Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps A-M :: lnx5161.htm

cfsd buffer overflow



4th Mar 2002 [SBWID-5161]
COMMAND

	cfsd buffer overflow

SYSTEMS AFFECTED

	cfsd versions 1.3.3-8 and others

PROBLEM

	In Debian advisory [DSA 116-1] [http://www.debian.org/security/] :
	

	Zorgon found several buffer overflows in  cfsd,  a  daemon  that  pushes
	encryption services into the Unix(tm) file system.
	

	No more details where provided yet, see diff below.

SOLUTION

	Diff is 1.3.3-8.1, for other versions check your vendor :
	

	--- cfs-1.3.3.orig/debian/README.debian

	+++ cfs-1.3.3/debian/README.debian

	@@ -0,0 +1,64 @@

	+cfs for DEBIAN

	+----------------------

	+

	+This is the Debian GNU/Linux prepackaged version of cfs, the UNIX

	+Cryptographic File System.

	+

	+

	+

	+<Extract from notes.ms>

	+

	+CFS pushes encryption services  into  the  Unix(tm)  file system.

	+It supports secure storage at the system level through a standard

	+Unix file system interface to encrypted files.  Users associate a

	+cryptographic  key  with  the  directories  they wish to protect.

	+Files in these directories (as well as their pathname components)

	+are  transparently encrypted and decrypted with the specified key 

	+without further user intervention; cleartext is never stored on a

	+disk or sent to a remote file server.  CFS employs a novel combi-

	+nation of DES stream and codebook cipher modes  to  provide  high 

	+security  with good performance on a modern workstation.  CFS can 

	+use any available file system for its underlying storage  without 

	+modification,  including remote file servers such as NFS.  System 

	+management functions, such as file backup, work in a normal  man-

	+ner and without knowledge of the key.

	+

	+<SNIP>

	+

	+CFS runs entirely at user level, as a local NFS server running on

	+the clients machine\'s \"loopback\" interface.   The system consists

	+of  cfsd  (the CFS server daemon),  and a  small suite  of  tools

	+(cmkdir, cattach, cdetach and ssh<--DEBIAN--removed>  that create

	+encrypted directories and manage keys as they are used.  CFS, and

	+the motivation and  principles behind it,  is described in detail

	+in: Matt Blaze, \"A Cryptographic File System for Unix.\" Proc. 1st

	+ACM Conference on  Computer and Communication Security,  Fairfax,

	+VA, November 1993.

	+

	+<SNIP>

	+

	+Basically, CFS provides a mechanism to associate \"real\" director-

	+ies (on other file systems) that contain encrypted data with tem-

	+porary  \"virtual\"  names through  which which users  can read and

	+write cleartext.  These virtual names appear  under the CFS mount

	+point, which is usually called /crypt (this document assumes that 

	+convention).  

	+

	+Users create encrypted directories  on regular file systems (e.g.

	+in their home directories)  using the cmkdir command, which crea-

	+tes the directory and assigns to it a  cryptographic \"passphrase\" 

	+which will  be used to encrypt  its contents.  To actually use an 

	+encrypted directory, it must be \"attached\"  to CFS using the com-

	+mand cattach,  which asks for the passphrase and installs an ass-

	+ociation between the \"real\"  directory and a temporary name under 

	+/crypt.  Cleartext is read and written  under the virtual direct-

	+ory in /crypt,  but the files are stored in encrypted form  (with 

	+encrypted names) in the real directory. When the directory is not

	+in use,  the association  is  removed  with the cdetatch command,

	+which deletes the  cleartext virtual directory  under /crypt (but 

	+not the ciphertext files, or course). 

