head	1.8;
access;
symbols
	RELEASE_8_3_0:1.8
	RELEASE_9_0_0:1.8
	RELEASE_7_4_0:1.8
	RELEASE_8_2_0:1.8
	RELEASE_6_EOL:1.8
	RELEASE_8_1_0:1.8
	old_RELEASE_7_3_0:1.6
	old_RELEASE_8_0_0:1.6
	old_old_RELEASE_7_2_0:1.4
	old_old_RELEASE_7_1_0:1.4
	old_old_RELEASE_6_4_0:1.4
	old_old_RELEASE_5_EOL:1.4
	old_old_RELEASE_7_0_0:1.4
	old_old_RELEASE_6_3_0:1.4
	old_old_PRE_XORG_7:1.4
	old_old_RELEASE_4_EOL:1.4
	old_old_RELEASE_6_2_0:1.4
	old_old_RELEASE_6_1_0:1.4
	old_old_RELEASE_5_5_0:1.4
	old_old_RELEASE_6_0_0:1.4
	old_old_RELEASE_5_4_0:1.4
	old_old_RELEASE_4_11_0:1.4
	old_old_RELEASE_5_3_0:1.4
	old_old_RELEASE_4_10_0:1.4
	old_old_RELEASE_5_2_1:1.4
	old_old_RELEASE_5_2_0:1.4
	old_old_RELEASE_4_9_0:1.4
	old_old_RELEASE_5_1_0:1.4
	old_old_RELEASE_4_8_0:1.4
	old_old_RELEASE_5_0_0:1.4
	old_old_RELEASE_4_7_0:1.4
	old_old_RELEASE_4_6_2:1.4
	old_old_RELEASE_4_6_1:1.4
	old_old_RELEASE_4_6_0:1.4
	old_old_RELEASE_5_0_DP1:1.4
	old_old_RELEASE_4_5_0:1.4
	old_old_RELEASE_4_4_0:1.3
	old_old_RELEASE_4_3_0:1.2
	old_old_RELEASE_4_2_0:1.2
	old_old_RELEASE_4_1_1:1.2
	old_old_RELEASE_4_1_0:1.2
	old_old_krb5_1_2:1.2
	old_old_krb5_1_1_1:1.2
	old_old_RELEASE_3_5_0:1.2
	old_old_RELEASE_4_0_0:1.2
	old_old_RELEASE_3_4_0:1.2
	old_old_RELEASE_3_3_0:1.1
	old_old_krb5_1_0_6:1.1
	old_old_krb5_1_0_5:1.1
	old_old_RELEASE_3_2_0:1.1
	old_old_RELEASE_3_1_0:1.1
	old_old_RELEASE_2_2_8:1.1
	old_old_RELEASE_3_0_0:1.1
	old_old_RELEASE_2_2_7:1.1;
locks; strict;
comment	@# @;


1.8
date	2010.04.26.03.54.16;	author cy;	state Exp;
branches;
next	1.7;

1.7
date	2010.04.26.03.31.54;	author cy;	state Exp;
branches;
next	1.6;

1.6
date	2009.08.28.23.35.15;	author cy;	state Exp;
branches;
next	1.5;

1.5
date	2009.06.09.04.16.35;	author cy;	state Exp;
branches;
next	1.4;

1.4
date	2002.01.16.03.17.24;	author cy;	state Exp;
branches;
next	1.3;

1.3
date	2001.04.27.18.15.00;	author nectar;	state Exp;
branches;
next	1.2;

1.2
date	99.10.04.14.32.23;	author nectar;	state Exp;
branches;
next	1.1;

1.1
date	98.07.06.18.58.49;	author nectar;	state Exp;
branches;
next	;


desc
@@


1.8
log
@Welcome to krb5-appl-1.0. MIT split the Kerberos applications from the
base Kerberos distribution, creating krb5-appl.
@
text
@--- gssftp/ftpd/ftpd.c.orig	Wed Jan  9 14:26:51 2002
+++ gssftp/ftpd/ftpd.c	Thu Jan 10 19:00:13 2002
@@@@ -487,7 +487,13 @@@@
 #ifndef LOG_DAEMON
 #define LOG_DAEMON 0
 #endif
-	openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
+
+#ifndef LOG_FTP
+#define FACILITY	LOG_DAEMON
+#else
+#define FACILITY	LOG_FTP
+#endif
+	openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY);
 
 	addrlen = sizeof (his_addr);
 	if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
@


1.7
log
@This forced commit documents the repocopy of the now defunct krb5-17 port
into krb5-appl. This is in preparation of the krb5-1.8.1 commit. Krb5-1.8.1
splits the kdc and libraries from the applications (this port, krb5-appl-1.0).`

PR:		145968
@
text
@d1 2
a2 2
--- appl/gssftp/ftpd/ftpd.c.orig	Wed Jan  9 14:26:51 2002
+++ appl/gssftp/ftpd/ftpd.c	Thu Jan 10 19:00:13 2002
@


1.6
log
@Welcome the new Kerberos V 1.7.

