telnet, telnetd: Buffer security.

libtelnet/auth-proto.h

@@ -78,7 +78,7 @@ void auth_send_retry (void);
 void auth_is (unsigned char *, int);
 void auth_reply (unsigned char *, int);
 void auth_finished (TN_Authenticator *, int);
-int auth_wait (char *);
+int auth_wait (char *, size_t);
 void auth_name (unsigned char *, int);
 void auth_disable_name (char *);
 void auth_printsub (unsigned char *, int, unsigned char *, int);
@@ -89,7 +89,7 @@ int kerberos4_init (TN_Authenticator *, int);
 int kerberos4_send (TN_Authenticator *);
 void kerberos4_is (TN_Authenticator *, unsigned char *, int);
 void kerberos4_reply (TN_Authenticator *, unsigned char *, int);
-int kerberos4_status (TN_Authenticator *, char *, int);
+int kerberos4_status (TN_Authenticator *, char *, size_t, int);
 void kerberos4_printsub (unsigned char *, int, unsigned char *, int);
 # endif
 
@@ -98,7 +98,7 @@ int kerberos5_init (TN_Authenticator *, int);
 int kerberos5_send (TN_Authenticator *);
 void kerberos5_is (TN_Authenticator *, unsigned char *, int);
 void kerberos5_reply (TN_Authenticator *, unsigned char *, int);
-int kerberos5_status (TN_Authenticator *, char *, int);
+int kerberos5_status (TN_Authenticator *, char *, size_t, int);
 void kerberos5_printsub (unsigned char *, int, unsigned char *, int);
 # endif
 
@@ -107,7 +107,7 @@ int krb5shishi_init (TN_Authenticator *, int);
 int krb5shishi_send (TN_Authenticator *);
 void krb5shishi_is (TN_Authenticator *, unsigned char *, int);
 void krb5shishi_reply (TN_Authenticator *, unsigned char *, int);
-int krb5shishi_status (TN_Authenticator *, char *, int);
+int krb5shishi_status (TN_Authenticator *, char *, size_t, int);
 void krb5shishi_printsub (unsigned char *, int, unsigned char *, int);
 void krb5shishi_cleanup (TN_Authenticator *);
 # endif

libtelnet/auth.c

@@ -664,7 +664,7 @@ auth_intr (int sig _GL_UNUSED_PARAMETER)
 }
 
 int
-auth_wait (char *name)
+auth_wait (char *name, size_t len)
 {
   if (auth_debug_mode)
     printf (">>>%s: in auth_wait.\r\n", Name);
@@ -690,7 +690,8 @@ auth_wait (char *name)
     validuser = AUTH_USER;
 
   if (authenticated->status)
-    validuser = (*authenticated->status) (authenticated, name, validuser);
+    validuser = (*authenticated->status) (authenticated, name, len,
+					  validuser);
   return (validuser);
 }
 

libtelnet/auth.h

@@ -95,7 +95,7 @@ typedef struct XauthP
   int (*send) (struct XauthP *);
   void (*is) (struct XauthP *, unsigned char *, int);
   void (*reply) (struct XauthP *, unsigned char *, int);
-  int (*status) (struct XauthP *, char *, int);
+  int (*status) (struct XauthP *, char *, size_t, int);
   void (*printsub) (unsigned char *, int, unsigned char *, int);
   void (*cleanup) (struct XauthP *);
 } TN_Authenticator;

