From dd1fb67c835df0687fc9242e96f427e8bd778793 Mon Sep 17 00:00:00 2001 From: Ezra Peisach Date: Tue, 12 Mar 1996 23:03:58 +0000 Subject: [PATCH] * krshd.c (doit): For encrypted rcp, fix logic in determining executable to run. The real bug was that for encrypted rcp, it was checking (with stat) if "-x ....../rcp" existed instead of "..../rcp" Another change is so that freed memory is not accessed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7610 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/bsd/krlogind.M | 2 +- src/appl/bsd/krshd.c | 29 +++++++++++++++-------------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/src/appl/bsd/krlogind.M b/src/appl/bsd/krlogind.M index c76b99cab..1be713629 100644 --- a/src/appl/bsd/krlogind.M +++ b/src/appl/bsd/krlogind.M @@ -84,7 +84,7 @@ client is trying to access in the initial authenticator. This checksum provides additionl security by preventing an attacker from changing the initial connection information. To benefit from this security, only Kerberos5 should be trusted; Kerberos4 and rhosts -authentication do not include this checksum. If thi options is +authentication do not include this checksum. If this options is specified, older Kerberos5 clients that do not send a checksum in the authenticator will not be able to authenticate to this server. .PP diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 98d49744c..1573939a9 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -1299,12 +1299,6 @@ envinit[i] =buf; } environ = envinit; - cp = strrchr(pwd->pw_shell, '/'); - if (cp) - cp++; - else - cp = pwd->pw_shell; - #ifdef KERBEROS /* To make Kerberos rcp work correctly, we must ensure that we invoke Kerberos rcp on this end, not normal rcp, even if the @@ -1313,6 +1307,7 @@ envinit[i] =buf; (do_encrypt && !strncmp(cmdbuf, "-x rcp ", 7))) { char *copy; struct stat s; + int offst = 0; copy = malloc(strlen(cmdbuf) + 1); if (copy == NULL) { @@ -1321,14 +1316,14 @@ envinit[i] =buf; } strcpy(copy, cmdbuf); if (do_encrypt && !strncmp(cmdbuf, "-x ", 3)) { - strcpy(cmdbuf + 3, kprogdir); - cp = copy + 6; - } else { - strcpy(cmdbuf, kprogdir); - cp = copy + 3; + offst = 3; } + + strcpy((char *) cmdbuf + offst, kprogdir); + cp = copy + 3 + offst; + strcat(cmdbuf, "/rcp"); - if (stat(cmdbuf, &s) >= 0) + if (stat((char *)cmdbuf + offst, &s) >= 0) strcat(cmdbuf, cp); else strcpy(cmdbuf, copy); @@ -1336,12 +1331,18 @@ envinit[i] =buf; } #endif + cp = strrchr(pwd->pw_shell, '/'); + if (cp) + cp++; + else + cp = pwd->pw_shell; + if (do_encrypt && !strncmp(cmdbuf, "-x ", 3)) { execl(pwd->pw_shell, cp, "-c", (char *)cmdbuf + 3, 0); } - else + else { execl(pwd->pw_shell, cp, "-c", cmdbuf, 0); - +} perror(pwd->pw_shell); perror(cp); exit(1); -- 2.26.2