PR:		138246
@
text
@@


1.5
log
@This forced commit documents the repocopy of security/krb5 to security/krb5-17
in preparation for inclusion of KRB5 1.7 in the ports collection.

PR:		135290
@
text
@a17 11
@@@@ -2312,6 +2318,10 @@@@
 		if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum),
 					  &kdata.session,&ctrl_addr, &his_addr)) == -1) {
 			secure_error("ADAT: krb_mk_safe failed");
+			return(0);
+		}
+		if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) {
+			secure_error("ADAT: reply too long");
 			return(0);
 		}
 		if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) {
@


1.4
log
@Update 1.2.2 -> 1.2.3
@
text
@@


1.3
log
@Security fix:
  ``Buffer overflows exist in the FTP daemon included with MIT krb5.''
See <URL:http://web.mit.edu/kerberos/www/advisories/ftpbuf.txt> and
<URL:http://web.mit.edu/kerberos/www/advisories/ftpbuf_122_patch.txt>.

Obtained from:	MIT Kerberos mailing list
@
text
@d1 3
a3 3
--- appl/gssftp/ftpd/ftpd.c.orig	Wed Feb 28 16:06:45 2001
+++ appl/gssftp/ftpd/ftpd.c	Fri Apr 27 10:18:01 2001
@@@@ -485,7 +485,13 @@@@
d18 5
a22 94
@@@@ -761,7 +767,16 @@@@
 		int result;
 #ifdef GSSAPI
 		if (auth_type && strcmp(auth_type, "GSSAPI") == 0) {
+			int len;
 			authorized = ftpd_gss_userok(&client_name, name) == 0;
+			len = sizeof("GSSAPI user  is not authorized as "
+				     "; Password required.")
+				+ strlen(client_name.value)
+				+ strlen(name);
+			if (len >= sizeof(buf)) {
+				syslog(LOG_ERR, "user: username too long");
+				name = "[username too long]";
+			}
 			sprintf(buf, "GSSAPI user %s is%s authorized as %s",
 				client_name.value, authorized ? "" : " not",
 				name);
@@@@ -772,7 +787,18 @@@@
 #endif /* GSSAPI */
 #ifdef KRB5_KRB4_COMPAT
 		if (auth_type && strcmp(auth_type, "KERBEROS_V4") == 0) {
+			int len;
 			authorized = kuserok(&kdata,name) == 0;
+			len = sizeof("Kerberos user .@@ is not authorized as "
+				     "; Password required.")
+				+ strlen(kdata.pname)
+				+ strlen(kdata.pinst)
+				+ strlen(kdata.prealm)
+				+ strlen(name);
+			if (len >= sizeof(buf)) {
+				syslog(LOG_ERR, "user: username too long");
+				name = "[username too long]";
+			}
 			sprintf(buf, "Kerberos user %s%s%s@@%s is%s authorized as %s",
 				kdata.pname, *kdata.pinst ? "." : "",
 				kdata.pinst, kdata.prealm,
@@@@ -1179,6 +1205,11 @@@@
 	} else {
 		char line[FTP_BUFSIZ];
 
+		if (strlen(cmd) + strlen(name) + 1 >= sizeof(line)) {
+			syslog(LOG_ERR, "retrieve: filename too long");
+			reply(501, "filename too long");
+			return;
+		}
 		(void) sprintf(line, cmd, name), name = line;
 		fin = ftpd_popen(line, "r"), closefunc = ftpd_pclose;
 		st.st_size = -1;
@@@@ -1417,6 +1448,10 @@@@
 	return (file);
 }
 
+/*
+ * XXX callers need to limit total length of output string to
+ * FTP_BUFSIZ
+ */
 #ifdef STDARG
 secure_error(char *fmt, ...)
 #else
@@@@ -1616,13 +1651,19 @@@@
 {
 	char line[FTP_BUFSIZ];
 	FILE *fin;
-	int c;
+	int c, n;
 	char str[FTP_BUFSIZ], *p;
 
