[dovecot-cvs] dovecot/src/auth auth-digest-md5.c,1.6,1.7 auth-plain.c,1.4,1.5 userinfo-passwd-file.c,1.13,1.14

Sun Dec 8 07:23:10 EET 2002

Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv19285/auth

Modified Files:
	auth-digest-md5.c auth-plain.c userinfo-passwd-file.c 
Log Message:
Added buffer API. Point is to hide all buffer writing behind this API which
verifies that nothing overflows. Much better than doing the same checks all
around the code, even if it is slightly slower.

Buffer reading is still mostly done directly, that isn't such a big security
risk and I can't think of a reasonable API for it anyway.



Index: auth-digest-md5.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/auth-digest-md5.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7

--- auth-digest-md5.c	5 Oct 2002 21:13:22 -0000	1.6
+++ auth-digest-md5.c	8 Dec 2002 05:23:07 -0000	1.7
@@ -4,6 +4,7 @@
 
 #include "common.h"
 #include "base64.h"
+#include "buffer.h"
 #include "hex-binary.h"
 #include "md5.h"
 #include "randgen.h"
@@ -57,6 +58,7 @@
 static const char *get_digest_challenge(AuthData *auth)
 {
 	TempString *qoplist, *realms;
+	Buffer *buf;
 	char *const *tmp;
 	unsigned char nonce[16];
 	int i;
@@ -73,8 +75,15 @@
 
 	/* get 128bit of random data as nonce */
 	random_fill(nonce, sizeof(nonce));
-	auth->nonce = p_strdup(auth->pool,
-			       base64_encode(nonce, sizeof(nonce)));
+
+	t_push();
+	buf = buffer_create_static(data_stack_pool,
+				   MAX_BASE64_ENCODED_SIZE(sizeof(nonce))+1);
+
+	base64_encode(nonce, sizeof(nonce), buf);
+	buffer_append_c(buf, '\0');
+	auth->nonce = p_strdup(auth->pool, buffer_get_data(buf, NULL));
+	t_pop();
 
 	/* get list of allowed QoPs */
 	qoplist = t_string_new(32);

Index: auth-plain.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/auth-plain.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- auth-plain.c	6 Nov 2002 06:00:58 -0000	1.4
+++ auth-plain.c	8 Dec 2002 05:23:07 -0000	1.5
@@ -28,13 +28,14 @@
 	count = 0;
 	for (i = 0; i < request->data_size; i++) {
 		if (data[i] == '\0' && ++count == 2) {
-			if (i+1 == request->data_size)
+			i++;
+			if (i == request->data_size)
 				pass = "";
 			else {
-				len = request->data_size - (i+1);
+				len = request->data_size - i;
 				pass = t_malloc(len+1);
-				memcpy(pass, (const char *) data + (i+1), len);
-				pass[len] = '\0';
+                                memcpy(pass, (const char *) data + i, len);
+                                pass[len] = '\0';
 			}
 			break;
 		}

Index: userinfo-passwd-file.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userinfo-passwd-file.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- userinfo-passwd-file.c	6 Dec 2002 01:09:22 -0000	1.13
+++ userinfo-passwd-file.c	8 Dec 2002 05:23:07 -0000	1.14
@@ -7,6 +7,7 @@
 
 #include "userinfo-passwd.h"
 
+#include "buffer.h"
 #include "istream.h"
 #include "hash.h"
 #include "hex-binary.h"
@@ -153,6 +154,7 @@
 {
 	const char *id;
 	PasswdUser *pu;
+	Buffer *buf;
 
 	passwd_file_sync();
 
@@ -167,7 +169,9 @@
 
 	/* found */
 	i_assert(strlen(pu->password) == 32);
-	if (!hex_to_binary(pu->password, digest))
+
+	buf = buffer_create_data(data_stack_pool, digest, sizeof(digest));
+	if (!hex_to_binary(pu->password, buf))
 		return FALSE;
 	
 	return get_reply_data(pu, reply);