	+

	+</Extract from notes.ms>

	+

	+

	+Chris Leishman <masklin@debian.org>, Fri, 30 Oct 1998 23:21:12 +1100

	--- cfs-1.3.3.orig/debian/cfsconfig

	+++ cfs-1.3.3/debian/cfsconfig

	@@ -0,0 +1,90 @@

	+#!/bin/sh

	+

	+CFSFS=/.cfsfs

	+CRYPT=/crypt

	+

	+echo -n \"Configure cfs now [Y/n]? \"

	+read input

	+if expr \"$input\" : \'[Nn]\' > /dev/null

	+then

	+	exit 0;

	+fi

	+

	+echo -n \"Use default Cryptographic Filesystem Configuration [Y/n]? \"

	+read input

	+if expr \"$input\" : \'[Nn]\' > /dev/null

	+then

	+	if ! grep -q \'^CFSFS=$\' /etc/init.d/cfsd 

	+	then

	+		CRYPT=`grep \'^CRYPT=\' /etc/init.d/cfsd | sed -e \"s/^CRYPT=\\(.*\\)$/\\1/\"`

	+		CFSFS=`grep \'^CFSFS=\' /etc/init.d/cfsd | sed -e \"s/^CFSFS=\\(.*\\)$/\\1/\"`

	+	fi

	+	echo -n \"Enter server mount point [$CFSFS] \"

	+	read input

	+	if [ ! -z $input ]

	+	then

	+		CFSFS=$input

	+	fi

	+	echo -n \"Enter client mount point [$CRYPT] \"

	+	read input

	+	if [ ! -z $input ]

	+	then

	+		CRYPT=$input

	+	fi

	+fi

	+

	+OLDCRYPT=\"\"

	+OLDCFSFS=\"\"

	+if ! grep -q \'^CFSFS=$\' /etc/init.d/cfsd 

	+then

	+	OLDCRYPT=`grep \'^CRYPT=\' /etc/init.d/cfsd | sed -e \"s/^CRYPT=\\(.*\\)$/\\1/\"`

	+	OLDCFSFS=`grep \'^CFSFS=\' /etc/init.d/cfsd | sed -e \"s/^CFSFS=\\(.*\\)$/\\1/\"`

	+fi

	+

	+/etc/init.d/cfsd stop

	+

	+mv /etc/init.d/cfsd /etc/init.d/cfsd_tmp$$

	+sed -e \"s!^CFSFS=.*\\$!CFSFS=$CFSFS!;s!^CRYPT=.*\\$!CRYPT=$CRYPT!\" /etc/init.d/cfsd_tmp$$ > /etc/init.d/cfsd

	+rm /etc/init.d/cfsd_tmp$$

	+chmod 755 /etc/init.d/cfsd

	+

	+if [ \"$OLDCRYPT\" != \"$CRYPT\" -o \"$OLDCFSFS\" != \"$CFSFS\" ]

	+then

	+	echo

	+	echo \"Old directories $OLDCRYPT and $OLDCFSFS not automatically removed.\"

	+	echo \"Please remove by hand.\"

	+	echo

	+fi

	+

	+if [ ! -e $CFSFS ] 

	+then

	+	echo \"Creating directory $CFSFS\"

	+	mkdir -p -m 0 $CFSFS 

	+fi

	+if [ ! -e $CRYPT ]

	+then

	+	echo \"Creating directory $CRYPT\"

	+	mkdir -p -m 755 $CRYPT

	+fi

	+

	+if grep -q \"Cryptographic Filesystem export\" /etc/exports

	+then

	+	mv /etc/exports /etc/exports_tmp$$

	+	sed -e \"/^# Automatically added for use by cfs\\$/ d;/^.*localhost(rw).*#.*Cryptographic Filesystem export.*\\$/ d;\" /etc/exports_tmp$$ > /etc/exports

	+	chmod 644 /etc/exports

	+	rm /etc/exports_tmp$$

	+fi

	+

	+echo \"# Automatically added for use by cfs\" >> /etc/exports

	+echo \"$CFSFS localhost(rw)  # Cryptographic Filesystem export\" >> /etc/exports

	+

	+if [ -x /etc/init.d/nfs-server ]; then

	+	echo \"Restarting nfs-server\"

	+	/etc/init.d/nfs-server restart > /dev/null

	+fi

	+if [ -x /etc/init.d/nfs-kernel-server ]; then

	+	echo \"Restarting nfs-kernel-server\"

	+	/etc/init.d/nfs-kernel-server restart > /dev/null

	+fi

	+

	+/etc/init.d/cfsd start

	--- cfs-1.3.3.orig/debian/changelog

	+++ cfs-1.3.3/debian/changelog

	@@ -0,0 +1,57 @@

	+cfs (1.3.3-8.1) stable; urgency=high

	+

	+  * bug: buffer overflows in cfsd server daemon code: cvs_adm.c, cvs_fh.c

	+    (thx Zorgon for pointing at this).