+	if (strlen(filename) + sizeof("/bin/ls -lgA ")
+	    >= sizeof(line)) {
+		reply(501, "filename too long");
+		return;
+	}
 	(void) sprintf(line, "/bin/ls -lgA %s", filename);
 	fin = ftpd_popen(line, "r");
 	lreply(211, "status of %s:", filename);
 	p = str;
+	n = 0;
 	while ((c = getc(fin)) != EOF) {
 		if (c == '\n') {
 			if (ferror(stdout)){
@@@@ -1639,7 +1680,16 @@@@
 			*p = '\0';
 			reply(0, "%s", str);
 			p = str;
-		} else	*p++ = c;
+			n = 0;
+		} else {
+			*p++ = c;
+			n++;
+			if (n >= sizeof(str)) {
+				reply(551, "output line too long");
+				(void) ftpd_pclose(fin);
+				return;
+			}
a23 125
 	}
 	if (p != str) {
 		*p = '\0';
@@@@ -1723,6 +1773,10 @@@@
 
 char cont_char = ' ';
 
+/*
+ * XXX callers need to limit total length of output string to
+ * FTP_BUFSIZ bytes for now.
+ */
 #ifdef STDARG
 reply(int n, char *fmt, ...)
 #else
@@@@ -1744,22 +1798,32 @@@@
 #endif
 
 	if (auth_type) {
-		char in[FTP_BUFSIZ], out[FTP_BUFSIZ];
+		/*
+		 * Deal with expansion in mk_{safe,priv},
+		 * radix_encode, gss_seal, plus slop.
+		 */
+		char in[FTP_BUFSIZ*3/2], out[FTP_BUFSIZ*3/2];
 		int length, kerror;
 		if (n) sprintf(in, "%d%c", n, cont_char);
 		else in[0] = '\0';
 		strncat(in, buf, sizeof (in) - strlen(in) - 1);
 #ifdef KRB5_KRB4_COMPAT
 		if (strcmp(auth_type, "KERBEROS_V4") == 0) {
-			if ((length = clevel == PROT_P ?
-			     krb_mk_priv((unsigned char *)in,
-					 (unsigned char *)out,
-					 strlen(in), schedule, &kdata.session,
-					 &ctrl_addr, &his_addr)
-			     : krb_mk_safe((unsigned char *)in,
-					   (unsigned char *)out,
-					   strlen(in), &kdata.session,
-					   &ctrl_addr, &his_addr)) == -1) {
+			if (clevel == PROT_P)
+				length = krb_mk_priv((unsigned char *)in,
+						     (unsigned char *)out,
+						     strlen(in),
+						     schedule, &kdata.session,
+						     &ctrl_addr,
+						     &his_addr);
+			else
+				length = krb_mk_safe((unsigned char *)in,
+						     (unsigned char *)out,
+						     strlen(in),
+						     &kdata.session,
+						     &ctrl_addr,
+						     &his_addr);
+			if (length == -1) {
 				syslog(LOG_ERR,
 				       "krb_mk_%s failed for KERBEROS_V4",
 				       clevel == PROT_P ? "priv" : "safe");
@@@@ -1803,13 +1867,16 @@@@
 		}
 #endif /* GSSAPI */
 		/* Other auth types go here ... */
-		if (kerror = radix_encode(out, in, &length, 0)) {
+		if (length >= sizeof(in) / 4 * 3) {
+			syslog(LOG_ERR, "input to radix_encode too long");
+			fputs(in, stdout);
+		} else if (kerror = radix_encode(out, in, &length, 0)) {
 			syslog(LOG_ERR, "Couldn't encode reply (%s)",
 					radix_error(kerror));
 			fputs(in,stdout);
 		} else
-		printf("%s%c%s", clevel == PROT_P ? "632" : "631",
-				 n ? cont_char : '-', in);
+			printf("%s%c%s", clevel == PROT_P ? "632" : "631",
+			       n ? cont_char : '-', in);
 	} else {
 		if (n) printf("%d%c", n, cont_char);
 		fputs(buf, stdout);
@@@@ -1822,6 +1889,10 @@@@
 	}
 }
 
