Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37038840
en ru br
Репозитории ALT
S:0.6.12.1-alt1
5.1: 0.6.1-alt5
www.altlinux.org/Changes

Группа :: Система/Основа
Пакет: pam_pkcs11

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

Патч: pam_pkcs11-0.6.9-buffer.patch
Скачать


 src/common/cert_info.c       | 1 +
 src/common/pkcs11_lib.c      | 1 +
 src/common/strings.c         | 1 +
 src/common/uri.c             | 1 +
 src/mappers/openssh_mapper.c | 4 ++--
 src/pam_pkcs11/pam_pkcs11.c  | 4 ++--
 src/tools/pkcs11_eventmgr.c  | 1 +
 7 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/common/cert_info.c b/src/common/cert_info.c
index 12965e1..4d5a9c5 100644
--- a/src/common/cert_info.c
+++ b/src/common/cert_info.c
@@ -748,6 +748,7 @@ static char **cert_info_sshpuk(X509 *x509) {
 		DBG("No memory to store public key dump");
 		goto sshpuk_fail;
 	}
+	/* buf is allocated above */
 	if (maillist && maillist[0]) sprintf(buf,"%s %s %s",type,data,maillist[0]);
 	else sprintf(buf,"%s %s",type,data);
 	DBG1("Public key is '%s'\n",buf);
diff --git a/src/common/pkcs11_lib.c b/src/common/pkcs11_lib.c
index 46a93bd..1e7b8bb 100644
--- a/src/common/pkcs11_lib.c
+++ b/src/common/pkcs11_lib.c
@@ -270,6 +270,7 @@ int load_pkcs11_module(const char *pkcs11_module, pkcs11_handle_t **hp)
     free (h);
     return -1;
   }
+  /* moduleSpec is allocated above */
   sprintf(moduleSpec,SPEC_TEMPLATE, pkcs11_module);
   DBG2("loading Module explictly, moduleSpec=<%s> module=%s",
                                                 moduleSpec, pkcs11_module);
diff --git a/src/common/strings.c b/src/common/strings.c
index 085b952..3574fc4 100644
--- a/src/common/strings.c
+++ b/src/common/strings.c
@@ -88,6 +88,7 @@ char *bin2hex(const unsigned char *binstr,const int len) {
 	    return res;
 	}
 	for(i=0,pt=res;i<len;i++,pt+=3){
+		/* pt is allocated above */
 	    sprintf(pt,"%02X:",binstr[i]);
 	}
 	*(--pt)='\0'; /* replace last ':' with '\0' */
diff --git a/src/common/uri.c b/src/common/uri.c
index 2d74c04..8526670 100644
--- a/src/common/uri.c
+++ b/src/common/uri.c
@@ -407,6 +407,7 @@ static int get_http(uri_t *uri, unsigned char **data, size_t *length, int rec_le
     set_error("not enough free memory available");
     return -1;
   }
+  /* request is allocated above */
   sprintf(request, "GET %s HTTP/1.0\nHost: %s\n\n\n", uri->http->path, uri->http->host);
   len = strlen(request);
   rv = send(sock, request, len, 0);
diff --git a/src/mappers/openssh_mapper.c b/src/mappers/openssh_mapper.c
index b9e09f7..37db10b 100644
--- a/src/mappers/openssh_mapper.c
+++ b/src/mappers/openssh_mapper.c
@@ -319,7 +319,7 @@ static int openssh_mapper_match_user(X509 *x509, const char *user, void *context
             DBG1("User '%s' has no home directory",user);
             return -1;
         }
-	sprintf(filename,"%s/.ssh/authorized_keys",pw->pw_dir);
+	snprintf(filename, sizeof(filename),"%s/.ssh/authorized_keys",pw->pw_dir);
         return openssh_mapper_match_keys(x509,filename);
 }
 
@@ -339,7 +339,7 @@ static char * openssh_mapper_find_user(X509 *x509, void *context, int *match) {
                 DBG1("User '%s' has no home directory",pw->pw_name);
                 continue;
             }
-	    sprintf(filename,"%s/.ssh/authorized_keys",pw->pw_dir);
+	    snprintf(filename, sizeof(filename),"%s/.ssh/authorized_keys",pw->pw_dir);
             n = openssh_mapper_match_keys (x509,filename);
             if (n<0) {
                 DBG1("Error in matching process with user '%s'",pw->pw_name);
diff --git a/src/pam_pkcs11/pam_pkcs11.c b/src/pam_pkcs11/pam_pkcs11.c
index d6ca475..640008b 100644
--- a/src/pam_pkcs11/pam_pkcs11.c
+++ b/src/pam_pkcs11/pam_pkcs11.c
@@ -86,7 +86,7 @@ static int pam_prompt(pam_handle_t *pamh, int style, char **response, char *fmt,
   struct pam_message *(msgp[1]);
   msgp[0] = &msg;
   va_list va;
-  char text[128];
+  char text[256];
 
   va_start(va, fmt);
   vsnprintf(text, sizeof text, fmt, va);
@@ -489,7 +489,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
 	rv = get_slot_protected_authentication_path(ph);
 	if ((-1 == rv) || (0 == rv))
 	{
-		char password_prompt[128];
+		char password_prompt[256];
 
 		snprintf(password_prompt,  sizeof(password_prompt), _("%s PIN: "), _(configuration->token_type));
 		if (configuration->use_first_pass) {
diff --git a/src/tools/pkcs11_eventmgr.c b/src/tools/pkcs11_eventmgr.c
index 0ec28be..904f104 100644
--- a/src/tools/pkcs11_eventmgr.c
+++ b/src/tools/pkcs11_eventmgr.c
@@ -483,6 +483,7 @@ int main(int argc, char *argv[])
 				strerror(errno));
 			return 1;
 		}
+                /* moduleSpec is allocated above */
 		sprintf(moduleSpec, SPEC_TEMPLATE, pkcs11_module);
 		DBG2("loading Module explictly, moduleSpec=<%s> module=%s\n",
 			moduleSpec, pkcs11_module);
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin