[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-286-g3864a
From: |
Mats Erik Andersson |
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-286-g3864a49 |
Date: |
Tue, 14 May 2013 15:30:56 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via 3864a49a23d70caddedddd4a52ed10ee443ee192 (commit)
from d6a64f4ff8444c697b18eedade1bf2b8ac3a0f71 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=3864a49a23d70caddedddd4a52ed10ee443ee192
commit 3864a49a23d70caddedddd4a52ed10ee443ee192
Author: Mats Erik Andersson <address@hidden>
Date: Tue May 14 17:26:43 2013 +0200
libtelnet: Check authentication name strings.
The list of authentication names is allowed
to set NULL for missing methods. Protect
against dereferencing such null-pointers.
diff --git a/ChangeLog b/ChangeLog
index 90bbef2..584f857 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2013-05-14 Mats Erik Andersson <address@hidden>
+
+ libtelnet: The list of authentication names is
+ allowed to contain NULL entries. Prevent access
+ to such entries.
+
+ * libtelnet/auth.c: Position some assignments before
+ the corresponding if-statement.
+ (auth_init) [AUTHENTICATION]: Check that AUTHTYPE_NAME()
+ is non-NULL before referencing it.
+ (auth_disable_name, getauthmask, auth_onoff, auth_send)
+ [AUTHENTICATION]: Likewise.
+
+ * telnet/utilities.c (printsub) [AUTHENTICATION]: Likewise.
+ * telnetd/utility.c (printsub) [AUTHENTICATION]: Likewise.
+
2013-05-13 Mats Erik Andersson <address@hidden>
libtelnet: Make availibility of DES_OFB64 in addition
diff --git a/libtelnet/auth.c b/libtelnet/auth.c
index 9e5a61b..e697bb2 100644
--- a/libtelnet/auth.c
+++ b/libtelnet/auth.c
@@ -255,13 +255,11 @@ auth_init (char *name, int server)
if (auth_debug_mode)
printf (">>>%s: I support auth type %s (%d) %s (%d)\r\n",
Name,
- AUTHTYPE_NAME_OK (ap->type) ?
- AUTHTYPE_NAME (ap->type) :
- "unknown",
+ (AUTHTYPE_NAME_OK (ap->type) && AUTHTYPE_NAME (ap->type))
+ ? AUTHTYPE_NAME (ap->type) : "unknown",
ap->type,
- ap->way &
- AUTH_HOW_MASK &
- AUTH_HOW_MUTUAL ? "MUTUAL" : "ONEWAY", ap->way);
+ (ap->way & AUTH_HOW_MASK & AUTH_HOW_MUTUAL)
+ ? "MUTUAL" : "ONEWAY", ap->way);
}
else if (auth_debug_mode)
printf (">>>%s: Init failed: auth type %d %d\r\n",
@@ -277,7 +275,7 @@ auth_disable_name (char *name)
for (x = 0; x < AUTHTYPE_CNT; ++x)
{
- if (!strcasecmp (name, AUTHTYPE_NAME (x)))
+ if (AUTHTYPE_NAME (x) && !strcasecmp (name, AUTHTYPE_NAME (x)))
{
i_wont_support |= typemask (x);
break;
@@ -290,7 +288,7 @@ getauthmask (char *type, int *maskp)
{
register int x;
- if (!strcasecmp (type, AUTHTYPE_NAME (0)))
+ if (AUTHTYPE_NAME (0) && !strcasecmp (type, AUTHTYPE_NAME (0)))
{
*maskp = -1;
return (1);
@@ -298,7 +296,7 @@ getauthmask (char *type, int *maskp)
for (x = 1; x < AUTHTYPE_CNT; ++x)
{
- if (!strcasecmp (type, AUTHTYPE_NAME (x)))
+ if (AUTHTYPE_NAME (x) && !strcasecmp (type, AUTHTYPE_NAME (x)))
{
*maskp = typemask (x);
return (1);
@@ -335,7 +333,8 @@ auth_onoff (char *type, int on)
mask = 0;
for (ap = authenticators; ap->type; ap++)
{
- if ((mask & (i = typemask (ap->type))) != 0)
+ i = typemask (ap->type);
+ if ((mask & i) != 0)
continue;
mask |= i;
printf ("\t%s\n", AUTHTYPE_NAME (ap->type));
@@ -380,7 +379,8 @@ auth_status ()
mask = 0;
for (ap = authenticators; ap->type; ap++)
{
- if ((mask & (i = typemask (ap->type))) != 0)
+ i = typemask (ap->type);
+ if ((mask & i) != 0)
continue;
mask |= i;
printf ("%s: %s\n", AUTHTYPE_NAME (ap->type),
@@ -487,13 +487,14 @@ auth_send (unsigned char *data, int cnt)
{
if (auth_debug_mode)
printf (">>>%s: He supports %s (%d) %s (%d)\r\n",
- Name, AUTHTYPE_NAME_OK (auth_send_data[0]) ?
