diff options
author | Tom Yu <tlyu@mit.edu> | 2000-11-08 23:14:56 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2000-11-08 23:14:56 +0000 |
commit | 0db539968c0e6e01a11bc6deff36753e77e69484 (patch) | |
tree | dacf428d369624b6bc8d759cec66c30b19037471 /src/lib/krb4/mk_auth.c | |
parent | 2e19e184c3a369df9f113a4ccc5a444c784b987e (diff) | |
download | krb5-0db539968c0e6e01a11bc6deff36753e77e69484.zip krb5-0db539968c0e6e01a11bc6deff36753e77e69484.tar.gz krb5-0db539968c0e6e01a11bc6deff36753e77e69484.tar.bz2 |
* Makefile.in (OBJS, SRCS): Add strnlen.o, strnlen.c
* cr_auth_repl.c: Audit. Fix up copyright. Use new KRB4_PUT*
macros for encoding so output is always big-endian. Precompute
string lengths for better length-checking.
* cr_ciph.c: Audit. Fix up copyright. Use new KRB4_PUT* macros
for encoding so that output is always big-endian. Precompute
string lengths for better length-checking. Zero out the key
schedule after encrypting.
* cr_death_pkt.c: Audit. Fix up copyright. Precompute string
lengths for better length-checking.
* cr_err_repl.c: Audit. Fix up copyright. Use moving pointer to
do encoding. Precompute string lengths for better
length-checking. Use KRB4_PUT* macros so that output is always
big-endian.
* cr_tkt.c: Audit. Fix up copyright. Use KRB4_PUT* macros for
encoding so that output is always big-endian. Zero out the key
schedule after encrypting.
* decomp_tkt.c: Audit. Fix up copyright. Use krb_strnlen() for
actually detecting string length errors. Use a struct in_addr to
retrieve the IP address and assign it to paddress for return. Use
KRB4_GET* macros for decoding to avoid byteswapping problems.
Zero out session key and decrypted ticket on error.
* g_ad_tkt.c: Audit. Fix up copyright. Break out parsing of
decrypted KDC reply packet into a separate function to simplify
error handling somewhat. Precompute string lengths for better
length-checking. Use KRB4_PUT* macros for encoding so that output
is always big-endian. Use KRB4_GET* macros for decoding to avoid
byteswapping problems. Stomp on session key on error conditions.
* g_in_tkt.c: Audit. Fix up copyright. Precompute string lengths
for better length-checking. Use KRB4_PUT* macros for encoding so
output is always big-endian. Use KRB4_GET* macros for decoding to
avoid byteswapping problems. Use krb_strnlen() to actually detect
string length errors. Zero out session key and decrypted KDC
reply once they're no longer useful.
* mk_auth.c: Audit. Fix up copyright. Use moving pointer for
encoding. Use KRB4_PUT* macros for encoding to avoid alignment
issues with using memcpy(). Use KRB4_GET* macros for decoding to
avoid alignment issues with using memcpy().
* mk_err.c: Audit. Fix up copyright. Precompute string length.
Use KRB4_PUT* macros to always encode as big-endian.
* mk_preauth.c: Audit. Zero out key schedule after encryption.
* mk_priv.c: Audit. Fix up copyright. Use KRB4_PUT* macros for
encoding so output is always big-endian.
* mk_req.c: Audit. Fix up copyright. Use moving pointer for
encoding. Precompute string lengths for better length-checking.
Use KRB4_PUT* macros for encoding so output is always big-endian.
Zero out session key after encryption.
* mk_safe.c: Audit. Fix up copyright. Use KRB4_PUT* macros for
encoding so output is always big-endian.
* rd_err.c: Audit. Fix up copyright. Use KRB4_GET* macros to
avoid alignment issues.
* rd_preauth.c: Audit. Zero key schedule after decrypting.
* rd_priv.c: Audit. Fix up copyright. Use KRB4_GET* macros to
avoid alignment issues.
* rd_req.c: Audit. Fix up copyright.
* send_to_kdc.c (send_recv): Actually set rpkt->length, since some
callers actually use it now to do length-checking.
