWARDMASK: -- sprintf(nfrontp, "Forward Mask"); -- nfrontp += strlen(nfrontp); -+ output_data("Forward Mask"); - for (i = 3; i < length; i++) { -- sprintf(nfrontp, " %x", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %x", pointer[i]); - } - break; - default: -- sprintf(nfrontp, "%d (unknown)", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data("%d (unknown)", pointer[2]); - for (i = 3; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - } - break; - } - break; - - case LM_SLC: -- sprintf(nfrontp, "SLC"); -- nfrontp += strlen(nfrontp); -+ output_data("SLC"); - for (i = 2; i < length - 2; i += 3) { - if (SLC_NAME_OK(pointer[i+SLC_FUNC])) -- sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC])); -+ output_data(" %s", SLC_NAME(pointer[i+SLC_FUNC])); - else -- sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i+SLC_FUNC]); - switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) { - case SLC_NOSUPPORT: -- sprintf(nfrontp, " NOSUPPORT"); break; -+ output_data(" NOSUPPORT"); break; - case SLC_CANTCHANGE: -- sprintf(nfrontp, " CANTCHANGE"); break; -+ output_data(" CANTCHANGE"); break; - case SLC_VARIABLE: -- sprintf(nfrontp, " VARIABLE"); break; -+ output_data(" VARIABLE"); break; - case SLC_DEFAULT: -- sprintf(nfrontp, " DEFAULT"); break; -+ output_data(" DEFAULT"); break; - } -- nfrontp += strlen(nfrontp); -- sprintf(nfrontp, "%s%s%s", -+ output_data("%s%s%s", - pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "", - pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "", - pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : ""); -- nfrontp += strlen(nfrontp); - if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN| - SLC_FLUSHOUT| SLC_LEVELBITS)) { -- sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]); -- nfrontp += strlen(nfrontp); -+ output_data("(0x%x)", pointer[i+SLC_FLAGS]); - } -- sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d;", pointer[i+SLC_VALUE]); - if ((pointer[i+SLC_VALUE] == IAC) && - (pointer[i+SLC_VALUE+1] == IAC)) - i++; - } - for (; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - - case LM_MODE: -- sprintf(nfrontp, "MODE "); -- nfrontp += strlen(nfrontp); -+ output_data("MODE "); - if (length < 3) { -- sprintf(nfrontp, "(no mode??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(no mode??\?)"); - break; - } - { -@@ -796,24 +722,19 @@ - pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "", - pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "", - pointer[2]&MODE_ACK ? "|ACK" : ""); -- sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0"); -- nfrontp += strlen(nfrontp); -+ output_data("%s", tbuf[1] ? &tbuf[1] : "0"); - } - if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) { -- sprintf(nfrontp, " (0x%x)", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data(" (0x%x)", pointer[2]); - } - for (i = 3; i < length; i++) { -- sprintf(nfrontp, " ?0x%x?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?0x%x?", pointer[i]); - } - break; - default: -- sprintf(nfrontp, "%d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data("%d (unknown)", pointer[1]); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - } - } - break; -@@ -822,24 +743,20 @@ - register char *cp; - register int j, k; - -- sprintf(nfrontp, "STATUS"); -- nfrontp += strlen(nfrontp); -+ output_data("STATUS"); - - switch (pointer[1]) { - default: - if (pointer[1] == TELQUAL_SEND) -- sprintf(nfrontp, " SEND"); -+ output_data(" SEND"); - else -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[1]); - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - case TELQUAL_IS: -- sprintf(nfrontp, " IS\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data(" IS\r\n"); - - for (i = 2; i < length; i++) { - switch(pointer[i]) { -@@ -850,18 +767,15 @@ - common2: - i++; - if (TELOPT_OK(pointer[i])) -- sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i])); -+ output_data(" %s %s", cp, TELOPT(pointer[i])); - else -- sprintf(nfrontp, " %s %d", cp, pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %s %d", cp, pointer[i]); - -- sprintf(nfrontp, "\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data("\r\n"); - break; - - case SB: -- sprintf(nfrontp, " SB "); -- nfrontp += strlen(nfrontp); -+ output_data(" SB "); - i++; - j = k = i; - while (j < length) { -@@ -877,20 +791,17 @@ - } - printsub(0, &pointer[i], k - i); - if (i < length) { -- sprintf(nfrontp, " SE"); -- nfrontp += strlen(nfrontp); -+ output_data(" SE"); - i = j; - } else - i = j - 1; - -- sprintf(nfrontp, "\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data("\r\n"); - - break; - - default: -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - break; - } - } -@@ -900,86 +811,77 @@ - } - - case TELOPT_XDISPLOC: -- sprintf(nfrontp, "X-DISPLAY-LOCATION "); -- nfrontp += strlen(nfrontp); -+ output_data("X-DISPLAY-LOCATION "); - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2); -+ output_data("IS \"%.*s\"", length-2, (char *)pointer+2); - break; - case TELQUAL_SEND: -- sprintf(nfrontp, "SEND"); -+ output_data("SEND"); - break; - default: -- sprintf(nfrontp, "- unknown qualifier %d (0x%x).", -+ output_data("- unknown qualifier %d (0x%x).", - pointer[1], pointer[1]); - } -- nfrontp += strlen(nfrontp); - break; - - case TELOPT_NEW_ENVIRON: -- sprintf(nfrontp, "NEW-ENVIRON "); -+ output_data("NEW-ENVIRON "); - goto env_common1; - case TELOPT_OLD_ENVIRON: -- sprintf(nfrontp, "OLD-ENVIRON"); -+ output_data("OLD-ENVIRON"); - env_common1: -- nfrontp += strlen(nfrontp); - switch (pointer[1]) { - case TELQUAL_IS: -- sprintf(nfrontp, "IS "); -+ output_data("IS "); - goto env_common; - case TELQUAL_SEND: -- sprintf(nfrontp, "SEND "); -+ output_data("SEND "); - goto env_common; - case TELQUAL_INFO: -- sprintf(nfrontp, "INFO "); -+ output_data("INFO "); - env_common: -- nfrontp += strlen(nfrontp); - { - register int noquote = 2; - for (i = 2; i < length; i++ ) { - switch (pointer[i]) { - case NEW_ENV_VAR: -- sprintf(nfrontp, "\" VAR " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" VAR " + noquote); - noquote = 2; - break; - - case NEW_ENV_VALUE: -- sprintf(nfrontp, "\" VALUE " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" VALUE " + noquote); - noquote = 2; - break; - - case ENV_ESC: -- sprintf(nfrontp, "\" ESC " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" ESC " + noquote); - noquote = 2; - break; - - case ENV_USERVAR: -- sprintf(nfrontp, "\" USERVAR " + noquote); -- nfrontp += strlen(nfrontp); -+ output_data("\" USERVAR " + noquote); - noquote = 2; - break; - - default: - if (isprint(pointer[i]) && pointer[i] != '"') { - if (noquote) { -- *nfrontp++ = '"'; -+ output_data("\""); - noquote = 0; - } -- *nfrontp++ = pointer[i]; -+ output_data("%c", pointer[i]); - } else { -- sprintf(nfrontp, "\" %03o " + noquote, -+ output_data("\" %03o " + noquote, - pointer[i]); -- nfrontp += strlen(nfrontp); - noquote = 2; - } - break; - } - } - if (!noquote) -- *nfrontp++ = '"'; -+ output_data("\""); - break; - } - } -@@ -987,90 +889,69 @@ - - #if defined(AUTHENTICATION) - case TELOPT_AUTHENTICATION: -- sprintf(nfrontp, "AUTHENTICATION"); -- nfrontp += strlen(nfrontp); -+ output_data("AUTHENTICATION"); - - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case TELQUAL_REPLY: - case TELQUAL_IS: -- sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ? -+ output_data(" %s ", (pointer[1] == TELQUAL_IS) ? - "IS" : "REPLY"); -- nfrontp += strlen(nfrontp); - if (AUTHTYPE_NAME_OK(pointer[2])) -- sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2])); -+ output_data("%s ", AUTHTYPE_NAME(pointer[2])); - else -- sprintf(nfrontp, "%d ", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", pointer[2]); - if (length < 3) { -- sprintf(nfrontp, "(partial suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(partial suboption??