commit 050585311ac7e6f17a0d4e33650ea3a5a4ee182b
Author: David Sommerseth <dazo@users.sourceforge.net>
Date: Thu Jul 8 14:13:41 2010 +0200
Fixed a buffer overflow issue in eurephia_init
diff --git a/utils/eurephia_init.c b/utils/eurephia_init.c
index ed03690..fd28f68 100644
--- a/utils/eurephia_init.c
+++ b/utils/eurephia_init.c
@@ -503,8 +503,8 @@ int setup_attempt_limits(eurephiaCTX *ctx) {
* @return Returns 1 on success, otherwise 0.
*/
int setup_session_params(eurephiaCTX *ctx) {
- char buffer[20], value[20];
- memset(&buffer, 0, 20);
+ char buffer[22], value[22];
+ memset(&buffer, 0, 22);
printf("------------------------------------------------------------------------------\n");
printf(" eurephia :: SESSION PARAMETERS\n");
commit 38df03d8ec77cb26ac22d73787fe9fee88dd6280
Author: David Sommerseth <dazo@users.sourceforge.net>
Date: Thu Jul 8 14:11:31 2010 +0200
Fixed compiler warning: loop could be used uninitialised
diff --git a/eurephiadm/client_session.c b/eurephiadm/client_session.c
index 7abad95..31e761b 100644
--- a/eurephiadm/client_session.c
+++ b/eurephiadm/client_session.c
@@ -156,7 +156,7 @@ void remove_session_file(eurephiaCTX *ctx) {
*/
eurephiaSESSION *create_session(eurephiaCTX *ctx, const char *sesskey) {
eurephiaSESSION *new_sess = NULL;
- int loop, uniqchk;
+ int loop = 0, uniqchk = 0;
char *randdata = NULL;
unsigned char sha_res[SHA512_HASH_SIZE+2];
SHA512Context sha;
commit 961b3a85ca6d2ca65360034f5c2b34d276507d6a
Author: David Sommerseth <dazo@users.sourceforge.net>
Date: Thu Jul 8 13:50:55 2010 +0200
Do check the result of fgets()
If fgets() returns NULL, clear the buffer allocated for the console data.
diff --git a/eurephiadm/get_console_input.c b/eurephiadm/get_console_input.c
index e291d79..ab407f7 100644
--- a/eurephiadm/get_console_input.c
+++ b/eurephiadm/get_console_input.c
@@ -46,6 +46,7 @@
*/
int get_console_input(char *buf, size_t len, const char *prompt, int hidden) {
struct termios term_orig, term_noecho;
+ char *res = NULL;
char *ptr;
// Print prompt
@@ -65,7 +66,7 @@ int get_console_input(char *buf, size_t len, const char *prompt, int hidden) {
}
// Read user input from stdin
- fgets(buf, len, stdin);
+ res = fgets(buf, len, stdin);
if( hidden == 1 ) {
// Restore terminal to saved state
@@ -73,13 +74,16 @@ int get_console_input(char *buf, size_t len, const char *prompt, int hidden) {
}
// Remove trailing spaces
- if( buf != NULL ) {
+ if( res != NULL && buf != NULL ) {
ptr = buf + strlen(buf) - 1;
while( (ptr > buf) && ((*ptr == 0x20) || (*ptr == '\n') || (*ptr == '\r')) ) {
*ptr = 0;
ptr--;
}
ptr++;
+ } else {
+ // If nothing is read, make sure result buffer is cleared
+ memset(buf, 0, len);
}
if( hidden ) {
fprintf(stdout, "\n");
commit 7ae14aca46d6299d2ed49640e5eb942a207b3a68
Author: David Sommerseth <dazo@users.sourceforge.net>
Date: Thu Jul 8 13:49:08 2010 +0200
Fixed an overflow issue with memset() in eurephiadm
diff --git a/eurephiadm/eurephiadm.c b/eurephiadm/eurephiadm.c
index 564a4a7..340ac08 100644
--- a/eurephiadm/eurephiadm.c
+++ b/eurephiadm/eurephiadm.c
@@ -285,7 +285,7 @@ static eurephiaSESSION *do_login(eurephiaCTX *ctx, eurephiaVALUES *cfg, const ch
memset(&username, 0, 33);
memset(&password, 0, 33);
if( (tmp = eGet_value(cfg, "username")) == NULL ) {
- memset(username, 0, 34);
+ memset(username, 0, 33);
get_console_input(username, 32, "User:", 0);
} else {
strncpy(username, tmp, 32);