File opie-2.4.diff of Package opie

--- opie-2.4/Makefile.in
+++ opie-2.4/Makefile.in
@@ -98,7 +98,7 @@
 # of OPIE. 
 #
 # The third is the above using nifty heap debugger called "Electric Fence".
-DEBUG=-O
+#DEBUG=-O
 #DEBUG=-DDEBUG=1 -g
 #DEBUG=-DDEBUG=1 -g -lefence
 
@@ -115,14 +115,13 @@
 LOCALBIN=@LOCALBIN@
 LOCALMAN=@LOCALMAN@
 SU=@SU@
-ALT_SU=@ALT_SU@
 LOGIN=@LOGIN@
 LOCK_DIR=@LOCK_DIR@
 OPIEAUTO=@OPIEAUTO@
 
 BACKUP=opie.old
 
-CFLAGS=$(DEBUG) -Ilibmissing
+CFLAGS+=$(DEBUG) -Ilibmissing
 
 LFLAGS=-Llibopie -Llibmissing -lopie $(LIBS) -lmissing -lopie
 LDEPS=libmissing/libmissing.a libopie/libopie.a
@@ -139,15 +138,27 @@
 	@echo "Copying OPIE key-related files"
 	@if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi 
 	@cp opiekey $(OPIEAUTO) $(LOCALBIN)
+	@cp opiesu $(OPIEAUTO) $(LOCALBIN)
+	@cp opielogin $(OPIEAUTO) $(LOCALBIN)
+	@cp opieftpd $(OPIEAUTO) $(LOCALBIN)
+	@cp opiegen $(OPIEAUTO) $(LOCALBIN)
 	@$(CHOWN) $(OWNER) $(LOCALBIN)/opiekey
+	@$(CHOWN) $(OWNER) $(LOCALBIN)/opiesu
+	@$(CHOWN) $(OWNER) $(LOCALBIN)/opielogin
+	@$(CHOWN) $(OWNER) $(LOCALBIN)/opieftpd
+	@$(CHOWN) $(OWNER) $(LOCALBIN)/opiegen
 	@if test ! -z "$(OPIEAUTO)"; then $(CHOWN) $(OWNER) $(LOCALBIN)/opieauto; fi
 	@chgrp $(GROUP) $(LOCALBIN)/opiekey
 	@echo "Changing file permissions"
-	@chmod 0511 $(LOCALBIN)/opiekey
+	@chmod 0755 $(LOCALBIN)/opiekey
+	@chmod 0755 $(LOCALBIN)/opieftpd
+	@chmod 0755 $(LOCALBIN)/opiegen
+	@chmod 0755 $(LOCALBIN)/opielogin
+	@chmod 4755 $(LOCALBIN)/opiesu
 	@if test ! -z "$(OPIEAUTO)"; then chmod 0511 $(LOCALBIN)/opieauto; fi
 	@echo "Symlinking aliases to opiekey"
-	@-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md4
-	@-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md5
+	@-ln -s opiekey $(LOCALBIN)/otp-md4
+	@-ln -s opiekey $(LOCALBIN)/otp-md5
 	@echo "Installing manual pages"
 	@-for i in otp-md4 otp-md5; do ln -s opiekey.1 $(LOCALMAN)/man1/$$i.1; done
 	@if test ! -d $(LOCALMAN)/man1; then $(MKDIR) $(LOCALMAN)/man1; chmod 755 $(LOCALMAN)/man1; fi; cp opiekey.1 $(LOCALMAN)/man1/opiekey.1; $(CHOWN) $(OWNER) $(LOCALMAN)/man1/opiekey.1; chgrp $(GROUP) $(LOCALMAN)/man1/opiekey.1; chmod 644 $(LOCALMAN)/man1/opiekey.1
@@ -163,81 +174,14 @@
 	@$(CHOWN) $(OWNER) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo
 	@chgrp $(GROUP) $(LOCALBIN)/opiepasswd $(LOCALBIN)/opieinfo
 	@echo "Changing file permissions"
-	@chmod 0555 $(LOCALBIN)/opieinfo
-	@chmod 4511 $(LOCALBIN)/opiepasswd
+	@chmod 0755 $(LOCALBIN)/opieinfo
+	@chmod 4755 $(LOCALBIN)/opiepasswd
+
 	@echo "Installing OPIE system programs..."
-	@if test ! -z $(LOGIN); \
-	then \
-		if test ! $(EXISTS) $(LOGIN).$(BACKUP); \
-		then \
-			echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; \
-			mv $(LOGIN) $(LOGIN).$(BACKUP); \
-			echo "Clearing permissions on $(LOGIN)"; \
-			chmod 0 $(LOGIN).$(BACKUP); \
-		fi; \
-		echo "Copying OPIE login to $(LOGIN)"; \
-		cp opielogin $(LOGIN); \
-		echo "Changing ownership of $(LOGIN)"; \