	+    Some careless strcpy()\'s in the server code caused cfsd to die with

	+    segfault when attaching crypto directories with long pathnames and

	+    on filehandle operations in attached crypto directories with long

	+    pathnames, see bug #135903 for details (closes: #135903).

	+

	+ -- Gerrit Pape <pape@smarden.org>  Mon, 25 Feb 2002 15:48:59 +0100

	+

	+cfs (1.3.3-8) frozen unstable; urgency=low

	+

	+  * Fixed typo in dependancies

	+  * Made CFS silent on startup

	+

	+ -- Chris Leishman <masklin@debian.org>  Mon, 15 May 2000 09:29:34 +1000

	+

	+cfs (1.3.3-7) frozen unstable; urgency=low

	+

	+  * Fixed bug in rules which was causing cfsconfig to lose permissions.

	+

	+ -- Chris Leishman <masklin@debian.org>  Mon, 1 May 2000 13:29:34 +1000

	+

	+cfs (1.3.3-6) frozen unstable; urgency=low

	+  

	+  * Changes to refect name change of knfs server to nfs-kernel-server

	+

	+ -- Chris Leishman <masklin@debian.org>  Sun, 30 Apr 2000 16:16:54 +1000

	+

	+cfs (1.3.3-5) unstable; urgency=low

	+

	+  * Fixed some errors in prerm script

	+

	+ -- Chris Leishman <masklin@debian.org>  Sun, 22 Aug 1998 23:01:19 +1000

	+

	+cfs (1.3.3-4) unstable; urgency=low

	+

	+  * Reassigned dependancies to nfs-server | knfs

	+

	+  * Added support for restarting /etc/init.d/knfs-server if available

	+

	+ -- Chris Leishman <masklin@debian.org>  Mon, 16 Aug 1998 10:56:23 +1000

	+

	+cfs (1.3.3-3) unstable; urgency=low

	+

	+  * Initial Release.

	+

	+  * Repackaged by Chris Leishman.  Removed installation of esm.  Ported 

	+    to libc6.  Fixed bugs and rewrote debian/ scripts.

	+

	+ -- Chris Leishman <masklin@debian.org>  Fri, 30 Oct 1998 23:21:12 +1100

	+

	+Local variables:

	+mode: debian-changelog

	+add-log-mailing-address: \"masklin@debian.org\"

	+End:

	--- cfs-1.3.3.orig/debian/conffiles

	+++ cfs-1.3.3/debian/conffiles

	@@ -0,0 +1 @@

	+/etc/init.d/cfsd

	--- cfs-1.3.3.orig/debian/control

	+++ cfs-1.3.3/debian/control

	@@ -0,0 +1,24 @@

	+Source: cfs

	+Section: non-us/otherosfs

	+Priority: optional

	+Maintainer: Chris Leishman <masklin@debian.org>

	+Standards-Version: 2.4.0.0

	+

	+Package: cfs

	+Architecture: any

	+Depends: ${shlibs:Depends}

	+Depends: nfs-server | nfs-kernel-server

	+Description: Cryptographic Filesystem

	+ CFS pushes encryption services into the Unix(tm) file system.  It

	+ supports  secure  storage  at the system level through a standard

	+ Unix file system interface to encrypted files.  Users associate a

	+ cryptographic  key  with  the  directories  they wish to protect.

	+ Files in these directories (as well as their pathname components)

	+ are  transparently encrypted and decrypted with the specified key

	+ without further user intervention.

	+ .

	+ CFS emplys a novel combination of DES stream  and codebook cipher

	+ modes to provide  high security with good performance on a modern

	+ workstation.  CFS can use any available file system for its unde-

	+ rlying storage  without modification, i ncluding remote file ser-

	+ vers such as NFS.

	--- cfs-1.3.3.orig/debian/copyright

	+++ cfs-1.3.3/debian/copyright

	@@ -0,0 +1,27 @@

	+This package was debianized by Chris Leishman masklin@debian.org on

	+Fri, 30 Oct 1998 22:52:10 +1100.