libtelnet/encrypt.c

@@ -265,10 +265,10 @@ EncryptDisable (char *type, char *mode)
       printf ("Usage: encrypt disable <type> [input|output]\n");
       encrypt_list_types ();
     }
-  else if ((ep = (Encryptions *) genget (type, encryptions,
+  else if ((ep = (Encryptions *) genget (type, (char **) encryptions,
 					 sizeof (Encryptions))) == 0)
     printf ("%s: invalid encryption type\n", type);
-  else if (Ambiguous (ep))
+  else if (Ambiguous ((char *) ep))
     printf ("Ambiguous type '%s'\n", type);
   else
     {
@@ -303,10 +303,10 @@ EncryptType (char *type, char *mode)
       printf ("Usage: encrypt type <type> [input|output]\n");
       encrypt_list_types ();
     }
-  else if ((ep = (Encryptions *) genget (type, encryptions,
+  else if ((ep = (Encryptions *) genget (type, (char **) encryptions,
 					 sizeof (Encryptions))) == 0)
     printf ("%s: invalid encryption type\n", type);
-  else if (Ambiguous (ep))
+  else if (Ambiguous ((char *) ep))
     printf ("Ambiguous type '%s'\n", type);
   else
     {

libtelnet/encrypt.h

@@ -96,7 +96,7 @@ typedef struct
 {
   Block _;
 } Schedule[16];
-#  endif /* HAVE_ARPA_TELNET_H_SCHEDULE */
+#  endif /* !HAVE_ARPA_TELNET_H_SCHEDULE */
 
 #  ifndef VALIDKEY
 #   define VALIDKEY(key)	( key[0] | key[1] | key[2] | key[3] | \
@@ -110,9 +110,9 @@ typedef struct
 {
   short type;
   int length;
-  unsigned char *data;
+  const unsigned char *data;
 } Session_Key;
-#  endif /* HAVE_ARPA_TELNET_H_SESSION_KEY */
+#  endif /* !HAVE_ARPA_TELNET_H_SESSION_KEY */
 
 typedef struct
 {

libtelnet/kerberos.c

@@ -475,9 +475,10 @@ kerberos4_reply (ap, data, cnt)
 }
 
 int
-kerberos4_status (ap, name, level)
+kerberos4_status (ap, name, len, level)
      TN_Authenticator *ap;
      char *name;
+     size_t len;
      int level;
 {
   if (level < AUTH_USER)
@@ -485,7 +486,7 @@ kerberos4_status (ap, name, level)
 
   if (UserNameRequested && !kuserok (&adat, UserNameRequested))
     {
-      strcpy (name, UserNameRequested);
+      strncpy (name, UserNameRequested, len);
       return (AUTH_VALID);
     }
   else

libtelnet/kerberos5.c

@@ -426,7 +426,8 @@ kerberos5_reply (TN_Authenticator * ap, unsigned char *data, int cnt)
 }
 
 int
-kerberos5_status (TN_Authenticator * ap, char *name, int level)
+kerberos5_status (TN_Authenticator * ap, char *name, size_t len,
+		  int level)
 {
   if (level < AUTH_USER)
     return level;
@@ -436,7 +437,7 @@ kerberos5_status (TN_Authenticator * ap, char *name, int level)
 		       UserNameRequested))
     {
       /* FIXME: Check buffer length */
-      strcpy (name, UserNameRequested);
+      strncpy (name, UserNameRequested, len);
       return AUTH_VALID;
     }
   return AUTH_USER;

libtelnet/shishi.c

@@ -392,7 +392,8 @@ krb5shishi_reply (TN_Authenticator * ap, unsigned char *data, int cnt)
 }
 
 int
-krb5shishi_status (TN_Authenticator * ap, char *name, int level)
+krb5shishi_status (TN_Authenticator * ap, char *name, size_t len,
+		   int level)
 {
   int rc;
   int status;
@@ -406,7 +407,7 @@ krb5shishi_status (TN_Authenticator * ap, char *name, int level)
 			      UserNameRequested))
     {
       /* FIXME: Check buffer length */
-      strcpy (name, UserNameRequested);
+      strncpy (name, UserNameRequested, len);
       status = AUTH_VALID;
     }
   else
@@ -422,7 +423,7 @@ krb5shishi_is_auth (TN_Authenticator * a, unsigned char *data, int cnt,
   Shishi_key *key, *key2;
   int rc;
   char *cnamerealm, *server = NULL, *realm = NULL;
-  int cnamerealmlen;
+  size_t cnamerealmlen;
 # ifdef ENCRYPTION
   Session_Key skey;
 # endif