\?)"); - break; - } -- sprintf(nfrontp, "%s|%s%s", -+ output_data("%s|%s", - ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? - "CLIENT" : "SERVER", - ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? - "MUTUAL" : "ONE-WAY", - ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ? - "|ENCRYPT" : ""); -- nfrontp += strlen(nfrontp); - - auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); -- sprintf(nfrontp, "%s", buf); -- nfrontp += strlen(nfrontp); -+ output_data("%s", buf); - break; - - case TELQUAL_SEND: - i = 2; -- sprintf(nfrontp, " SEND "); -- nfrontp += strlen(nfrontp); -+ output_data(" SEND "); - while (i < length) { - if (AUTHTYPE_NAME_OK(pointer[i])) -- sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i])); -+ output_data("%s ", AUTHTYPE_NAME(pointer[i])); - else -- sprintf(nfrontp, "%d ", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", pointer[i]); - if (++i >= length) { -- sprintf(nfrontp, "(partial suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data("(partial suboption??\?)"); - break; - } -- sprintf(nfrontp, "%s|%s%s ", -+ output_data( "%s|%s%s ", - ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? - "CLIENT" : "SERVER", - ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? - "MUTUAL" : "ONE-WAY", - ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ? - "|ENCRYPT" : ""); -- nfrontp += strlen(nfrontp); - ++i; - } - break; - - case TELQUAL_NAME: -- i = 2; -- sprintf(nfrontp, " NAME \""); -- nfrontp += strlen(nfrontp); -- while (i < length) { -- if (isprint(pointer[i])) -- *nfrontp++ = pointer[i++]; -- else { -- sprintf(nfrontp, "\"%03o",pointer[i++]); -- nfrontp += strlen(nfrontp); -- } -- } -- *nfrontp++ = '"'; -+ output_data(" NAME \"%.*s\"", -+ length - 2, -+ pointer + 2); - break; - - default: - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " ?%d?", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" ?%d?", pointer[i]); - } - break; - } -@@ -1079,86 +960,70 @@ - - #ifdef ENCRYPTION - case TELOPT_ENCRYPT: -- sprintf(nfrontp, "ENCRYPT"); -- nfrontp += strlen(nfrontp); -+ output_data("ENCRYPT"); - if (length < 2) { -- sprintf(nfrontp, " (empty suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (empty suboption??\?)"); - break; - } - switch (pointer[1]) { - case ENCRYPT_START: -- sprintf(nfrontp, " START"); -- nfrontp += strlen(nfrontp); -+ output_data(" START"); - break; - - case ENCRYPT_END: -- sprintf(nfrontp, " END"); -- nfrontp += strlen(nfrontp); -+ output_data(" END"); - break; - - case ENCRYPT_REQSTART: -- sprintf(nfrontp, " REQUEST-START"); -- nfrontp += strlen(nfrontp); -+ output_data(" REQUEST-START"); - break; - - case ENCRYPT_REQEND: -- sprintf(nfrontp, " REQUEST-END"); -- nfrontp += strlen(nfrontp); -+ output_data(" REQUEST-END"); - break; - - case ENCRYPT_IS: - case ENCRYPT_REPLY: -- sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ? -+ output_data(" %s ", (pointer[1] == ENCRYPT_IS) ? - "IS" : "REPLY"); -- nfrontp += strlen(nfrontp); - if (length < 3) { -- sprintf(nfrontp, " (partial suboption??\?)"); -- nfrontp += strlen(nfrontp); -+ output_data(" (partial suboption??\?)"); - break; - } - if (ENCTYPE_NAME_OK(pointer[2])) -- sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2])); -+ output_data("%s ", ENCTYPE_NAME(pointer[2])); - else -- sprintf(nfrontp, " %d (unknown)", pointer[2]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[2]); - - encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf)); -- sprintf(nfrontp, "%s", buf); -- nfrontp += strlen(nfrontp); -+ output_data("%s", buf); - break; - - case ENCRYPT_SUPPORT: - i = 2; -- sprintf(nfrontp, " SUPPORT "); -- nfrontp += strlen(nfrontp); -+ output_data(" SUPPORT "); - while (i < length) { - if (ENCTYPE_NAME_OK(pointer[i])) -- sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i])); -+ output_data("%s ", ENCTYPE_NAME(pointer[i])); - else -- sprintf(nfrontp, "%d ", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data("%d ", pointer[i]); - i++; - } - break; - - case ENCRYPT_ENC_KEYID: -- sprintf(nfrontp, " ENC_KEYID", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" ENC_KEYID"); - goto encommon; - - case ENCRYPT_DEC_KEYID: -- sprintf(nfrontp, " DEC_KEYID", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" DEC_KEYID"); - goto encommon; - - default: -- sprintf(nfrontp, " %d (unknown)", pointer[1]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d (unknown)", pointer[1]); - encommon: - for (i = 2; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data(" %d", pointer[i]); - } - break; - } -@@ -1167,18 +1032,15 @@ - - default: - if (TELOPT_OK(pointer[0])) -- sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0])); -+ output_data( "%s (unknown)", TELOPT(pointer[0])); - else -- sprintf(nfrontp, "%d (unknown)", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data( "%d (unknown)", pointer[i]); - for (i = 1; i < length; i++) { -- sprintf(nfrontp, " %d", pointer[i]); -- nfrontp += strlen(nfrontp); -+ output_data( " %d", pointer[i]); - } - break; - } -- sprintf(nfrontp, "\r\n"); -- nfrontp += strlen(nfrontp); -+ output_data( "\r\n"); +- if (remain < len) +- return 0; +- memcpy(nfrontp, buf, len); +- nfrontp += len; +- return len; ++ return copied; } /* -@@ -1200,26 +1062,22 @@ - } - - /* add a line of output */ -- sprintf(nfrontp, "%s: ", tag); -- nfrontp += strlen(nfrontp); -+ output_data("%s: ", tag); - for (i = 0; i < 20 && cnt; i++) { -- sprintf(nfrontp, "%02x", *ptr); -- nfrontp += strlen(nfrontp); -+ output_data("%02x", *ptr); - if (isprint(*ptr)) { - xbuf[i] = *ptr; - } else { - xbuf[i] = '.'; - } - if (i % 2) { -- *nfrontp = ' '; -- nfrontp++; -+ output_data(" "); - } - cnt--; - ptr++; - } - xbuf[i] = '\0'; -- sprintf(nfrontp, " %s\r\n", xbuf ); -- nfrontp += strlen(nfrontp); -+ output_data(" %s\r\n", xbuf ); - } - } - #endif /* DIAGNOSTICS */ diff --git a/security/krb5/files/patch-ay b/security/krb5/files/patch-ay index 4ed0c9e..54c041e 100644 --- a/security/krb5/files/patch-ay +++ b/security/krb5/files/patch-ay @@ -1,6 +1,6 @@ ---- util/pty/getpty.c.orig Fri Feb 6 19:46:42 1998 -+++ util/pty/getpty.c Mon Apr 5 14:00:07 1999 -@@ -21,13 +21,26 @@ +--- util/pty/getpty.c.orig Wed Jan 9 14:28:37 2002 ++++ util/pty/getpty.c Thu Jan 10 21:30:40 2002 +@@ -24,13 +24,26 @@ #include "libpty.h" #include "pty-int.h" @@ -17,19 +17,19 @@ +#define PTYCHARS2 "0123456789abcdef" +#endif + - long pty_getpty (fd, slave, slavelength) - int slavelength; - int *fd; char *slave; + long + ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) { -- char *cp; ++ int ptynum; + char *cp1, *cp2; + #if !defined(HAVE__GETPTY) && !defined(HAVE_OPENPTY) +- char *cp; char *p; - int i,ptynum; -+ int ptynum; struct stat stb; char slavebuf[1024]; - #ifdef HAVE__GETPTY -@@ -109,14 +122,14 @@ + #endif +@@ -115,14 +128,14 @@ strncpy(slave, slavebuf, slavelength); return 0; } else { diff --git a/security/krb5/files/patch-bd b/security/krb5/files/patch-bd deleted file mode 100644 index b2bf412..0000000 --- a/security/krb5/files/patch-bd +++ /dev/null @@ -1,19 +0,0 @@ ---- appl/gssftp/ftpd/ftpcmd.y.ORIG Wed Feb 28 16:06:45 2001 -+++ appl/gssftp/ftpd/ftpcmd.y Fri Apr 27 10:18:01 2001 -@@ -805,11 +805,13 @@ - * This is a valid reply in some cases but not in others. - */ - if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) { -- *(char **)&($$) = *ftpglob((char *) $1); -- if (globerr != NULL) { -+ char **vv; -+ vv = ftpglob((char *) $1); -+ if (vv == NULL || globerr != NULL) { - reply(550, globerr); - $$ = NULL; -- } -+ } else -+ $$ = *vv; - free((char *) $1); - } else - $$ = $1; diff --git a/security/krb5/pkg-plist b/security/krb5/pkg-plist index 5170610..01977cd 100644 --- a/security/krb5/pkg-plist +++ b/security/krb5/pkg-plist @@ -63,10 +63,10 @@ lib/libk5crypto.so lib/libk5crypto.so.3 lib/libkadm5clnt.a lib/libkadm5clnt.so -lib/libkadm5clnt.so.4 +lib/libkadm5clnt.so.5 lib/libkadm5srv.a lib/libkadm5srv.so -lib/libkadm5srv.so.4 +lib/libkadm5srv.so.5 lib/libkdb5.a lib/libkdb5.so lib/libkdb5.so.3 |