	+

	+Original download site is unknown.

	+

	+Upstream Author(s):  Matt Blaze AT&T

	+

	+Copyright:

	+

	+This is version 1.3.1 of CFS

	+

	+ * The author of this software is Matt Blaze.

	+ *              Copyright (c) 1992, 1993, 1994, 1995 by AT&T.

	+ * Permission to use, copy, and modify this software without fee

	+ * is hereby granted, provided that this entire notice is included in

	+ * all copies of any software which is or includes a copy or

	+ * modification of this software and in all copies of the supporting

	+ * documentation for such software.

	+ *

	+ * This software is subject to United States export controls.

	+ *

	+ * THIS SOFTWARE IS BEING PROVIDED \"AS IS\", WITHOUT ANY EXPRESS OR IMPLIED

	+ * WARRANTY.  IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY

	+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY

	+ * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.

	+

	+

	--- cfs-1.3.3.orig/debian/dirs

	+++ cfs-1.3.3/debian/dirs

	@@ -0,0 +1,2 @@

	+usr/bin

	+usr/sbin

	--- cfs-1.3.3.orig/debian/docs

	+++ cfs-1.3.3/debian/docs

	@@ -0,0 +1 @@

	+README README.esm README.history README.install README.irix README.linux notes.ms

	--- cfs-1.3.3.orig/debian/init.d

	+++ cfs-1.3.3/debian/init.d

	@@ -0,0 +1,43 @@

	+#! /bin/sh

	+#

	+# This file was automatically customized by debmake on Fri, 30 Oct 1998 22:52:10 +1100

	+#

	+# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.

	+# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.

	+# Modified for Debian by Christoph Lameter <clameter@debian.org>

	+

	+PATH=/bin:/usr/bin:/sbin:/usr/sbin

	+DAEMON=/usr/sbin/cfsd

	+CRYPT=

	+CFSFS=

	+# The following value is extracted by debstd to figure out how to generate

	+# the postinst script. Edit the field to change the way the script is

	+# registered through update-rc.d (see the manpage for update-rc.d!)

	+FLAGS=\"defaults 50\"

	+

	+test -f $DAEMON || exit 0

	+test \"$CRYPT\" != \"\" || exit 0

	+test \"$CFSFS\" != \"\" || exit 0

	+

	+case \"$1\" in

	+  start)

	+    start-stop-daemon --start --verbose --exec $DAEMON

	+    mount -o port=3049,intr localhost:$CFSFS $CRYPT

	+    ;;

	+  stop)

	+    start-stop-daemon --stop --verbose --exec $DAEMON

	+    umount $CRYPT > /dev/null

	+    ;;

	+  restart|force-reload)

	+    start-stop-daemon --stop --verbose --exec $DAEMON

	+    umount $CRYPT > /dev/null

	+    start-stop-daemon --start --verbose --exec $DAEMON

	+    mount -o port=3049,intr localhost:$CFSFS $CRYPT

	+    ;;

	+  *)

	+    echo \"Usage: /etc/init.d/cfs {start|stop|restart}\"

	+    exit 1

	+    ;;

	+esac

	+

	+exit 0

	--- cfs-1.3.3.orig/debian/postinst

	+++ cfs-1.3.3/debian/postinst

	@@ -0,0 +1,9 @@

	+#!/bin/sh

	+

	+#DEBHELPER#

	+

	+/usr/sbin/cfsconfig

	+

	+echo

	+echo \'Use \"cfsconfig\" to (re)configure at a future date.\'

	+echo

	--- cfs-1.3.3.orig/debian/prerm

	+++ cfs-1.3.3/debian/prerm

	@@ -0,0 +1,32 @@

	+#!/bin/sh

	+

	+#DEBHELPER#

	+

	+CRYPT=`grep \'^CRYPT=\' /etc/init.d/cfsd | sed -e \"s/^CRYPT=\\(.*\\)$/\\1/\"`

	+CFSFS=`grep \'^CFSFS=\' /etc/init.d/cfsd | sed -e \"s/^CFSFS=\\(.*\\)$/\\1/\"`

	+

	+if [ ! -z $CFSFS ]; then

	+	rmdir $CFSFS

	+fi

	+if [ ! -z $CRYPT ]; then

	+	rmdir $CRYPT

	+fi

	+

	+mv /etc/init.d/cfsd /etc/init.d/cfsd_tmp$$

	+sed -e \"s!^CFSFS=.*\\$!CFSFS=!;s!^CRYPT=.*\\$!CRYPT=!\" /etc/init.d/cfsd_tmp$$ > /etc/init.d/cfsd

