Changeset 6b1c3b6 for zcrypt.c


Ignore:
Timestamp:
Mar 17, 2010, 10:36:59 PM (15 years ago)
Author:
Nelson Elhage <nelhage@ksplice.com>
Branches:
master, release-1.10, release-1.6, release-1.7, release-1.8, release-1.9
Children:
49bc81e
Parents:
4942723
git-author:
Nelson Elhage <nelhage@mit.edu> (04/13/09 20:35:25)
git-committer:
Nelson Elhage <nelhage@ksplice.com> (03/17/10 22:36:59)
Message:
zcrypt.c: Fix the zcrypt CVEs
File:
1 edited

Legend:

Unmodified
Added
Removed
  • zcrypt.c

    redae037 r6b1c3b6  
    88
    99#include <stdio.h>
    10 #if defined(vax) || defined(ibm032)
    11 #define pid_t int
    12 int waitpid(pid_t pid, int *statloc, int options)
    13 {
    14   while (wait(statloc) != pid)
    15     ;
    16 }
    17 #define STDIN_FILENO 0
    18 #else
     10
     11
    1912#include <unistd.h>
    20 #endif
    2113#include <sys/types.h>
    2214#include <des.h>
    2315#include <zephyr/zephyr.h>
     16#include <glib.h>
    2417
    2518#define MAX_KEY 128
     
    321314  int retval;
    322315  char *keyfile;
    323   char varname[MAX_SEARCH][128];
     316  char *varname[MAX_SEARCH];
    324317  int length[MAX_SEARCH], i;
    325318  char buffer[MAX_BUFF];
    326   char filename[MAX_BUFF];
     319  char *filename;
    327320  char result[MAX_SEARCH][MAX_BUFF];
    328321  int numsearch = 0;
    329322  FILE *fsearch;
    330323
     324  memset(varname, 0, sizeof(varname));
     325
    331326  /* Determine names to look for in .crypt-table */
    332327  if (instance)
    333     sprintf(varname[numsearch++], "crypt-%s-%s:", (class?class:"message"),
    334             instance);
     328    varname[numsearch++] = g_strdup_printf("crypt-%s-%s:", (class?class:"message"), instance);
    335329  if (class)
    336     sprintf(varname[numsearch++], "crypt-%s:", class);
    337   sprintf(varname[numsearch++], "crypt-default:", class);
     330    varname[numsearch++] = g_strdup_printf("crypt-%s:", class);
     331  varname[numsearch++] = g_strdup("crypt-default:");
    338332
    339333  /* Setup the result array, and determine string lengths */
     
    345339
    346340  /* Open~/.crypt-table */
    347   sprintf(filename, "%s/.crypt-table", getenv("HOME"));
     341  filename = g_strdup_printf("%s/.crypt-table", getenv("HOME"));
    348342  fsearch = fopen(filename, "r");
    349343  if (fsearch)
     
    394388  else
    395389    printf("Could not open key table file: %s\n", filename);
     390
     391  for(i = 0; i < MAX_SEARCH; i++) {
     392    if(varname[i] != NULL) {
     393      g_free(varname[i]);
     394    }
     395  }
     396
     397  if(filename != NULL) {
     398    g_free(filename);
     399  }
    396400
    397401  return keyfile;
Note: See TracChangeset for help on using the changeset viewer.