Sophie: xsupplicant-1.0.1-3.1.20060mdk src

xsupplicant-1.0.1-3.1.20060mdk.src.rpm

--- xsupplicant-1.0.1/src/xsup_common.c.stack-smash	2006-10-26 10:17:22.000000000 -0600
+++ xsupplicant-1.0.1/src/xsup_common.c	2006-10-26 10:17:22.000000000 -0600
@@ -0,0 +1,29 @@
+/**
+ * General routines
+ *
+ * Licensed under the dual GPL/BSD license.  (See LICENSE file for more info.)
+ *
+ * File: xsup_common.c
+ *
+ * Authors: Carsten Grohmann
+ *
+ * $Id: xsup_common.c,v 1.1 2006/08/25 23:37:18 chessing Exp $
+ * $Date: 2006/08/25 23:37:18 $
+ * $Log: xsup_common.c,v $
+ * Revision 1.1  2006/08/25 23:37:18  chessing
+ * Numerous patches that have come in over the last month or two.
+ *
+ */
+
+#include <string.h>
+
+#ifdef USE_EFENCE
+#include <efence.h>
+#endif
+
+char* Strncpy(char *dest, const char *src, size_t n)
+{
+  strncpy(dest, src, n);
+  dest[n-1] = 0;
+  return dest;
+}
--- xsupplicant-1.0.1/src/eap.c.stack-smash	2004-08-16 17:36:27.000000000 -0600
+++ xsupplicant-1.0.1/src/eap.c	2006-10-26 10:17:40.000000000 -0600
@@ -107,6 +107,7 @@
 
 #include "snmp.h"
 #include "frame_structs.h"
+#include "xsup_common.h"
 #include "xsup_debug.h"
 #include "xsup_err.h"
 #include "config.h"
@@ -300,7 +301,7 @@ static int wpa_keying_material(struct in
 void eap_do_notify(struct interface_data *thisint, char *inframe, int insize)
 {
   struct eap_header *myeap;
-  char myval[255];
+  char *myval;
 
   if ((!thisint) || (!inframe))
     {
@@ -310,14 +311,24 @@ void eap_do_notify(struct interface_data
 
   myeap = (struct eap_header *)&inframe[OFFSET_TO_EAP];
 
-  bzero(&myval[0], 255);
-  
   // We need to determine how long the string that we were returned is.
   // So, take the EAP length value, and subtract 5 to account for the EAP
   // header.
-  strncpy(&myval[0], &inframe[OFFSET_TO_DATA], (ntohs(myeap->eap_length)-5));
 
-  debug_printf(DEBUG_NORMAL, "EAP Notification : %s\n", &myval[0]);
+  // This will allocate 5 bytes more than we should need.
+  myval = malloc(ntohs(myeap->eap_length));
+  if (myval == NULL)
+    {
+      debug_printf(DEBUG_NORMAL, "Couldn't allocate memory to store EAP "
+		   "notification message!\n");
+      return;
+    }
+
+  memset(myval, 0x00, ntohs(myeap->eap_length));
+  
+  Strncpy(myval, (char *) &inframe[OFFSET_TO_DATA], (ntohs(myeap->eap_length)-5));
+
+  debug_printf(DEBUG_NORMAL, "EAP Notification : %s\n", myval);
 }
 
 /*******************************************
--- xsupplicant-1.0.1/src/xsup_common.h.stack-smash	2006-10-26 10:17:22.000000000 -0600
+++ xsupplicant-1.0.1/src/xsup_common.h	2006-10-26 10:17:22.000000000 -0600
@@ -0,0 +1,29 @@
+/**
+ *
+ * Licensed under a dual GPL/BSD license.  (See LICENSE file for more info.)
+ *
+ * File: xsup_common.h
+ *
+ * Authors: Chris.Hessing@utah.edu and Carsten Grohmann
+ *
+ * $Id: xsup_common.h,v 1.1 2006/08/25 23:37:18 chessing Exp $
+ * $Date: 2006/08/25 23:37:18 $
+ */
+#ifndef XSUP_COMMON_H_
+#define XSUP_COMMON_H_
+
+/** Secure strncpy() replacement
+ *
+ *  Sets the last position of the buffer to 0. All times.
+ *  All parameters are equal to strncpy().
+ */
+char* Strncpy(char *dest, const char *src, size_t n);
+
+/** Secure free() replacement
+ *
+ * Check the pointer before freeing and set it to NULL after the memory
+ * has been freed 
+ */
+#define FREE(p) if (p != NULL) {free(p); p=NULL;}
+
+#endif
--- xsupplicant-1.0.1/src/xsup_ipc.c.stack-smash	2004-07-14 22:15:35.000000000 -0600
+++ xsupplicant-1.0.1/src/xsup_ipc.c	2006-10-26 10:17:22.000000000 -0600
@@ -82,6 +82,7 @@
 #include "profile.h"
 #include "config.h"
 #include "xsup_ipc.h"
+#include "xsup_common.h"
 #include "xsup_debug.h"
 #include "xsup_err.h"
 #include "ipc_callout.h"
--- xsupplicant-1.0.1/src/Makefile.am.stack-smash	2004-08-18 22:11:47.000000000 -0600
+++ xsupplicant-1.0.1/src/Makefile.am	2006-10-26 10:17:22.000000000 -0600
@@ -14,7 +14,7 @@ sbin_PROGRAMS = xsupplicant
 xsupplicant_SOURCES = xsup_driver.c xsup_debug.c profile.c core.c\
 			config.c eapol.c statemachine.c eap.c snmp.c wpa.c \
 			key_statemachine.c eapol_key_type1.c interactive.c \
-			eapol_key_type254.c \
+			eapol_key_type254.c xsup_common.c \
 			eap_types/md5/eapmd5.c eap_types/tls/eaptls.c \
 			eap_types/tls/tls_funcs.c eap_types/ttls/eapttls.c \
 			eap_types/ttls/ttlsphase2.c eap_types/tls/tls_crypt.c \
--- xsupplicant-1.0.1/src/ipc_callout.c.stack-smash	2004-07-14 22:15:35.000000000 -0600
+++ xsupplicant-1.0.1/src/ipc_callout.c	2006-10-26 10:17:22.000000000 -0600
@@ -170,6 +170,12 @@ void ipc_callout_process_conf(struct int
       debug_printf(DEBUG_NORMAL, "Incorrect call to ipc_callout_process_conf!\n");
     }
 
+  if (((cmd->len) + sizeof(struct ipc_cmd)) > bufsize)
+    {
+      debug_printf(DEBUG_NORMAL, "Buffer not large enough to hold response!\n");
+      return;
+    }
+
   *bufptr += sizeof(struct ipc_cmd);