- AUTHTYPE_NAME (auth_send_data[0]) :
- "unknown",
+ Name,
+ (AUTHTYPE_NAME_OK (auth_send_data[0])
+ && AUTHTYPE_NAME (auth_send_data[0]))
+ ? AUTHTYPE_NAME (auth_send_data[0]) : "unknown",
auth_send_data[0],
- auth_send_data[1] &
- AUTH_HOW_MASK &
- AUTH_HOW_MUTUAL ? "MUTUAL" : "ONEWAY", auth_send_data[1]);
+ (auth_send_data[1] & AUTH_HOW_MASK & AUTH_HOW_MUTUAL)
+ ? "MUTUAL" : "ONEWAY",
+ auth_send_data[1]);
if ((i_support & ~i_wont_support) & typemask (*auth_send_data))
{
ap = findauthenticator (auth_send_data[0], auth_send_data[1]);
@@ -502,14 +503,13 @@ auth_send (unsigned char *data, int cnt)
if (auth_debug_mode)
printf (">>>%s: Trying %s (%d) %s (%d)\r\n",
Name,
- AUTHTYPE_NAME_OK (auth_send_data[0]) ?
- AUTHTYPE_NAME (auth_send_data[0]) :
- "unknown",
+ (AUTHTYPE_NAME_OK (auth_send_data[0])
+ && AUTHTYPE_NAME (auth_send_data[0]))
+ ? AUTHTYPE_NAME (auth_send_data[0]) : "unknown",
auth_send_data[0],
- auth_send_data[1] &
- AUTH_HOW_MASK &
- AUTH_HOW_MUTUAL ?
- "MUTUAL" : "ONEWAY", auth_send_data[1]);
+ (auth_send_data[1] & AUTH_HOW_MASK & AUTH_HOW_MUTUAL)
+ ? "MUTUAL" : "ONEWAY",
+ auth_send_data[1]);
if ((*ap->send) (ap))
{
/*
@@ -520,9 +520,10 @@ auth_send (unsigned char *data, int cnt)
if (auth_debug_mode)
printf (">>>%s: Using type %s (%d)\r\n",
Name,
- AUTHTYPE_NAME_OK (*auth_send_data) ?