+/*
+ * XXX callers need to limit total length of output string to
+ * FTP_BUFSIZ
+ */
 #ifdef STDARG
 lreply(int n, char *fmt, ...)
 #else
@@@@ -1866,7 +1937,8 @@@@
 
 	if (cp = strchr(cbuf,'\n'))
 		*cp = '\0';
-	reply(500, "'%s': command not understood.", cbuf);
+	reply(500, "'%.*s': command not understood.",
+	      FTP_BUFSIZ - sizeof("'': command not understood."), cbuf);
 }
 
 delete_file(name)
@@@@ -2143,7 +2215,21 @@@@
 	int code;
 	char *string;
 {
-	reply(code, "%s: %s.", string, strerror(errno));
+	char *err_string;
+	size_t extra_len;
+	err_string = strerror(errno);
+	if (err_string == NULL)
+		err_string = "(unknown error)";
+	extra_len = strlen(err_string) + sizeof("(truncated): .");
+	/*
+	 * XXX knows about FTP_BUFSIZ in reply()
+	 */
+	if (strlen(string) + extra_len > FTP_BUFSIZ) {
+		reply(code, "(truncated)%.*s: %s.",
+		      FTP_BUFSIZ - extra_len, string, err_string);
+	} else {
+		reply(code, "%s: %s.", string, err_string);
+	}
 }
 
 auth(type)
@@@@ -2226,6 +2312,10 @@@@
 			secure_error("ADAT: krb_mk_safe failed");
 			return(0);
 		}
d26 1
a26 6
+			return(0);
+		}
 		if (kerror = radix_encode(out_buf, buf, &length, 0)) {
 			secure_error("Couldn't encode ADAT reply (%s)",
 				     radix_error(kerror));
@@@@ -2360,6 +2450,16 @@@@
d28 1
a28 41
 
 		if (out_tok.length) {
+			if (out_tok.length >= ((FTP_BUFSIZ - sizeof("ADAT="))
+					       / 4 * 3)) {
+				secure_error("ADAT: reply too long");
+				syslog(LOG_ERR, "ADAT: reply too long");
+				(void) gss_release_cred(&stat_min, &server_creds);
+				if (ret_flags & GSS_C_DELEG_FLAG)
+					(void) gss_release_cred(&stat_min,
+								&deleg_creds);
+				return(0);
+			}
 			if (kerror = radix_encode(out_tok.value, gbuf, &out_tok.length, 0)) {
 				secure_error("Couldn't encode ADAT reply (%s)",
 					     radix_error(kerror));
@@@@ -2458,6 +2558,9 @@@@
  *	n>=0 on success
  *	-1 on error
  *	-2 on security error
+ *
+ * XXX callers need to limit total length of output string to
+ * FTP_BUFSIZ
  */
 #ifdef STDARG
 secure_fprintf(FILE *stream, char *fmt, ...)
@@@@ -2575,6 +2678,15 @@@@
 			    dir->d_name[2] == '\0')
 				continue;
 
+			if (strlen(dirname) + strlen(dir->d_name)
+			    + 1 /* slash */
+			    + 2	/* CRLF */
+			    + 1 > sizeof(nbuf)) {
+				syslog(LOG_ERR,
+				       "send_file_list: pathname too long");
+				ret = -2; /* XXX */
+				goto data_err;
+			}
 			sprintf(nbuf, "%s/%s", dirname, dir->d_name);
 
 			/*
@


1.2
log
@Update 1.0.6 -> 1.1
@
text
@d1 3
a3 3
--- appl/gssftp/ftpd/ftpd.c.orig	Wed Sep  1 13:38:40 1999
+++ appl/gssftp/ftpd/ftpd.c	Sat Sep 25 10:25:04 1999
@@@@ -477,7 +477,13 @@@@
d18 270
@


1.1
log
@Additional patches (already committed to krb5-current):
* Paths corrected in applications
* ftpd now logs to facility LOG_FTP
* use openpty to obtain pseudo-terminal
* corrected detection of TCL libraries
* fix a forwarding bug
* add -m flag to ksu (preserve USER, HOME, SHELL)
* cosmetic bug fix to telnet.c
Submitted by:	Dima Ruban <dima@@best.net>
@
text
@d1 17
a17 25
*** appl/gssftp/ftpd/ftpd.c.ORIG	Fri Feb  6 19:41:25 1998
--- appl/gssftp/ftpd/ftpd.c	Tue Jun 30 19:46:01 1998
***************
*** 374,380 ****
  #ifndef LOG_DAEMON
  #define LOG_DAEMON 0
  #endif
! 	openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
  	addrlen = sizeof (his_addr);
  	if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
  		syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
--- 374,386 ----
  #ifndef LOG_DAEMON
  #define LOG_DAEMON 0
  #endif
! 
! #ifndef LOG_FTP
! #define FACILITY	LOG_DAEMON
! #else
! #define FACILITY	LOG_FTP
! #endif
! 	openlog("ftpd", LOG_PID | LOG_NDELAY, FACILITY);
  	addrlen = sizeof (his_addr);
  	if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
  		syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
@

