From: Ezra Peisach Date: Tue, 12 Mar 1996 23:03:58 +0000 (+0000) Subject: * krshd.c (doit): For encrypted rcp, fix logic in determining X-Git-Tag: krb5-1.0-beta6~392 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=dd1fb67c835df0687fc9242e96f427e8bd778793;p=krb5.git * krshd.c (doit): For encrypted rcp, fix logic in determining executable to run. The real bug was that for encrypted rcp, it was checking (with stat) if "-x ....../rcp" existed instead of "..../rcp" Another change is so that freed memory is not accessed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7610 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/bsd/krlogind.M b/src/appl/bsd/krlogind.M index c76b99cab..1be713629 100644 --- a/src/appl/bsd/krlogind.M +++ b/src/appl/bsd/krlogind.M @@ -84,7 +84,7 @@ client is trying to access in the initial authenticator. This checksum provides additionl security by preventing an attacker from changing the initial connection information. To benefit from this security, only Kerberos5 should be trusted; Kerberos4 and rhosts -authentication do not include this checksum. If thi options is +authentication do not include this checksum. If this options is specified, older Kerberos5 clients that do not send a checksum in the authenticator will not be able to authenticate to this server. .PP diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 98d49744c..1573939a9 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -1299,12 +1299,6 @@ envinit[i] =buf; } environ = envinit; - cp = strrchr(pwd->pw_shell, '/'); - if (cp) - cp++; - else - cp = pwd->pw_shell; - #ifdef KERBEROS /* To make Kerberos rcp work correctly, we must ensure that we invoke Kerberos rcp on this end, not normal rcp, even if the @@ -1313,6 +1307,7 @@ envinit[i] =buf; (do_encrypt && !strncmp(cmdbuf, "-x rcp ", 7))) { char *copy; struct stat s; + int offst = 0; copy = malloc(strlen(cmdbuf) + 1); if (copy == NULL) { @@ -1321,14 +1316,14 @@ envinit[i] =buf; } strcpy(copy, cmdbuf); if (do_encrypt && !strncmp(cmdbuf, "-x ", 3)) { - strcpy(cmdbuf + 3, kprogdir); - cp = copy + 6; - } else { - strcpy(cmdbuf, kprogdir); - cp = copy + 3; + offst = 3; } + + strcpy((char *) cmdbuf + offst, kprogdir); + cp = copy + 3 + offst; + strcat(cmdbuf, "/rcp"); - if (stat(cmdbuf, &s) >= 0) + if (stat((char *)cmdbuf + offst, &s) >= 0) strcat(cmdbuf, cp); else strcpy(cmdbuf, copy); @@ -1336,12 +1331,18 @@ envinit[i] =buf; } #endif + cp = strrchr(pwd->pw_shell, '/'); + if (cp) + cp++; + else + cp = pwd->pw_shell; + if (do_encrypt && !strncmp(cmdbuf, "-x ", 3)) { execl(pwd->pw_shell, cp, "-c", (char *)cmdbuf + 3, 0); } - else + else { execl(pwd->pw_shell, cp, "-c", cmdbuf, 0); - +} perror(pwd->pw_shell); perror(cp); exit(1);