	+rm /etc/init.d/cfsd_tmp$$

	+chmod 755 /etc/init.d/cfsd

	+

	+mv /etc/exports /etc/exports_tmp$$

	+sed -e \"/^# Automatically added for use by cfs\\$/ d;/^.*localhost(rw).*#.*Cryptographic.*\\$/ d;\" /etc/exports_tmp$$ > /etc/exports

	+chmod 644 /etc/exports

	+rm /etc/exports_tmp$$

	+

	+if [ -x /etc/init.d/nfs-server ]; then

	+	/etc/init.d/nfs-server restart > /dev/null

	+fi

	+if [ -x /etc/init.d/nfs-kernel-server ]; then

	+	/etc/init.d/nfs-kernel-server restart > /dev/null

	+fi

	+

	+exit 0;

	--- cfs-1.3.3.orig/debian/rules

	+++ cfs-1.3.3/debian/rules

	@@ -0,0 +1,76 @@

	+#!/usr/bin/make -f

	+# MAde with the aid of dh_make, by Craig Small

	+# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess.

	+# Some lines taken from debmake, by Cristoph Lameter.

	+

	+# Uncomment this to turn on verbose mode.

	+#export DH_VERBOSE=1

	+

	+build: build-stamp

	+build-stamp:

	+	dh_testdir

	+

	+	

	+	# Add here commands to compile the package.

	+	$(MAKE) cfs

	+

	+	touch build-stamp

	+

	+clean:

	+	dh_testdir

	+	dh_testroot

	+	rm -f build-stamp install-stamp

	+

	+	# Add here commands to clean up after the build process.

	+	-$(MAKE) clean

	+

	+	dh_clean

	+

	+install: install-stamp

	+install-stamp: build-stamp

	+	dh_testdir

	+	dh_testroot

	+	dh_clean -k

	+	dh_installdirs

	+

	+	# Add here commands to install the package into debian/tmp.

	+	$(MAKE) install_cfs BINDIR=`pwd`/debian/tmp/usr/bin ETCDIR=`pwd`/debian/tmp/usr/sbin

	+	install -m755 debian/cfsconfig debian/tmp/usr/sbin

	+

	+	touch install-stamp

	+

	+# Build architecture-independent files here.

	+binary-indep: build install

	+# We have nothing to do by default.

	+

	+# Build architecture-dependent files here.

	+binary-arch: build install

	+#	dh_testversion

	+	dh_testdir

	+	dh_testroot

	+	dh_installdocs 

	+	dh_installexamples

	+	dh_installmenu

	+#	dh_installemacsen

	+	dh_installinit --init-script=cfsd --update-rcd-params=\"defaults 30 20\"

	+	dh_installcron

	+	dh_installmanpages ssh.1 esm.1

	+	cd debian/tmp/usr/share/man/man1 && ln -s ../man7/undocumented.7.gz cfsconfig.1.gz

	+#	dh_undocumented

	+	dh_installchangelogs 

	+	dh_strip

	+	dh_compress

	+	dh_fixperms

	+	dh_suidregister

	+	dh_installdeb

	+	dh_shlibdeps

	+	dh_gencontrol

	+#	dh_makeshlibs

	+	dh_md5sums

	+	dh_builddeb

	+

	+source diff:                                                                  

	+	@echo >&2 \'source and diff are obsolete - use dpkg-source -b\'; false

	+

	+binary: binary-indep binary-arch

	+.PHONY: build clean binary-indep binary-arch binary

	--- cfs-1.3.3.orig/Makefile

	+++ cfs-1.3.3/Makefile

	@@ -108,10 +108,10 @@

	 ## use these for recent versions of Linux with rpcgen-from-hell

	 # See NOTE TO LINUX USERS above, and also README.linux,

	 # if you can\'t make things work.

	-CFLAGS=$(COPT) -U__OPTIMIZE__ -traditional -Dd_fileno=d_ino -I$(RINCLUDES)

