From owner-svn-src-stable@FreeBSD.ORG Mon Aug 18 02:13:46 2014 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4AB3FD3E; Mon, 18 Aug 2014 02:13:46 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 353A73C74; Mon, 18 Aug 2014 02:13:46 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s7I2DkHM073905; Mon, 18 Aug 2014 02:13:46 GMT (envelope-from ache@FreeBSD.org) Received: (from ache@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s7I2Djxe073901; Mon, 18 Aug 2014 02:13:45 GMT (envelope-from ache@FreeBSD.org) Message-Id: <201408180213.s7I2Djxe073901@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: ache set sender to ache@FreeBSD.org using -f From: "Andrey A. Chernov" Date: Mon, 18 Aug 2014 02:13:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r270120 - in stable/10: contrib/opie contrib/opie/libopie usr.bin/opiekey X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Aug 2014 02:13:46 -0000 Author: ache Date: Mon Aug 18 02:13:45 2014 New Revision: 270120 URL: http://svnweb.freebsd.org/changeset/base/270120 Log: MFC: r269806,r269809,r269811,r269810 r269806: Fix too long (seed length >12 chars) challenge handling. 1) " ext" length should be included into OPIE_CHALLENGE_MAX (as all places of opie code expects that). 2) Overflow check in challenge.c is off by 1 even with corrected OPIE_CHALLENGE_MAX 3) When fallback to randomchallenge() happens and rval is 0 (i.e. challenge is too long), its value should be set to error state too. To demonstrate the bug, run opiepasswd with valid seed: opiepasswd -s 1234567890123456 and notice that it falls back to randomchallenge() (i.e. no 1234567890123456 in the prompt). r269809: When sha1 support was added, they forget to increase OPIE_HASHNAME_MAX r269811: Last '/' for program name, not first one. r269810: Link otp-sha1 to match real challenge prompt, not otp-sha. PR: 191511 Submitted by: mitsururike@gmail.com (partially, PR 269806) Modified: stable/10/contrib/opie/libopie/challenge.c stable/10/contrib/opie/opie.h stable/10/contrib/opie/opiekey.c stable/10/usr.bin/opiekey/Makefile Directory Properties: stable/10/ (props changed) Modified: stable/10/contrib/opie/libopie/challenge.c ============================================================================== --- stable/10/contrib/opie/libopie/challenge.c Mon Aug 18 01:49:42 2014 (r270119) +++ stable/10/contrib/opie/libopie/challenge.c Mon Aug 18 02:13:45 2014 (r270120) @@ -68,7 +68,9 @@ int opiechallenge FUNCTION((mp, name, ss } if (rval || - (snprintf(ss, OPIE_CHALLENGE_MAX, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed) >= OPIE_CHALLENGE_MAX)) { + (snprintf(ss, OPIE_CHALLENGE_MAX+1, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed) >= OPIE_CHALLENGE_MAX+1)) { + if (!rval) + rval = 1; opierandomchallenge(ss); memset(mp, 0, sizeof(*mp)); } Modified: stable/10/contrib/opie/opie.h ============================================================================== --- stable/10/contrib/opie/opie.h Mon Aug 18 01:49:42 2014 (r270119) +++ stable/10/contrib/opie/opie.h Mon Aug 18 02:13:45 2014 (r270120) @@ -69,11 +69,11 @@ struct opie { /* Maximum length of a seed */ #define OPIE_SEED_MAX 16 -/* Max length of hash algorithm name (md4/md5) */ -#define OPIE_HASHNAME_MAX 3 +/* Max length of hash algorithm name (md4/md5/sha1) */ +#define OPIE_HASHNAME_MAX 4 -/* Maximum length of a challenge (otp-md? 9999 seed) */ -#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX) +/* Maximum length of a challenge (otp-md? 9999 seed ext) */ +#define OPIE_CHALLENGE_MAX (4+OPIE_HASHNAME_MAX+1+4+1+OPIE_SEED_MAX+1+3) /* Maximum length of a response that we allow */ #define OPIE_RESPONSE_MAX (9+1+19+1+9+OPIE_SEED_MAX+1+19+1+19+1+19) Modified: stable/10/contrib/opie/opiekey.c ============================================================================== --- stable/10/contrib/opie/opiekey.c Mon Aug 18 01:49:42 2014 (r270119) +++ stable/10/contrib/opie/opiekey.c Mon Aug 18 02:13:45 2014 (r270120) @@ -144,7 +144,7 @@ int main FUNCTION((argc, argv), int argc int type = RESPONSE_STANDARD; int force = 0; - if (slash = strchr(argv[0], '/')) + if (slash = strrchr(argv[0], '/')) slash++; else slash = argv[0]; Modified: stable/10/usr.bin/opiekey/Makefile ============================================================================== --- stable/10/usr.bin/opiekey/Makefile Mon Aug 18 01:49:42 2014 (r270119) +++ stable/10/usr.bin/opiekey/Makefile Mon Aug 18 02:13:45 2014 (r270120) @@ -15,9 +15,9 @@ LDADD= -lopie -lmd LINKS= ${BINDIR}/opiekey ${BINDIR}/otp-md4 LINKS+= ${BINDIR}/opiekey ${BINDIR}/otp-md5 -LINKS+= ${BINDIR}/opiekey ${BINDIR}/otp-sha +LINKS+= ${BINDIR}/opiekey ${BINDIR}/otp-sha1 -MLINKS= opiekey.1 otp-md4.1 opiekey.1 otp-md5.1 opiekey.1 otp-sha.1 +MLINKS= opiekey.1 otp-md4.1 opiekey.1 otp-md5.1 opiekey.1 otp-sha1.1 .PATH: ${OPIE_DIST}