-		$(CHOWN) $(OWNER) $(LOGIN); \
-		chgrp $(GROUP) $(LOGIN); \
-		echo "Changing file permissions of $(LOGIN)"; \
-		chmod 4111 $(LOGIN); \
-	fi
-	@if test ! -z $(SU); \
-	then \
-		if test ! $(EXISTS) $(SU).$(BACKUP); \
-		then \
-			echo "Renaming existing $(SU) to $(SU).$(BACKUP)"; \
-			mv $(SU) $(SU).$(BACKUP); \
-			echo "Clearing permissions on $(SU)"; \
-			chmod 0 $(SU).$(BACKUP); \
-		fi; \
-		echo "Copying OPIE su to $(SU)"; \
-		cp opiesu $(SU); \
-		echo "Changing ownership of $(SU)"; \
-		$(CHOWN) $(OWNER) $(SU); \
-		chgrp $(GROUP) $(SU); \
-		echo "Changing file permissions of $(SU)"; \
-		chmod 4111 $(SU); \
-	fi
-	@if test ! -z $(ALT_SU); \
-	then \
-		if test ! $(EXISTS) $(ALT_SU).$(BACKUP); \
-		then \
-			echo "Renaming existing $(ALT_SU) to $(ALT_SU).$(BACKUP)"; \
-			mv $(ALT_SU) $(ALT_SU).$(BACKUP); \
-			echo "Clearing permissions on $(ALT_SU)"; \
-			chmod 0 $(ALT_SU).$(BACKUP); \
-		fi; \
-		echo "Copying OPIE su to $(ALT_SU)"; \
-		cp opiesu $(ALT_SU); \
-		echo "Changing ownership of $(ALT_SU)"; \
-		$(CHOWN) $(OWNER) $(ALT_SU); \
-		chgrp $(GROUP) $(ALT_SU); \
-		echo "Changing file permissions of $(ALT_SU)"; \
-		chmod 4111 $(ALT_SU); \
-	fi
-	@if test ! -z $(FTPD); \
-	then \
-		if test ! $(EXISTS) $(FTPD).$(BACKUP); \
-		then \
-			echo "Renaming existing $(FTPD) to $(FTPD).$(BACKUP)"; \
-			mv $(FTPD) $(FTPD).$(BACKUP); \
-			echo "Clearing permissions on $(FTPD).$(BACKUP)"; \
-			chmod 0 $(FTPD).$(BACKUP); \
-		fi; \
-		echo "Copying OPIE ftp daemon to $(FTPD)"; \
-		cp opieftpd $(FTPD); \
-		echo "Changing ownership of $(FTPD)"; \
-		$(CHOWN) $(OWNER) $(FTPD); \
-		chgrp $(GROUP) $(FTPD); \
-		echo "Changing file permissions of $(FTPD)"; \
-		chmod 0100 $(FTPD); \
-	fi
 	@echo "Making sure OPIE database file exists";
 	@touch $(KEY_FILE)
 	@echo "Changing permissions of OPIE database file"
-	@chmod 0644 $(KEY_FILE)
+	@chmod 0600 $(KEY_FILE)
 	@echo "Changing ownership of OPIE database file"
 	@$(CHOWN) $(OWNER) $(KEY_FILE)
 	@chgrp $(GROUP) $(KEY_FILE)
@@ -262,7 +206,7 @@
 	@echo "Restoring old binaries"
 	@-for i in $(SU) $(ALT_SU) $(LOGIN) $(FTPD); do FILE=`basename $$i`; if test ! $(EXISTS) $$i.$(BACKUP); then echo "No $$i.$(BACKUP)! Aborting."; exit 1; else echo "Removing $$FILE"; rm $$i || true; echo "Restoring old $$FILE"; mv $$i.$(BACKUP) $$i; fi; done
 	@echo "Resetting permissions"
-	@chmod 4111 $(SU) $(LOGIN)
+	@chmod 4755 $(SU) $(LOGIN)
 	@chmod 0100 $(FTPD)
 	@if test ! -z "$(ALT_SU)"; then chmod 4111 $(ALT_SU); fi
 	@echo "OPIE is now un-installed."
--- opie-2.4/libopie/Makefile.in
+++ opie-2.4/libopie/Makefile.in
@@ -17,7 +17,7 @@
 OBJS=md4c.o md5c.o atob8.o btoa8.o btoh.o challenge.o getsequence.o hash.o hashlen.o keycrunch.o lock.o lookup.o newseed.o parsechallenge.o passcheck.o passwd.o randomchallenge.o readpass.o unlock.o verify.o version.o btoe.o accessfile.o generator.o insecure.o getutmpentry.o readrec.o writerec.o login.o open.o logwtmp.o # sha.o
 
