From 723cb92bb9dfb9c8b52dd6e9c4296bddf14cbaad Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Sat, 1 Jul 2000 01:14:04 +0000 Subject: [PATCH] pullup from 1.2-beta4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12499 dc483132-0cff-0310-8789-dd5450dbe970 --- src/windows/ChangeLog | 4 ++++ src/windows/cns/ChangeLog | 9 +++++++++ src/windows/cns/cns.c | 28 ++++++++++++++++------------ src/windows/cns/cns_reg.c | 8 ++++++-- src/windows/cns/tktlist.c | 23 +++++++++++++---------- src/windows/version.rc | 18 ++++++++++++++---- src/windows/wintel/ChangeLog | 6 ++++++ src/windows/wintel/auth.c | 17 +++++++++-------- src/windows/wintel/encrypt.c | 5 +++-- 9 files changed, 80 insertions(+), 38 deletions(-) diff --git a/src/windows/ChangeLog b/src/windows/ChangeLog index ce20631b5..23bc3ec30 100644 --- a/src/windows/ChangeLog +++ b/src/windows/ChangeLog @@ -1,3 +1,7 @@ +2000-04-25 Danilo Almeida + + * version.rc: Bump version to 1.2 beta. + 2000-02-06 Danilo Almeida * README: Add documentation about debug vs. release builds. diff --git a/src/windows/cns/ChangeLog b/src/windows/cns/ChangeLog index f99c56a53..b420e42d5 100644 --- a/src/windows/cns/ChangeLog +++ b/src/windows/cns/ChangeLog @@ -1,3 +1,12 @@ +2000-05-08 Ken Raeburn + Nalin Dahyabhai + + * cns.c (kwin_push_login): Don't overflow buffer "fullname". + (kwin_command): Don't overflow buffer "copyright". + * cns_reg.c (cns_load_registry): Don't overflow buffer + "cns_res.def_confname". + * tktlist.c (ticket_init_list): Don't overflow buffer "buf". + 1999-12-03 Danilo Almeida * Makefile.in: Windows fix for updated win-pre.in. diff --git a/src/windows/cns/cns.c b/src/windows/cns/cns.c index 7af81fc6a..512f2f5c3 100644 --- a/src/windows/cns/cns.c +++ b/src/windows/cns/cns.c @@ -384,12 +384,13 @@ kwin_push_login(HWND hwnd, char *name, char *instance, char *realm) char menuitem[MAX_K_NAME_SZ + 3]; BOOL rc; - strcpy(fullname, "&x "); - strcat(fullname, name); - strcat(fullname, "."); - strcat(fullname, instance); - strcat(fullname, "@"); - strcat(fullname, realm); + fullname[sizeof(fullname) - 1] = '\0'; + strncpy(fullname, "&x ", sizeof(fullname) - 1); + strncat(fullname, name, sizeof(fullname) - 1 - strlen(fullname)); + strncat(fullname, ".", sizeof(fullname) - 1 - strlen(fullname)); + strncat(fullname, instance, sizeof(fullname) - 1 - strlen(fullname)); + strncat(fullname, "@", sizeof(fullname) - 1 - strlen(fullname)); + strncat(fullname, realm, sizeof(fullname) - 1 - strlen(fullname)); hmenu = GetMenu(hwnd); assert(hmenu != NULL); @@ -1339,14 +1340,16 @@ kwin_command(HWND hwnd, int cid, HWND hwndCtl, UINT codeNotify) strcpy(copyright, " Kerberos V5 for Windows "); #endif #ifdef _WIN32 - strcat(copyright, "32-bit\n"); + strncat(copyright, "32-bit\n", sizeof(copyright) - 1 - strlen(copyright)); #else - strcat(copyright, "16-bit\n"); + strncat(copyright, "16-bit\n", sizeof(copyright) - 1 - strlen(copyright)); #endif - strcat(copyright, "\n Version 1.12\n\n"); + strncat(copyright, "\n Version 1.12\n\n", + sizeof(copyright) - 1 - strlen(copyright)); #ifdef ORGANIZATION - strcat(copyright, " For information, contact:\n"); - strcat(copyright, ORGANIZATION); + strncat(copyright, " For information, contact:\n", + sizeof(copyright) - 1 - strlen(copyright)); + strncat(copyright, ORGANIZATION, sizeof(copyright) - 1 - strlen(copyright)); #endif MessageBox(hwnd, copyright, KWIN_DIALOG_NAME, MB_OK); @@ -1469,8 +1472,9 @@ kwin_paint(HWND hwnd) sprintf(buf, "%s - %ld hr", KWIN_DIALOG_NAME, dt); } + buf[sizeof(buf) - 1] = '\0'; if (dt > 1) - strcat(buf, "s"); + strncat(buf, "s", sizeof(buf) - 1 - strlen(buf)); } DrawIcon(hdc, r.left, r.top, hicon); diff --git a/src/windows/cns/cns_reg.c b/src/windows/cns/cns_reg.c index 400d72d23..160eb15e3 100644 --- a/src/windows/cns/cns_reg.c +++ b/src/windows/cns/cns_reg.c @@ -74,8 +74,12 @@ cns_load_registry(void) if (key != INVALID_HANDLE_VALUE) { if (registry_string_get(key, KERBNET_HOME, &ts) == 0) { cns_res.conf_override = 0; - strcpy(cns_res.def_confname, ts); - strcat(cns_res.def_confname, "\\etc\\krb5.conf"); + cns_res.def_confname[sizeof(cns_res.def_confname) - 1]; + strncpy(cns_res.def_confname, ts, + sizeof(cns_res.def_confname) - 1); + strncat(cns_res.def_confname, "\\etc\\krb5.conf", + sizeof(cns_res.def_confname) - 1 - + strlen(cns_res.def_confname)); free(ts); } diff --git a/src/windows/cns/tktlist.c b/src/windows/cns/tktlist.c index 62b6eb8d6..5e1520120 100644 --- a/src/windows/cns/tktlist.c +++ b/src/windows/cns/tktlist.c @@ -122,11 +122,12 @@ ticket_init_list (HWND hwnd) krb_get_nth_cred(service, instance, realm, i); krb_get_cred(service, instance, realm, &c); strcpy(buf, " "); - strcat(buf, short_date(c.issue_date - kwin_get_epoch())); + strncat(buf, short_date(c.issue_date - kwin_get_epoch()), + sizeof(buf) - 1 - strlen(buf)); expiration = c.issue_date - kwin_get_epoch() + (long) c.lifetime * 5L * 60L; - strcat (buf, " "); - strcat(buf, short_date(expiration)); - strcat (buf, " "); + strncat(buf, " ", sizeof(buf) - 1 - strlen(buf)); + strncat(buf, short_date(expiration), sizeof(buf) - 1 - strlen(buf)); + strncat(buf, " ", sizeof(buf) - 1 - strlen(buf)); l = strlen(buf); sprintf(&buf[l], "%s%s%s%s%s (%d)", c.service, (c.instance[0] ? "." : ""), c.instance, @@ -172,10 +173,12 @@ ticket_init_list (HWND hwnd) ncred++; strcpy (buf, " "); - strcat (buf, short_date (c.times.starttime - kwin_get_epoch())); - strcat (buf, " "); - strcat (buf, short_date (c.times.endtime - kwin_get_epoch())); - strcat (buf, " "); + strncat(buf, short_date (c.times.starttime - kwin_get_epoch()), + sizeof(buf) - 1 - strlen(buf)); + strncat(buf, " ", sizeof(buf) - 1 - strlen(buf)); + strncat(buf, short_date (c.times.endtime - kwin_get_epoch()), + sizeof(buf) - 1 - strlen(buf)); + strncat(buf, " ", sizeof(buf) - 1 - strlen(buf)); /* Add ticket service name and realm */ code = krb5_unparse_name (k5_context, c.server, &sname); @@ -183,9 +186,9 @@ ticket_init_list (HWND hwnd) com_err (NULL, code, "while unparsing server name"); break; } - strcat (buf, sname); + strncat (buf, sname, sizeof(buf) - 1 - strlen(buf)); - strcat (buf, flags_string (&c)); /* Add flag info */ + strncat (buf, flags_string (&c), sizeof(buf) - 1 - strlen(buf)); /* Add flag info */ l = strlen(buf); lpinfo = (LPTICKETINFO) malloc(sizeof(TICKETINFO) + l + 1); diff --git a/src/windows/version.rc b/src/windows/version.rc index 67660fc42..ba5e1a1ff 100644 --- a/src/windows/version.rc +++ b/src/windows/version.rc @@ -5,6 +5,16 @@ * BEGIN COMMON VERSION INFO for GSS and Kerberos version resources */ +#define PRE_RELEASE + +#ifdef PRE_RELEASE +#define BETA_STR " beta" +#define BETA_FLAG VS_FF_PRERELEASE +#else +#define BETA_STR "" +#define BETA_FLAG 0 +#endif + #if !defined(_WIN32) #define Targ_OS VOS__WINDOWS16 #else @@ -13,10 +23,10 @@ /* we're going to stamp all the DLLs with the same version number */ -#define K5_PRODUCT_VERSION_STRING "1.1.1\0" -#define K5_PRODUCT_VERSION 1, 1, 1, 0 +#define K5_PRODUCT_VERSION_STRING "1.2" BETA_STR "\0" +#define K5_PRODUCT_VERSION 1, 2, 0, 0 -#define K5_COPYRIGHT "Copyright (C) 1997-1999 by the Massachusetts Institute of Technology\0" +#define K5_COPYRIGHT "Copyright (C) 1997-2000 by the Massachusetts Institute of Technology\0" #define K5_COMPANY_NAME "Massachusetts Institute of Technology.\0" /* @@ -134,7 +144,7 @@ VS_VERSION_INFO VERSIONINFO FILEVERSION K5_PRODUCT_VERSION PRODUCTVERSION K5_PRODUCT_VERSION FILEFLAGSMASK VS_FFI_FILEFLAGSMASK -FILEFLAGS (VS_FF_DEBUG | VS_FF_PRIVATEBUILD) +FILEFLAGS (VS_FF_DEBUG | VS_FF_PRIVATEBUILD | BETA_FLAG) FILEOS Targ_OS FILETYPE K5_FILETYPE BEGIN diff --git a/src/windows/wintel/ChangeLog b/src/windows/wintel/ChangeLog index a9d690090..f8526d9bc 100644 --- a/src/windows/wintel/ChangeLog +++ b/src/windows/wintel/ChangeLog @@ -1,3 +1,9 @@ +2000-05-08 Nalin Dahyabhai + + * auth.c (auth_abort): Don't overflow buffer "strTmp". + (k4_auth_send): Don't overflow buffer "dbgbuf". + * encrypt.c (printsub): Don't overflow buffer "p". + 1999-12-03 Danilo Almeida * Makefile.in: Windows fix for updated win-pre.in. diff --git a/src/windows/wintel/auth.c b/src/windows/wintel/auth.c index 5e9d1d2ef..28f515b6c 100644 --- a/src/windows/wintel/auth.c +++ b/src/windows/wintel/auth.c @@ -151,10 +151,11 @@ auth_abort(kstream ks, char *errmsg, long r) TelnetSend(ks, (LPSTR)buf, 8, 0); if (errmsg != NULL) { - strcpy(strTmp, errmsg); + strTmp[sizeof(strTmp) - 1] = '\0'; + strncpy(strTmp, errmsg, sizeof(strTmp) - 1); if (r != KSUCCESS) { - strcat(strTmp, "\n"); + strncat(strTmp, "\n", sizeof(strTmp) - 1 - strlen(strTmp)); #ifdef KRB4 lstrcat(strTmp, krb_get_err_text((int)r)); #endif @@ -423,8 +424,8 @@ k4_auth_send(kstream ks) if (!realm) { strcpy(buf, "Can't find realm for host \""); - strcat(buf, szHostName); - strcat(buf, "\""); + strncat(buf, szHostName, sizeof(buf) - 1 - strlen(buf)); + strncat(buf, "\"", sizeof(buf) - 1 - strlen(buf)); auth_abort(ks, buf, 0); return KFAILURE; } @@ -436,14 +437,14 @@ k4_auth_send(kstream ks) if (r) { strcpy(buf, "Can't get \""); - strcat(buf, KRB_SERVICE_NAME); + strncat(buf, KRB_SERVICE_NAME, sizeof(buf) - 1 - strlen(buf)); if (instance[0] != 0) { - strcat(buf, "."); + strncat(buf, ".", sizeof(buf) - 1 - strlen(buf)); lstrcat(buf, instance); } - strcat(buf, "@"); + strncat(buf, "@", sizeof(buf) - 1 - strlen(buf)); lstrcat(buf, realm); - strcat(buf, "\" ticket"); + strncat(buf, "\" ticket", sizeof(buf) - 1 - strlen(buf)); auth_abort(ks, buf, r); return r; diff --git a/src/windows/wintel/encrypt.c b/src/windows/wintel/encrypt.c index f1a1301fb..bbb5496d6 100644 --- a/src/windows/wintel/encrypt.c +++ b/src/windows/wintel/encrypt.c @@ -230,10 +230,11 @@ printsub(char c, unsigned char *s, size_t len) *p++ = c; - for (i = 0 ; i < len ; i++) + for (i = 0 ; (i < len) && (p - dbgbuf + 3 < sizeof(dbgbuf)) ; i++) p += sprintf(p, "%02x ", s[i]); + dbgbuf[sizeof(dbgbuf) - 1] = '\0'; - strcat(p, "\n"); + strncat(p, "\n", sizeof(dbgbuf) - 1 - (p - dbgbuf)); OutputDebugString(dbgbuf); -- 2.26.2