[src/trunk]: src/usr.bin/skey Add some validity checks for seed and password.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/usr.bin/skey Add some validity checks for seed and password.
From: mjl <mjl%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 07:46:56 +0000

details:   https://anonhg.NetBSD.org/src/rev/3662ddaff603
branches:  trunk
changeset: 494534:3662ddaff603
user:      mjl <mjl%NetBSD.org@localhost>
date:      Fri Jul 07 15:45:00 2000 +0000

description:
Add some validity checks for seed and password.

diffstat:

 usr.bin/skey/skey.c |  18 +++++++++++++++---
 1 files changed, 15 insertions(+), 3 deletions(-)

diffs (55 lines):

diff -r f583ca70d301 -r 3662ddaff603 usr.bin/skey/skey.c
--- a/usr.bin/skey/skey.c       Fri Jul 07 15:42:35 2000 +0000
+++ b/usr.bin/skey/skey.c       Fri Jul 07 15:45:00 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: skey.c,v 1.10 2000/07/07 15:18:14 mjl Exp $    */
+/*     $NetBSD: skey.c,v 1.11 2000/07/07 15:45:00 mjl Exp $    */
 
 /*
  * S/KEY v1.1b (skey.c)
@@ -23,9 +23,10 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: skey.c,v 1.10 2000/07/07 15:18:14 mjl Exp $");
+__RCSID("$NetBSD: skey.c,v 1.11 2000/07/07 15:45:00 mjl Exp $");
 #endif
 
+#include <ctype.h>
 #include <err.h>
 #include <fcntl.h>
 #include <stdio.h>
@@ -42,7 +43,7 @@
 {
        int     n, cnt, i, pass = 0, hexmode = 0;
        char    passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE];
-       char    buf[33], *seed, *slash;
+       char    buf[33], *seed, *slash, *t;
 
        cnt = 1;
 
@@ -101,6 +102,14 @@
                seed = argv[++optind];
        }
 
+       for(t = seed; *t; t++) {
+               if(!isalnum(*t))
+                       errx(1, "seed must be alphanumeric");
+       }
+
+       if(!*seed || strlen(seed) > SKEY_MAX_SEED_LEN)
+               errx(1, "seed must be between 1 and %d long", SKEY_MAX_SEED_LEN);
+
        /* Get user's secret password */
        if (!pass) {
                (void)fputs("Reminder - Do not use this program while "
@@ -111,6 +120,9 @@
                        exit(1);
        }
 
+       if(strlen(passwd) < SKEY_MIN_PW_LEN)
+               errx(1, "password must be at least %d long", SKEY_MIN_PW_LEN);
+
        /* Crunch seed and password into starting key */
        if (keycrunch(key, seed, passwd) != 0)
                errx(1, "key crunch failed");

Prev by Date: [src/trunk]: src/usr.bin/rpcinfo pull rpc/nettype.h in, for some of function ...
Next by Date: [src/trunk]: src/sys/arch/sparc64/sparc64 Temporary fix to prevent the clock ...
Previous by Thread: [src/trunk]: src/usr.bin/rpcinfo pull rpc/nettype.h in, for some of function ...
Next by Thread: [src/trunk]: src/sys/arch/sparc64/sparc64 Temporary fix to prevent the clock ...
Indexes:

Home | Main Index | Thread Index | Old Index