diff options
-rw-r--r-- | src/attacher.c | 52 | ||||
-rw-r--r-- | src/braille_tsi.c | 1 | ||||
-rw-r--r-- | src/display.c | 19 | ||||
-rw-r--r-- | src/extern.h | 1 | ||||
-rw-r--r-- | src/fileio.c | 2 | ||||
-rw-r--r-- | src/screen.c | 9 | ||||
-rw-r--r-- | src/socket.c | 2 | ||||
-rw-r--r-- | src/tty.sh | 14 | ||||
-rw-r--r-- | src/utmp.c | 8 |
9 files changed, 79 insertions, 29 deletions
diff --git a/src/attacher.c b/src/attacher.c index 7159c7f..8847d5d 100644 --- a/src/attacher.c +++ b/src/attacher.c @@ -185,8 +185,8 @@ int how; if (ret == SIG_POWER_BYE) { int ppid; - setgid(real_gid); - setuid(real_uid); + if (setgid(real_gid) || setuid(real_uid)) + Panic(errno, "setuid/gid"); if ((ppid = getppid()) > 1) Kill(ppid, SIGHUP); exit(0); @@ -282,7 +282,10 @@ int how; #ifdef MULTIUSER if (!multiattach) #endif - setuid(real_uid); + { + if (setuid(real_uid)) + Panic(errno, "setuid"); + } #if defined(MULTIUSER) && defined(USE_SETEUID) else { @@ -290,7 +293,8 @@ int how; xseteuid(real_uid); /* multi_uid, allow backend to send signals */ } #endif - setgid(real_gid); + if (setgid(real_gid)) + Panic(errno, "setgid"); eff_uid = real_uid; eff_gid = real_gid; @@ -486,7 +490,8 @@ AttacherFinit SIGDEFARG #ifdef MULTIUSER if (tty_oldmode >= 0) { - setuid(own_uid); + if (setuid(own_uid)) + Panic(errno, "setuid"); chmod(attach_tty, tty_oldmode); } #endif @@ -504,11 +509,14 @@ AttacherFinitBye SIGDEFARG if (multiattach) exit(SIG_POWER_BYE); #endif - setgid(real_gid); + if (setgid(real_gid)) + Panic(errno, "setgid"); #ifdef MULTIUSER - setuid(own_uid); + if (setuid(own_uid)) + Panic(errno, "setuid"); #else - setuid(real_uid); + if (setuid(real_uid)) + Panic(errno, "setuid"); #endif /* we don't want to disturb init (even if we were root), eh? jw */ if ((ppid = getppid()) > 1) @@ -679,11 +687,14 @@ static sigret_t LockHup SIGDEFARG { int ppid = getppid(); - setgid(real_gid); + if (setgid(real_gid)) + Panic(errno, "setgid"); #ifdef MULTIUSER - setuid(own_uid); + if (setuid(own_uid)) + Panic(errno, "setuid"); #else - setuid(real_uid); + if (setuid(real_uid)) + Panic(errno, "setuid"); #endif if (ppid > 1) Kill(ppid, SIGHUP); @@ -710,11 +721,14 @@ LockTerminal() if ((pid = fork()) == 0) { /* Child */ - setgid(real_gid); + if (setgid(real_gid)) + Panic(errno, "setgid"); #ifdef MULTIUSER - setuid(own_uid); + if (setuid(own_uid)) + Panic(errno, "setuid"); #else - setuid(real_uid); /* this should be done already */ + if (setuid(real_uid)) /* this should be done already */ + Panic(errno, "setuid"); #endif closeallfiles(0); /* important: /etc/shadow may be open */ execl(prg, "SCREEN-LOCK", NULL); @@ -847,6 +861,7 @@ screen_builtin_lck() #ifdef USE_PAM pam_handle_t *pamh = 0; int pam_error; + char *tty_name; #endif char *pass = 0, mypass[16 + 1], salt[3]; int using_pam = 1; @@ -932,6 +947,15 @@ screen_builtin_lck() pam_error = pam_start("screen", ppp->pw_name, &PAM_conversation, &pamh); if (pam_error != PAM_SUCCESS) AttacherFinit(SIGARG); /* goodbye */ + + if (strncmp(attach_tty, "/dev/", 5) == 0) + tty_name = attach_tty + 5; + else + tty_name = attach_tty; + pam_error = pam_set_item(pamh, PAM_TTY, tty_name); + if (pam_error != PAM_SUCCESS) + AttacherFinit(SIGARG); /* goodbye */ + pam_error = pam_authenticate(pamh, 0); pam_end(pamh, pam_error); PAM_conversation.appdata_ptr = 0; diff --git a/src/braille_tsi.c b/src/braille_tsi.c index 6768291..6f84913 100644 --- a/src/braille_tsi.c +++ b/src/braille_tsi.c @@ -127,7 +127,6 @@ display_status_tsi() r = read(bd.bd_fd,ibuf,1); if (r != 1) return -1; - if (r != -1) if (ibuf[0] == 'V') r = read(bd.bd_fd, ibuf, 3); else diff --git a/src/display.c b/src/display.c index 61fff7d..072abb6 100644 --- a/src/display.c +++ b/src/display.c @@ -2163,7 +2163,7 @@ int start, max; { int chars = strlen_onscreen((unsigned char *)(s + start), (unsigned char *)(s + max)); D_encoding = 0; - PutWinMsg(s, start, max); + PutWinMsg(s, start, max + ((max - start) - chars)); /* Multibyte count */ D_encoding = UTF8; D_x -= (max - chars); /* Yak! But this is necessary to count for the fact that not every byte represents a @@ -2257,11 +2257,15 @@ void RefreshHStatus() { char *buf; - +#ifdef UTF8 + int extrabytes = strlen(hstatusstring) - strlen_onscreen(hstatusstring, NULL); +#else + int extrabytes = 0; +#endif evdeq(&D_hstatusev); if (D_status == STATUS_ON_HS) return; - buf = MakeWinMsgEv(hstatusstring, D_fore, '%', (D_HS && D_has_hstatus == HSTATUS_HS && D_WS > 0) ? D_WS : D_width - !D_CLP, &D_hstatusev, 0); + buf = MakeWinMsgEv(hstatusstring, D_fore, '%', (D_HS && D_has_hstatus == HSTATUS_HS && D_WS > 0) ? D_WS : D_width - !D_CLP + extrabytes, &D_hstatusev, 0); if (buf && *buf) { ShowHStatus(buf); @@ -2356,8 +2360,13 @@ int y, from, to, isblank; { if (y == cv->c_ye + 1 && from >= cv->c_xs && from <= cv->c_xe) { +#ifdef UTF8 + int extrabytes = strlen(captionstring) - strlen_onscreen(captionstring, NULL); +#else + int extrabytes = 0; +#endif p = Layer2Window(cv->c_layer); - buf = MakeWinMsgEv(captionstring, p, '%', cv->c_xe - cv->c_xs + (cv->c_xe + 1 < D_width || D_CLP), &cv->c_captev, 0); + buf = MakeWinMsgEv(captionstring, p, '%', cv->c_xe - cv->c_xs + (cv->c_xe + 1 < D_width || D_CLP) + extrabytes, &cv->c_captev, 0); if (cv->c_captev.timeout.tv_sec) evenq(&cv->c_captev); xx = to > cv->c_xe ? cv->c_xe : to; @@ -2366,7 +2375,7 @@ int y, from, to, isblank; SetRendition(&mchar_so); if (l > xx - cv->c_xs + 1) l = xx - cv->c_xs + 1; - l = PrePutWinMsg(buf, from - cv->c_xs, l); + l = PrePutWinMsg(buf, from - cv->c_xs, l + extrabytes); from = cv->c_xs + l; for (; from <= xx; from++) PUTCHARLP(' '); diff --git a/src/extern.h b/src/extern.h index b8cead4..a3e3ca2 100644 --- a/src/extern.h +++ b/src/extern.h @@ -110,6 +110,7 @@ extern void brktty __P((int)); extern struct baud_values *lookup_baud __P((int bps)); extern int SetBaud __P((struct mode *, int, int)); extern int SttyMode __P((struct mode *, char *)); +extern int CheckTtyname __P((char *)); /* mark.c */ diff --git a/src/fileio.c b/src/fileio.c index 978f07b..05df0c4 100644 --- a/src/fileio.c +++ b/src/fileio.c @@ -80,8 +80,6 @@ register char *str1, *str2; } else { - if (len1 == 0) - return 0; if ((cp = malloc((unsigned) len1 + add_colon + 1)) == NULL) Panic(0, "%s", strnomem); cp[len1 + add_colon] = '\0'; diff --git a/src/screen.c b/src/screen.c index e63690d..d3fefa5 100644 --- a/src/screen.c +++ b/src/screen.c @@ -972,8 +972,13 @@ char **av; else \ attach_tty = ""; \ } \ - else if (stat(attach_tty, &st)) \ - Panic(errno, "Cannot access '%s'", attach_tty); \ + else \ + { \ + if (stat(attach_tty, &st)) \ + Panic(errno, "Cannot access '%s'", attach_tty); \ + if (CheckTtyname(attach_tty)) \ + Panic(0, "Bad tty '%s'", attach_tty); \ + } \ if (strlen(attach_tty) >= MAXPATHLEN) \ Panic(0, "TtyName too long - sorry."); \ } while (0) diff --git a/src/socket.c b/src/socket.c index 711c709..b4d2400 100644 --- a/src/socket.c +++ b/src/socket.c @@ -722,6 +722,7 @@ struct msg *mp; char *args[MAXARGS]; register int n; register char **pp = args, *p = mp->m.create.line; + char buf[20]; nwin = nwin_undef; n = mp->m.create.nargs; @@ -731,7 +732,6 @@ struct msg *mp; if (n) { int l, num; - char buf[20]; l = strlen(p); if (IsNumColon(p, 10, buf, sizeof(buf))) @@ -60,6 +60,7 @@ exit 0 #include <sys/types.h> #include <signal.h> #include <fcntl.h> +#include <sys/stat.h> #ifndef sgi # include <sys/file.h> #endif @@ -1499,6 +1500,19 @@ int ibaud, obaud; return 0; } + +int +CheckTtyname (tty) +char *tty; +{ + struct stat st; + + if (lstat(tty, &st) || !S_ISCHR(st.st_mode) || + (st.st_nlink > 1 && strncmp(tty, "/dev/", 5))) + return -1; + return 0; +} + /* * Write out the mode struct in a readable form */ @@ -361,7 +361,7 @@ RemoveLoginSlot() char *tty; debug("couln't zap slot -> do mesg n\n"); D_loginttymode = 0; - if ((tty = ttyname(D_userfd)) && stat(tty, &stb) == 0 && (int)stb.st_uid == real_uid && ((int)stb.st_mode & 0777) != 0666) + if ((tty = ttyname(D_userfd)) && stat(tty, &stb) == 0 && (int)stb.st_uid == real_uid && !CheckTtyname(tty) && ((int)stb.st_mode & 0777) != 0666) { D_loginttymode = (int)stb.st_mode & 0777; chmod(D_usertty, stb.st_mode & 0600); @@ -387,7 +387,7 @@ RestoreLoginSlot() } UT_CLOSE; D_loginslot = (slot_t)0; - if (D_loginttymode && (tty = ttyname(D_userfd))) + if (D_loginttymode && (tty = ttyname(D_userfd)) && !CheckTtyname(tty)) chmod(tty, D_loginttymode); } @@ -575,7 +575,7 @@ struct win *wi; return ut_delete_user(slot, u.ut_pid, 0, 0) != 0; #endif #ifdef HAVE_UTEMPTER - if (eff_uid && wi->w_ptyfd != -1) + if (eff_uid && wi && wi->w_ptyfd != -1) { /* sigh, linux hackers made the helper functions void */ if (SLOT_USED(u)) @@ -853,7 +853,7 @@ getlogin() for (fd = 0; fd <= 2 && (tty = ttyname(fd)) == NULL; fd++) ; - if ((tty == NULL) || ((fd = open(UTMP_FILE, O_RDONLY)) < 0)) + if ((tty == NULL) || CheckTtyname(tty) || ((fd = open(UTMP_FILE, O_RDONLY)) < 0)) return NULL; tty = stripdev(tty); retbuf[0] = '\0'; |