diff options
Diffstat (limited to 'net-im/jabberd/files/patch-c2s-buffers')
-rw-r--r-- | net-im/jabberd/files/patch-c2s-buffers | 260 |
1 files changed, 260 insertions, 0 deletions
diff --git a/net-im/jabberd/files/patch-c2s-buffers b/net-im/jabberd/files/patch-c2s-buffers new file mode 100644 index 000000000000..91123566fa04 --- /dev/null +++ b/net-im/jabberd/files/patch-c2s-buffers @@ -0,0 +1,260 @@ +diff -ru c2sorig/authreg.c c2s/authreg.c +--- c2sorig/authreg.c Mon Nov 22 15:53:34 2004 ++++ c2s/authreg.c Mon Nov 22 20:06:25 2004 +@@ -623,7 +623,7 @@ + log_write(c2s->log, LOG_NOTICE, "[%d] created user: user=%s; realm=%s", sess->s->tag, username, sess->realm); + + /* extract the password */ +- snprintf(password, 1024, "%.*s", NAD_CDATA_L(nad, elem), NAD_CDATA(nad, elem)); ++ snprintf(password, 257, "%.*s", NAD_CDATA_L(nad, elem), NAD_CDATA(nad, elem)); + + /* change it */ + if((c2s->ar->set_password)(c2s->ar, username, sess->realm, password) != 0) +diff -ru c2sorig/authreg_mysql.c c2s/authreg_mysql.c +--- c2sorig/authreg_mysql.c Mon Nov 22 15:53:34 2004 ++++ c2s/authreg_mysql.c Mon Nov 22 16:55:37 2004 +@@ -24,6 +24,10 @@ + + #ifdef STORAGE_MYSQL + ++#define MYSQL_LU 1024 /* maximum length of username - should correspond to field length */ ++#define MYSQL_LR 256 /* maximum length of realm - should correspond to field length */ ++#define MYSQL_LP 256 /* maximum length of password - should correspond to field length */ ++ + #include <mysql.h> + + typedef struct mysqlcontext_st { +@@ -42,7 +46,8 @@ + static MYSQL_RES *_ar_mysql_get_user_tuple(authreg_t ar, char *username, char *realm) { + mysqlcontext_t ctx = (mysqlcontext_t) ar->private; + MYSQL *conn = ctx->conn; +- char euser[2049], erealm[2049], sql[5121]; /* query(1024) + euser(2048) + erealm(2048) + \0(1) */ ++ char iuser[MYSQL_LU+1], irealm[MYSQL_LR+1]; ++ char euser[MYSQL_LU*2+1], erealm[MYSQL_LR*2+1], sql[1024 + MYSQL_LU*2 + MYSQL_LR*2 + 1]; /* query(1024) + euser + erealm + \0(1) */ + MYSQL_RES *res; + + if(mysql_ping(conn) != 0) { +@@ -50,8 +55,11 @@ + return NULL; + } + +- mysql_real_escape_string(conn, euser, username, strlen(username)); +- mysql_real_escape_string(conn, erealm, realm, strlen(realm)); ++ snprintf(iuser, MYSQL_LU+1, "%s", username); ++ snprintf(irealm, MYSQL_LR+1, "%s", realm); ++ ++ mysql_real_escape_string(conn, euser, iuser, strlen(iuser)); ++ mysql_real_escape_string(conn, erealm, irealm, strlen(irealm)); + + sprintf(sql, ctx->sql_select, euser, erealm); + +@@ -127,15 +135,21 @@ + static int _ar_mysql_set_password(authreg_t ar, char *username, char *realm, char password[257]) { + mysqlcontext_t ctx = (mysqlcontext_t) ar->private; + MYSQL *conn = ctx->conn; +- char euser[2049], erealm[2049], epass[513], sql[5633]; /* query(1024) + euser(2048) + erealm(2048) + epass(512) + \0(1) */ ++ char iuser[MYSQL_LU+1], irealm[MYSQL_LR+1]; ++ char euser[MYSQL_LU*2+1], erealm[MYSQL_LR*2+1], epass[513], sql[1024+MYSQL_LU*2+MYSQL_LR*2+512+1]; /* query(1024) + euser + erealm + epass(512) + \0(1) */ + + if(mysql_ping(conn) != 0) { + log_write(ar->c2s->log, LOG_ERR, "mysql: connection to database lost"); + return 1; + } + +- mysql_real_escape_string(conn, euser, username, strlen(username)); +- mysql_real_escape_string(conn, erealm, realm, strlen(realm)); ++ snprintf(iuser, MYSQL_LU+1, "%s", username); ++ snprintf(irealm, MYSQL_LR+1, "%s", realm); ++ ++ password[256]= '\0'; ++ ++ mysql_real_escape_string(conn, euser, iuser, strlen(iuser)); ++ mysql_real_escape_string(conn, erealm, irealm, strlen(irealm)); + mysql_real_escape_string(conn, epass, password, strlen(password)); + + sprintf(sql, ctx->sql_setpassword, epass, euser, erealm); +@@ -195,15 +209,19 @@ + static int _ar_mysql_set_zerok(authreg_t ar, char *username, char *realm, char hash[41], char token[11], int sequence) { + mysqlcontext_t ctx = (mysqlcontext_t) ar->private; + MYSQL *conn = ctx->conn; +- char euser[2049], erealm[2049], ehash[81], etoken[21], sql[5233]; /* query(1024) + euser(2048) + erealm(2048) + ehash(80) + etoken(20) + sequence(12) + \0(1) */ ++ char iuser[MYSQL_LU+1], irealm[MYSQL_LR+1]; ++ char euser[MYSQL_LU*2+1], erealm[MYSQL_LR*2+1], ehash[81], etoken[21], sql[1024+MYSQL_LU*2+MYSQL_LR*2+80+20+12+1]; /* query(1024) + euser + erealm + ehash(80) + etoken(20) + sequence(12) + \0(1) */ + + if(mysql_ping(conn) != 0) { + log_write(ar->c2s->log, LOG_ERR, "mysql: connection to database lost"); + return 1; + } + +- mysql_real_escape_string(conn, euser, username, strlen(username)); +- mysql_real_escape_string(conn, erealm, realm, strlen(realm)); ++ snprintf(iuser, MYSQL_LU+1, "%s", username); ++ snprintf(irealm, MYSQL_LR+1, "%s", realm); ++ ++ mysql_real_escape_string(conn, euser, iuser, strlen(iuser)); ++ mysql_real_escape_string(conn, erealm, irealm, strlen(irealm)); + mysql_real_escape_string(conn, ehash, hash, strlen(hash)); + mysql_real_escape_string(conn, etoken, token, strlen(token)); + +@@ -222,7 +240,8 @@ + static int _ar_mysql_create_user(authreg_t ar, char *username, char *realm) { + mysqlcontext_t ctx = (mysqlcontext_t) ar->private; + MYSQL *conn = ctx->conn; +- char euser[2049], erealm[2049], sql[5121]; /* query(1024) + euser(2048) + erealm(2048) + \0(1) */ ++ char iuser[MYSQL_LU+1], irealm[MYSQL_LR+1]; ++ char euser[MYSQL_LU*2+1], erealm[MYSQL_LR*2+1], sql[1024+MYSQL_LU*2+MYSQL_LR*2+1]; /* query(1024) + euser + erealm + \0(1) */ + MYSQL_RES *res = _ar_mysql_get_user_tuple(ar, username, realm); + + if(res != NULL) { +@@ -237,8 +256,11 @@ + return 1; + } + +- mysql_real_escape_string(conn, euser, username, strlen(username)); +- mysql_real_escape_string(conn, erealm, realm, strlen(realm)); ++ snprintf(iuser, MYSQL_LU+1, "%s", username); ++ snprintf(irealm, MYSQL_LR+1, "%s", realm); ++ ++ mysql_real_escape_string(conn, euser, iuser, strlen(iuser)); ++ mysql_real_escape_string(conn, erealm, irealm, strlen(irealm)); + + sprintf(sql, ctx->sql_create, euser, erealm); + +@@ -255,15 +277,19 @@ + static int _ar_mysql_delete_user(authreg_t ar, char *username, char *realm) { + mysqlcontext_t ctx = (mysqlcontext_t) ar->private; + MYSQL *conn = ctx->conn; +- char euser[2049], erealm[2049], sql[5121]; /* query(1024) + euser(2048) + erealm(2048) + \0(1) */ ++ char iuser[MYSQL_LU+1], irealm[MYSQL_LR+1]; ++ char euser[MYSQL_LU*2+1], erealm[MYSQL_LR*2+1], sql[1024+MYSQL_LU*2+MYSQL_LR*2+1]; /* query(1024) + euser + erealm + \0(1) */ + + if(mysql_ping(conn) != 0) { + log_write(ar->c2s->log, LOG_ERR, "mysql: connection to database lost"); + return 1; + } + +- mysql_real_escape_string(conn, euser, username, strlen(username)); +- mysql_real_escape_string(conn, erealm, realm, strlen(realm)); ++ snprintf(iuser, MYSQL_LU+1, "%s", username); ++ snprintf(irealm, MYSQL_LR+1, "%s", realm); ++ ++ mysql_real_escape_string(conn, euser, iuser, strlen(iuser)); ++ mysql_real_escape_string(conn, erealm, irealm, strlen(irealm)); + + sprintf(sql, ctx->sql_delete, euser, erealm); + +diff -ru c2sorig/authreg_pgsql.c c2s/authreg_pgsql.c +--- c2sorig/authreg_pgsql.c Mon Nov 22 15:53:34 2004 ++++ c2s/authreg_pgsql.c Mon Nov 22 16:52:20 2004 +@@ -26,6 +26,10 @@ + + #include <libpq-fe.h> + ++#define PGSQL_LU 1024 /* maximum length of username - should correspond to field length */ ++#define PGSQL_LR 256 /* maximum length of realm - should correspond to field length */ ++#define PGSQL_LP 256 /* maximum length of password - should correspond to field length */ ++ + typedef struct pgsqlcontext_st { + PGconn * conn; + char * sql_create; +@@ -42,11 +46,16 @@ + static PGresult *_ar_pgsql_get_user_tuple(authreg_t ar, char *username, char *realm) { + pgsqlcontext_t ctx = (pgsqlcontext_t) ar->private; + PGconn *conn = ctx->conn; +- char euser[2049], erealm[2049], sql[5121]; /* query(1024) + euser(2048) + erealm(2048) + \0(1) */ ++ ++ char iuser[PGSQL_LU+1], irealm[PGSQL_LR+1]; ++ char euser[PGSQL_LU*2+1], erealm[PGSQL_LR*2+1], sql[1024+PGSQL_LU*2+PGSQL_LR*2+1]; /* query(1024) + euser + erealm + \0(1) */ + PGresult *res; + +- PQescapeString(euser, username, strlen(username)); +- PQescapeString(erealm, realm, strlen(realm)); ++ snprintf(iuser, PGSQL_LU+1, "%s", username); ++ snprintf(irealm, PGSQL_LR+1, "%s", realm); ++ ++ PQescapeString(euser, iuser, strlen(iuser)); ++ PQescapeString(erealm, irealm, strlen(irealm)); + + sprintf(sql, ctx->sql_select, euser, erealm); + +@@ -114,11 +123,15 @@ + static int _ar_pgsql_set_password(authreg_t ar, char *username, char *realm, char password[257]) { + pgsqlcontext_t ctx = (pgsqlcontext_t) ar->private; + PGconn *conn = ctx->conn; +- char euser[2049], erealm[2049], epass[513], sql[5633]; /* query(1024) + euser(2048) + erealm(2048) + epass(512) + \0(1) */ ++ char iuser[PGSQL_LU+1], irealm[PGSQL_LR+1]; ++ char euser[PGSQL_LU*2+1], erealm[PGSQL_LR*2+1], epass[513], sql[1024+PGSQL_LU*2+PGSQL_LR*2+512+1]; /* query(1024) + euser + erealm + epass(512) + \0(1) */ + PGresult *res; + +- PQescapeString(euser, username, strlen(username)); +- PQescapeString(erealm, realm, strlen(realm)); ++ snprintf(iuser, PGSQL_LU+1, "%s", username); ++ snprintf(irealm, PGSQL_LR+1, "%s", realm); ++ ++ PQescapeString(euser, iuser, strlen(iuser)); ++ PQescapeString(erealm, irealm, strlen(irealm)); + PQescapeString(epass, password, strlen(password)); + + sprintf(sql, ctx->sql_setpassword, epass, euser, erealm); +@@ -177,11 +190,15 @@ + static int _ar_pgsql_set_zerok(authreg_t ar, char *username, char *realm, char hash[41], char token[11], int sequence) { + pgsqlcontext_t ctx = (pgsqlcontext_t) ar->private; + PGconn *conn = ctx->conn; +- char euser[2049], erealm[2049], ehash[81], etoken[21], sql[5233]; /* query(1024) + euser(2048) + erealm(2048) + ehash(80) + etoken(20) + sequence(12) + \0(1) */ ++ char iuser[PGSQL_LU+1], irealm[PGSQL_LR+1]; ++ char euser[PGSQL_LU*2+1], erealm[PGSQL_LR*2+1], ehash[81], etoken[21], sql[1024 + PGSQL_LU*2 + PGSQL_LR*2 + 80 + 20 + 12 + 1]; /* query(1024) + euser + erealm + ehash(80) + etoken(20) + sequence(12) + \0(1) */ + PGresult *res; + +- PQescapeString(euser, username, strlen(username)); +- PQescapeString(erealm, realm, strlen(realm)); ++ snprintf(iuser, PGSQL_LU+1, "%s", username); ++ snprintf(irealm, PGSQL_LR+1, "%s", realm); ++ ++ PQescapeString(euser, iuser, strlen(iuser)); ++ PQescapeString(erealm, irealm, strlen(irealm)); + PQescapeString(ehash, hash, strlen(hash)); + PQescapeString(etoken, token, strlen(token)); + +@@ -210,7 +227,8 @@ + static int _ar_pgsql_create_user(authreg_t ar, char *username, char *realm) { + pgsqlcontext_t ctx = (pgsqlcontext_t) ar->private; + PGconn *conn = ctx->conn; +- char euser[2049], erealm[2049], sql[5121]; /* query(1024) + euser(2048) + erealm(2048) + \0(1) */ ++ char iuser[PGSQL_LU+1], irealm[PGSQL_LR+1]; ++ char euser[PGSQL_LU*2+1], erealm[PGSQL_LR*2+1], sql[1024+PGSQL_LU*2+PGSQL_LR*2+1]; /* query(1024) + euser + erealm + \0(1) */ + PGresult *res; + + res = _ar_pgsql_get_user_tuple(ar, username, realm); +@@ -221,8 +239,11 @@ + + PQclear(res); + +- PQescapeString(euser, username, strlen(username)); +- PQescapeString(erealm, realm, strlen(realm)); ++ snprintf(iuser, PGSQL_LU+1, "%s", username); ++ snprintf(irealm, PGSQL_LR+1, "%s", realm); ++ ++ PQescapeString(euser, iuser, strlen(iuser)); ++ PQescapeString(erealm, irealm, strlen(irealm)); + + sprintf(sql, ctx->sql_create, euser, erealm); + +@@ -249,11 +270,15 @@ + static int _ar_pgsql_delete_user(authreg_t ar, char *username, char *realm) { + pgsqlcontext_t ctx = (pgsqlcontext_t) ar->private; + PGconn *conn = ctx->conn; +- char euser[2049], erealm[2049], sql[5121]; /* query(1024) + euser(2048) + erealm(2048) + \0(1) */ ++ char iuser[PGSQL_LU+1], irealm[PGSQL_LR+1]; ++ char euser[PGSQL_LU*2+1], erealm[PGSQL_LR*2+1], sql[1024+PGSQL_LU*2+PGSQL_LR*2+1]; /* query(1024) + euser + erealm + \0(1) */ + PGresult *res; + +- PQescapeString(euser, username, strlen(username)); +- PQescapeString(erealm, realm, strlen(realm)); ++ snprintf(iuser, PGSQL_LU+1, "%s", username); ++ snprintf(irealm, PGSQL_LR+1, "%s", realm); ++ ++ PQescapeString(euser, iuser, strlen(iuser)); ++ PQescapeString(erealm, irealm, strlen(irealm)); + + sprintf(sql, ctx->sql_delete, euser, erealm); + |