From 41f23f3992a9000c140a2012fa3e493a7e75bbbd Mon Sep 17 00:00:00 2001
From: ache <ache@FreeBSD.org>
Date: Mon, 11 Aug 2014 12:26:48 +0000
Subject: Fix too long (seed length >12 chars) challenge handling. 1) " ext"
 length should be included into OPIE_CHALLENGE_MAX (as all places of opie code
 expects that). 2) Overflow check in challenge.c is off by 1 even with
 corrected OPIE_CHALLENGE_MAX 3) When fallback to randomchallenge() happens
 and rval is 0 (i.e. challenge is too long), its value should be set to error
 state too.

To demonstrate the bug, run opiepasswd with valid seed:
opiepasswd -s 1234567890123456
and notice that it falls back to randomchallenge() (i.e. no
1234567890123456 in the prompt).

PR:             191511
Submitted by:   mitsururike@gmail.com (partially)
MFC after:      1 week
---
 contrib/opie/libopie/challenge.c | 4 +++-
 contrib/opie/opie.h              | 4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/contrib/opie/libopie/challenge.c b/contrib/opie/libopie/challenge.c
index fc836aa..6c42018 100644
--- a/contrib/opie/libopie/challenge.c
+++ b/contrib/opie/libopie/challenge.c
@@ -68,7 +68,9 @@ int opiechallenge FUNCTION((mp, name, ss), struct opie *mp AND char *name AND ch
   }
 
   if (rval ||
-    (snprintf(ss, OPIE_CHALLENGE_MAX, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed) >= OPIE_CHALLENGE_MAX)) {
+    (snprintf(ss, OPIE_CHALLENGE_MAX+1, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed) >= OPIE_CHALLENGE_MAX+1)) {
+    if (!rval)
+      rval = 1;
     opierandomchallenge(ss);
     memset(mp, 0, sizeof(*mp));
   }
diff --git a/contrib/opie/opie.h b/contrib/opie/opie.h
index 2549d04..2d3ceed 100644
--- a/contrib/opie/opie.h
+++ b/contrib/opie/opie.h
@@ -72,8 +72,8 @@ struct opie {
 /* Max length of hash algorithm name (md4/md5) */
 #define OPIE_HASHNAME_MAX 3
 
-/* Maximum length of a challenge (otp-md? 9999 seed) */
-#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX)
+/* Maximum length of a challenge (otp-md? 9999 seed ext) */
+#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX+1+3)
 
 /* Maximum length of a response that we allow */
 #define OPIE_RESPONSE_MAX (9+1+19+1+9+OPIE_SEED_MAX+1+19+1+19+1+19)
-- 
cgit v1.1