File rad-buffer-overflow.diff of Package radiusclient-ng

From: Jan Engelhardt <jengelh@medozas.de>
Date: 2011-10-09 16:47:35.014125750 +0200
Upstream: dead

src: resolve crap code

I: Statement might be overflowing a buffer in strncat. Common mistake:
   BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
   GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
E: radiusclient-ng bufferoverflowstrncat clientid.c:114:9
E: radiusclient-ng bufferoverflowstrncat radexample.c:63:10
E: radiusclient-ng bufferoverflowstrncat radius.c:107:10

I: Program returns random data in a function
E: radiusclient-ng no-return-in-nonvoid-function radstatus.c:114

---
 lib/clientid.c   |    6 +++---
 src/radexample.c |   12 +++++-------
 src/radius.c     |    9 +++++----
 src/radstatus.c  |    1 +
 4 files changed, 14 insertions(+), 14 deletions(-)

Index: radiusclient-ng-0.5.6/lib/clientid.c
===================================================================
--- radiusclient-ng-0.5.6.orig/lib/clientid.c
+++ radiusclient-ng-0.5.6/lib/clientid.c
@@ -109,9 +109,9 @@ UINT4 rc_map2id(rc_handle *rh, char *nam
 
 	*ttyname = '\0';
 	if (*name != '/')
-		strcpy(ttyname, "/dev/");
-
-	strncat(ttyname, name, sizeof(ttyname));
+		snprintf(ttyname, sizeof(ttyname), "/dev/%s", name);
+	else
+		snprintf(ttyname, sizeof(ttyname), "%s", name);
 
 	for(p = rh->map2id_list; p; p = p->next)
 		if (!strcmp(ttyname, p->name)) return p->id;
Index: radiusclient-ng-0.5.6/src/radexample.c
===================================================================
--- radiusclient-ng-0.5.6.orig/src/radexample.c
+++ radiusclient-ng-0.5.6/src/radexample.c
@@ -52,16 +52,14 @@ main (int argc, char **argv)
 	/*
 	 * Fill in User-Name
 	 */
-
-	strncpy(username_realm, username, sizeof(username_realm));
-
 	/* Append default realm */
 	if ((strchr(username_realm, '@') == NULL) && default_realm &&
 	    (*default_realm != '\0'))
-	{
-		strncat(username_realm, "@", sizeof(username_realm));
-		strncat(username_realm, default_realm, sizeof(username_realm));
-	}
+		snprintf(username_realm, sizeof(username_realm),
+		         "%s@%s", username, default_realm);
+	else
+		snprintf(username_realm, sizeof(username_realm),
+		         "%s", username);
 
 	if (rc_avpair_add(rh, &send, PW_USER_NAME, username_realm, -1, 0) == NULL)
 		return ERROR_RC;
Index: radiusclient-ng-0.5.6/src/radius.c
===================================================================
--- radiusclient-ng-0.5.6.orig/src/radius.c
+++ radiusclient-ng-0.5.6/src/radius.c
@@ -102,10 +102,11 @@ LFUNC auth_radius(rc_handle *rh, UINT4 c
 
 	 if ((strchr(username_realm, '@') == NULL) && default_realm &&
 	     ((*default_realm) != '\0'))
-	 {
-		strncat(username_realm, "@", sizeof(username_realm));
-		strncat(username_realm, default_realm, sizeof(username_realm));
-	 }
+		snprintf(username_realm, sizeof(username_realm),
+		         "%s@%s", username, default_realm);
+	else
+		snprintf(username_realm, sizeof(username_realm),
+		         "%s", username);
 
 	if (rc_avpair_add(rh, &send, PW_USER_NAME, username_realm, -1, 0) == NULL)
 		return NULL;
Index: radiusclient-ng-0.5.6/src/radstatus.c
===================================================================
--- radiusclient-ng-0.5.6.orig/src/radstatus.c
+++ radiusclient-ng-0.5.6/src/radstatus.c
@@ -111,4 +111,5 @@ int main (int argc, char **argv)
 			fputs(msg, stdout);
 		}
 	}
+	return EXIT_SUCCESS;
 }