/*
- * $Id: auth.c,v 1.67 2009-10-13 22:55:36 didg Exp $
+ * $Id: auth.c,v 1.68 2009-10-15 10:43:13 didg Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* All Rights Reserved. See COPYRIGHT.
return AFP_OK;
}
-static int afp_errpwdexpired(AFPObj *obj _U_, char *ibuf _U_, int ibuflen _U_, char *rbuf _U_, int *rbuflen)
+static int afp_errpwdexpired(AFPObj *obj _U_, char *ibuf _U_, size_t ibuflen _U_,
+ char *rbuf _U_, size_t *rbuflen)
{
*rbuflen = 0;
return AFPERR_PWDEXPR;
}
-static int afp_null_nolog(AFPObj *obj _U_, char *ibuf _U_, int ibuflen _U_, char *rbuf _U_, int *rbuflen)
+static int afp_null_nolog(AFPObj *obj _U_, char *ibuf _U_, size_t ibuflen _U_,
+ char *rbuf _U_, size_t *rbuflen)
{
*rbuflen = 0;
return( AFPERR_NOOP );
/* ---------------------- */
int afp_zzz ( /* Function 122 */
AFPObj *obj,
- char *ibuf _U_, unsigned int ibuflen _U_,
- char *rbuf, unsigned int *rbuflen)
+ char *ibuf _U_, size_t ibuflen _U_,
+ char *rbuf, size_t *rbuflen)
{
u_int32_t retdata;
/* ---------------------- */
int afp_getsession(
AFPObj *obj,
- char *ibuf, unsigned int ibuflen,
- char *rbuf, unsigned int *rbuflen)
+ char *ibuf, size_t ibuflen,
+ char *rbuf, size_t *rbuflen)
{
u_int16_t type;
u_int32_t idlen = 0;
*rbuflen = 0;
tklen = 0;
+ if (ibuflen < 2 + sizeof(type)) {
+ return AFPERR_PARAM;
+ }
+
ibuf += 2;
ibuflen -= 2;
}
/* ---------------------- */
-int afp_disconnect(AFPObj *obj _U_, char *ibuf, int ibuflen _U_, char *rbuf _U_, int *rbuflen)
+int afp_disconnect(AFPObj *obj _U_, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size_t *rbuflen)
{
u_int16_t type;
}
/* ---------------------- */
-static int get_version(AFPObj *obj, char *ibuf, int ibuflen, int len)
+static int get_version(AFPObj *obj, char *ibuf, size_t ibuflen, size_t len)
{
int num,i;
}
/* ---------------------- */
-int afp_login(AFPObj *obj, char *ibuf, int ibuflen, char *rbuf, int *rbuflen)
+int afp_login(AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
{
struct passwd *pwd = NULL;
- int len, i;
+ size_t len;
+ int i;
*rbuflen = 0;
if ( nologin & 1)
return send_reply(obj, AFPERR_SHUTDOWN );
- if (ibuflen <= 1)
+ if (ibuflen < 2)
return send_reply(obj, AFPERR_BADVERS );
ibuf++;
if (i)
return send_reply(obj, i );
+ if (ibuflen <= len)
+ return send_reply(obj, AFPERR_BADUAM);
+
ibuf += len;
ibuflen -= len;
- if (ibuflen <= 1)
- return send_reply(obj, AFPERR_BADUAM);
-
len = (unsigned char) *ibuf++;
ibuflen--;
}
/* ---------------------- */
-int afp_login_ext(AFPObj *obj, char *ibuf, unsigned int ibuflen, char *rbuf, unsigned int *rbuflen)
+int afp_login_ext(AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
{
struct passwd *pwd = NULL;
- unsigned int len;
+ size_t len;
int i;
char type;
u_int16_t len16;
if ( nologin & 1)
return send_reply(obj, AFPERR_SHUTDOWN );
- if (ibuflen <= 4)
+ if (ibuflen < 5)
return send_reply(obj, AFPERR_BADVERS );
ibuf++;
if (i)
return send_reply(obj, i );
+ if (ibuflen <= len)
+ return send_reply(obj, AFPERR_BADUAM);
+
ibuf += len;
ibuflen -= len;
- if (ibuflen <= 1)
- return send_reply(obj, AFPERR_BADUAM);
-
len = (unsigned char) *ibuf;
ibuf++;
ibuflen--;
return send_reply(obj, AFPERR_BADUAM);
}
/* user name */
- if (len <= 1 +sizeof(len16))
+ if (ibuflen <= 1 +sizeof(len16))
return send_reply(obj, AFPERR_PARAM);
type = *ibuf;
username = ibuf;
}
/* ---------------------- */
-int afp_logincont(AFPObj *obj, char *ibuf, int ibuflen, char *rbuf, int *rbuflen)
+int afp_logincont(AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
{
struct passwd *pwd = NULL;
int err;
- if ( afp_uam == NULL || afp_uam->u.uam_login.logincont == NULL ) {
+ if ( afp_uam == NULL || afp_uam->u.uam_login.logincont == NULL || ibuflen < 2 ) {
*rbuflen = 0;
return send_reply(obj, AFPERR_NOTAUTH );
}
}
-int afp_logout(AFPObj *obj, char *ibuf _U_, int ibuflen _U_, char *rbuf _U_, int *rbuflen _U_)
+int afp_logout(AFPObj *obj, char *ibuf _U_, size_t ibuflen _U_, char *rbuf _U_, size_t *rbuflen _U_)
{
LOG(log_info, logtype_afpd, "logout %s", obj->username);
close_all_vol();
* to work. this also does a little pre-processing before it hands
* it off to the uam.
*/
-int afp_changepw(AFPObj *obj, char *ibuf, int ibuflen, char *rbuf, int *rbuflen)
+int afp_changepw(AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
{
char username[MACFILELEN + 1], *start = ibuf;
struct uam_obj *uam;
return AFPERR_PARAM;
/* send it off to the uam. we really don't use ibuflen right now. */
+ if (ibuflen < (size_t)(ibuf - start))
+ return AFPERR_PARAM;
+
ibuflen -= (ibuf - start);
ret = uam->u.uam_changepw(obj, username, pwd, ibuf, ibuflen,
rbuf, rbuflen);
/* FPGetUserInfo */
-int afp_getuserinfo(AFPObj *obj _U_, char *ibuf, int ibuflen _U_, char *rbuf, int *rbuflen)
+int afp_getuserinfo(AFPObj *obj _U_, char *ibuf, size_t ibuflen _U_, char *rbuf, size_t *rbuflen)
{
u_int8_t thisuser;
u_int32_t id;