 CC=@CC@
-CFLAGS=$(CFL) -I.. -I../libmissing
+CFLAGS=$(CFL) -fPIC -I.. -I../libmissing
 TARGET=libopie.a
 
 all: $(TARGET)
--- opie-2.4/libopie/readpass.c
+++ opie-2.4/libopie/readpass.c
@@ -14,6 +14,8 @@
 
         History:
 
+	Modified opiereadpass() and fixing off by one. S-
+
 	Modified by cmetz for OPIE 2.31. Use usleep() to delay after setting
 		the terminal attributes; this might help certain buggy
 		systems.
@@ -81,6 +83,9 @@
   char kill[4];
   char eof[4];
 
+  if (len < 2) /* AUDIT: useless otherwise */
+	return NULL;
+
   memset(erase, 0, sizeof(erase));
   memset(kill, 0, sizeof(kill));
   memset(eof, 0, sizeof(eof));
@@ -217,7 +222,8 @@
 #endif /* unix */
 
   {
-  char *c = buf, *end = buf + len, *e;
+  char *c = buf, *end = buf + len-1, *e;/* AUDIT: fixing off by one */
+
 #ifdef __OS2__
   KBDKEYINFO keyInfo;
 #endif /* __OS2__ */
--- opie-2.4/libopie/readrec.c
+++ opie-2.4/libopie/readrec.c
@@ -8,6 +8,7 @@
 
 	History:
 
+	Replaced strcpy() S-
 	Modified by cmetz for OPIE 2.4. Check that seed, sequence number, and
 		response values are valid.
 	Modified by cmetz for OPIE 2.31. Removed active attack protection
@@ -142,7 +143,7 @@
     if (strlen(opie->opie_principal) > OPIE_PRINCIPAL_MAX)
       (opie->opie_principal)[OPIE_PRINCIPAL_MAX] = 0;
     
-    strcpy(principal, opie->opie_principal);
+    snprintf(principal,sizeof(principal),"%s",opie->opie_principal);/* AUDIT: replaced strcpy()*/
     
     do {
       if ((opie->opie_recstart = ftell(f)) < 0)
--- opie-2.4/opieinfo.c
+++ opie-2.4/opieinfo.c
@@ -33,6 +33,7 @@
 
 #include "opie_cfg.h"
 #include <stdio.h>
+#include <errno.h>
 #if HAVE_UNISTD_H
 #include <unistd.h>
 #endif /* HAVE_UNISTD_H */
--- opie-2.4/opiepasswd.c
+++ opie-2.4/opiepasswd.c
@@ -14,6 +14,8 @@
 
 	History:
 
+	Replaced strcpy() S-
+
 	Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks.
 		Use opiestrncpy().
 	Modified by cmetz for OPIE 2.32. Use OPIE_SEED_MAX instead of
@@ -207,7 +209,7 @@
     }
   } else {
     if (!rval)
-      strcpy(seed, opie.opie_seed);
+      snprintf(seed, sizeof(seed), "%s", opie.opie_seed);/* AUDIT: replaced strcpy() */
 
     if (opienewseed(seed) < 0) {
       fprintf(stderr, "Error updating seed.\n");
--- opie-2.4/opiesu.c
+++ opie-2.4/opiesu.c
@@ -201,7 +201,7 @@
     for (cp = ename; *cp == *dp && *cp; cp++, dp++)
       continue;
     if (*cp == 0 && (*dp == '=' || *dp == 0)) {
-      strcat(buf, eval);
+      snprintf(buf, sizeof(buf), "%s%s",buf,  eval); /* XXX: what to do? */
       *--ep = buf;
       return;
     }
@@ -469,8 +469,8 @@
   }
   if (thisuser.pw_shell && *thisuser.pw_shell)
     shell = thisuser.pw_shell;
-  if (fulllogin) {
-    if ((p = getenv("TERM")) && (strlen(termbuf) + strlen(p) - 1 < sizeof(termbuf))) {
+  if (fulllogin) {
+    if ((p = getenv("TERM")) && (strlen(termbuf) + strlen(p) + 1 < sizeof(termbuf))) {
       strcat(termbuf, p);
       cleanenv[4] = termbuf;
     }
--- opie-2.4/opielogin.c.xx	2005-01-24 16:55:48.546071784 +0100
+++ opie-2.4/opielogin.c	2005-01-24 16:55:50.669018940 +0100
@@ -1451,7 +1451,7 @@
   attr.c_lflag |= (ISIG | IEXTEN);
 
   catchexit();
-  execlp(thisuser.pw_shell, minusnam, 0);
+  execlp(thisuser.pw_shell, minusnam, NULL);
   perror(thisuser.pw_shell);
   printf("No shell\n");
   exit(0);