- AUTHTYPE_NAME (*auth_send_data) :
- "unknown", *auth_send_data);
+ (AUTHTYPE_NAME_OK (*auth_send_data)
+ && AUTHTYPE_NAME (*auth_send_data))
+ ? AUTHTYPE_NAME (*auth_send_data) : "unknown",
+ *auth_send_data);
auth_send_data += 2;
return;
}
@@ -573,7 +574,8 @@ auth_is (unsigned char *data, int cnt)
return;
}
- if (ap = findauthenticator (data[0], data[1]))
+ ap = findauthenticator (data[0], data[1]);
+ if (ap)
{
if (ap->is)
(*ap->is) (ap, data + 2, cnt - 2);
@@ -590,7 +592,8 @@ auth_reply (unsigned char *data, int cnt)
if (cnt < 2)
return;
- if (ap = findauthenticator (data[0], data[1]))
+ ap = findauthenticator (data[0], data[1]);
+ if (ap)
{
if (ap->reply)
(*ap->reply) (ap, data + 2, cnt - 2);
@@ -652,8 +655,11 @@ auth_finished (TN_Authenticator * ap, int result)
{
if (ap && ap->cleanup)
(*ap->cleanup) (ap);
- if (!(authenticated = ap))
+
+ authenticated = ap;
+ if (!authenticated)
authenticated = &NoAuth;
+
validuser = result;
}
@@ -729,7 +735,8 @@ auth_printsub (unsigned char *data, int cnt, unsigned char
*buf, int buflen)
{
TN_Authenticator *ap;
- if ((ap = findauthenticator (data[1], data[2])) && ap->printsub)
+ ap = findauthenticator (data[1], data[2]);
+ if (ap && ap->printsub)
(*ap->printsub) (data, cnt, buf, buflen);
else
auth_gen_printsub (data, cnt, buf, buflen);
diff --git a/telnet/utilities.c b/telnet/utilities.c
index d3320fd..5184eb5 100644
--- a/telnet/utilities.c
+++ b/telnet/utilities.c
@@ -504,7 +504,7 @@ printsub (char direction, unsigned char *pointer, int
length)
case TELQUAL_IS:
fprintf (NetTrace, " %s ",
(pointer[1] == TELQUAL_IS) ? "IS" : "REPLY");
- if (AUTHTYPE_NAME_OK (pointer[2]))
+ if (AUTHTYPE_NAME_OK (pointer[2]) && AUTHTYPE_NAME (pointer[2]))
fprintf (NetTrace, "%s ", AUTHTYPE_NAME (pointer[2]));
else
fprintf (NetTrace, "%d ", pointer[2]);
@@ -528,7 +528,8 @@ printsub (char direction, unsigned char *pointer, int
length)
fprintf (NetTrace, " SEND ");
while (i < length)
{
- if (AUTHTYPE_NAME_OK (pointer[i]))
+ if (AUTHTYPE_NAME_OK (pointer[i])
+ && AUTHTYPE_NAME (pointer[i]))
fprintf (NetTrace, "%s ", AUTHTYPE_NAME (pointer[i]));
else
fprintf (NetTrace, "%d ", pointer[i]);
diff --git a/telnetd/utility.c b/telnetd/utility.c
index da16788..028afb2 100644
--- a/telnetd/utility.c
+++ b/telnetd/utility.c
@@ -1410,7 +1410,7 @@ printsub (int direction, unsigned char *pointer, int
length)
case TELQUAL_IS:
debug_output_data (" %s ", (pointer[1] == TELQUAL_IS) ?
"IS" : "REPLY");
- if (AUTHTYPE_NAME_OK (pointer[2]))
+ if (AUTHTYPE_NAME_OK (pointer[2]) && AUTHTYPE_NAME (pointer[2]))
debug_output_data ("%s ", AUTHTYPE_NAME (pointer[2]));
else
debug_output_data ("%d ", pointer[2]);
@@ -1434,7 +1434,8 @@ printsub (int direction, unsigned char *pointer, int
length)
debug_output_data (" SEND ");
while (i < length)
{
- if (AUTHTYPE_NAME_OK (pointer[i]))
+ if (AUTHTYPE_NAME_OK (pointer[i])
+ && AUTHTYPE_NAME (pointer[i]))
debug_output_data ("%s ", AUTHTYPE_NAME (pointer[i]));
else
debug_output_data ("%d ", pointer[i]);
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 16 ++++++++++++
libtelnet/auth.c | 69 ++++++++++++++++++++++++++++-----------------------
telnet/utilities.c | 5 ++-
telnetd/utility.c | 5 ++-
4 files changed, 60 insertions(+), 35 deletions(-)
hooks/post-receive
--
GNU Inetutils
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-286-g3864a49,
Mats Erik Andersson <=