* strnlen.c: New file; compute string length, bounded by a
maximum. If the maximum number of characters has been read
without encountering a NUL character, return -1. This makes
overflow checking of strings in buffers much easier.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12859 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb4/mk_auth.c')
-rw-r--r-- | src/lib/krb4/mk_auth.c | 108 |
1 files changed, 69 insertions, 39 deletions
diff --git a/src/lib/krb4/mk_auth.c b/src/lib/krb4/mk_auth.c index 45952c0..45415fe 100644 --- a/src/lib/krb4/mk_auth.c +++ b/src/lib/krb4/mk_auth.c @@ -1,16 +1,31 @@ /* - * mk_auth.c + * lib/krb4/mk_auth.c * - * CopKRB4_32right 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988, 2000 by the Massachusetts Institute of + * Technology. All Rights Reserved. * - * For copying and distribution information, please see the file - * <mit-copyright.h>. + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. * * Derived from sendauth.c by John Gilmore, 10 October 1994. */ -#include "mit-copyright.h" - #define DEFINE_SOCKADDR /* Ask for sockets declarations from krb.h. */ #include <stdio.h> #include "krb.h" @@ -110,30 +125,35 @@ krb_mk_auth(options, ticket, service, inst, realm, checksum, version, buf) char FAR *version; /* version string */ KTEXT buf; /* Output buffer to fill */ { - int rem, i; + int rem; char krb_realm[REALM_SZ]; - KRB4_32 tkt_len; + char *phost; + int phostlen; + unsigned char *p; - rem=KSUCCESS; + rem = KSUCCESS; /* get current realm if not passed in */ if (!realm) { rem = krb_get_lrealm(krb_realm,1); if (rem != KSUCCESS) - return(rem); + return rem; realm = krb_realm; } if (!(options & KOPT_DONT_CANON)) { - (void) strncpy(inst, krb_get_phost(inst), INST_SZ - 1); - inst[INST_SZ-1] = 0; + phost = krb_get_phost(inst); + phostlen = krb_strnlen(phost, INST_SZ) + 1; + if (phostlen <= 0 || phostlen > INST_SZ) + return KFAILURE; + memcpy(inst, phost, (size_t)phostlen); } /* get the ticket if desired */ if (!(options & KOPT_DONT_MK_REQ)) { - rem = krb_mk_req(ticket, service, inst, realm, checksum); + rem = krb_mk_req(ticket, service, inst, realm, (KRB4_32)checksum); if (rem != KSUCCESS) - return(rem); + return rem; } #ifdef ATHENA_COMPAT @@ -146,32 +166,33 @@ krb_mk_auth(options, ticket, service, inst, realm, checksum, version, buf) } #endif /* ATHENA_COMPAT */ + /* Check buffer size */ + if (sizeof(buf->dat) < (KRB_SENDAUTH_VLEN + KRB_SENDAUTH_VLEN + + 4 + ticket->length) + || ticket->length < 0) + return KFAILURE; + /* zero the buffer */ - (void) memset(buf->dat, 0, MAX_KTXT_LEN); + memset(buf->dat, 0, sizeof(buf->dat)); + p = buf->dat; /* insert version strings */ - (void) strncpy((char *)buf->dat, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); - (void) strncpy((char *)buf->dat+KRB_SENDAUTH_VLEN, version, - KRB_SENDAUTH_VLEN); - - /* increment past vers strings */ - i = 2*KRB_SENDAUTH_VLEN; + strncpy((char *)p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); + p += KRB_SENDAUTH_VLEN; + strncpy((char *)p, version, KRB_SENDAUTH_VLEN); + p += KRB_SENDAUTH_VLEN; /* put ticket length into buffer */ - tkt_len = htonl((unsigned KRB4_32) ticket->length); - (void) memcpy(buf->dat+i, (char *) &tkt_len, sizeof(tkt_len)); - i += sizeof(tkt_len); + KRB4_PUT32(p, ticket->length); /* put ticket into buffer */ - (void) memcpy(buf->dat+i, (char *) ticket->dat, ticket->length); - i += ticket->length; + memcpy(p, ticket->dat, (size_t)ticket->length); + p += ticket->length; - buf->length = i; + buf->length = p - buf->dat; return KSUCCESS; } - - /* * For mutual authentication using mk_auth, check the server's response * to validate that we're really talking to the server which holds the @@ -199,22 +220,31 @@ krb_check_auth (buf, checksum, msg_data, session, schedule, laddr, faddr) { int cc; unsigned KRB4_32 cksum; + unsigned char *p; /* decrypt it */ #ifndef NOENCRYPTION key_sched(session, schedule); #endif /* !NOENCRYPTION */ - if (cc = krb_rd_priv(buf->dat, buf->length, schedule, - (C_Block *)session, faddr, laddr, msg_data)) - return(cc); - - /* fetch the (incremented) checksum that we supplied in the request */ - (void) memcpy((char *)&cksum, (char *)msg_data->app_data, - sizeof(cksum)); - cksum = ntohl(cksum); + if (buf->length < 0) + return KFAILURE; + cc = krb_rd_priv(buf->dat, (unsigned KRB4_32)buf->length, schedule, + (C_Block *)session, faddr, laddr, msg_data); + memset(schedule, 0, sizeof(schedule)); + if (cc) + return cc; + + /* + * Fetch the (incremented) checksum that we supplied in the + * request. + */ + if (msg_data->app_length < 4) + return KFAILURE; + p = msg_data->app_data; + KRB4_GET32BE(cksum, p); /* if it doesn't match, fail -- reply wasn't from our real server. */ if (cksum != checksum + 1) - return(KFAILURE); /* XXX */ - return(KSUCCESS); + return KFAILURE; /* XXX */ + return KSUCCESS; } |