	+CFLAGS=$(COPT) -U__OPTIMIZE__ -Dd_fileno=d_ino 

	 LIBS=

	 COMPAT=

	-RPCOPTS= -k -b

	+RPCOPTS=

	 

	 ## use these for older versions Linux (Slackware 1.1.2)

	 # See NOTE TO LINUX USERS above, and also README.linux,

	@@ -209,7 +209,7 @@

	 

	 SRCS=Makefile admproto.x mount.x nfsproto.x cfs.c cfs_adm.c cfs_nfs.c cfs.h \\

	   cfs_fh.c cfs_des.c cfs_cipher.c mcg.c mcgsbox.c mcg.h shs.c shs.h cattach.c \\

	-  getpass.c cdetach.c cmkdir.c adm.c cname.c ccat.c cpasswd.c truerand.c \\

	+  getpass.c cdetach.c cmkdir.c adm.c cname.c ccat.c cpasswd.c \\

	   safer.c safer.h ver.c i o ssh make_with_bad_rpcgen

	 ESRCS=esm.c esm_cipher.c esm_gen.c dhparams.c esm.h

	 MANS=cattach.1 cdetach.1 cmkdir.1 ssh.1 cfsd.8 cname.8 ccat.8 cpasswd.1 \\

	@@ -218,10 +218,10 @@

	 OBJS= cfs.o nfsproto_xdr.o nfsproto_svr.o admproto_xdr.o admproto_svr.o \\

	   cfs_adm.o cfs_nfs.o cfs_fh.o cfs_des.o cfs_cipher.o adm.o ver.o mcgsbox.o \\

	   mcg.o safer.o

	-EOBJS=dhparams.o truerand.o esm_gen.o esm.o esm_cipher.o

	+EOBJS=dhparams.o esm_gen.o esm.o esm_cipher.o

	 COBJS=admproto_clnt.o cfs_des.o cfs_cipher.o cattach.o getpass.o cmkdir.o \\

	   cdetach.o ver.o cname.o ccat.o mcgsbox.o mcgsbox.o mcg.o shs.o cpasswd.o \\

	-  truerand.o safer.o

	+  safer.o

	 OTHERS = nfsproto.h nfsproto_svr.c nfsproto_xdr.c admproto.h admproto_svr.c \\

	   admproto_xdr.c admproto_clnt.c

	 

	@@ -245,14 +245,14 @@

	 	   ver.o $(LIBS) -o cdetach

	 

	 cmkdir: getpass.o adm.o cfs_des.o cfs_cipher.o cmkdir.o ver.o mcg.o \\

	-   mcgsbox.o safer.o shs.o truerand.o

	+   mcgsbox.o safer.o shs.o

	 	$(CC) cmkdir.o cfs_des.o cfs_cipher.o getpass.o adm.o ver.o mcg.o \\

	-	   mcgsbox.o safer.o shs.o truerand.o  $(COMPAT) -o cmkdir

	+	   mcgsbox.o safer.o shs.o $(COMPAT) -o cmkdir

	 

	 cpasswd: getpass.o cfs_des.o cfs_cipher.o cpasswd.o ver.o mcg.o \\

	-   mcgsbox.o safer.o shs.o truerand.o

	+   mcgsbox.o safer.o shs.o

	 	$(CC) cpasswd.o cfs_des.o cfs_cipher.o getpass.o ver.o mcg.o \\

	-	   mcgsbox.o safer.o shs.o truerand.o  $(COMPAT) -o cpasswd

	+	   mcgsbox.o safer.o shs.o $(COMPAT) -o cpasswd

	 

	 cname: cname.o getpass.o cfs_des.o cfs_cipher.o cfs_adm.o cfs_fh.o \\

	    cfs_nfs.o ver.o mcg.o mcgsbox.o safer.o shs.o

	@@ -270,10 +270,6 @@

	 

	 $(COBJS): nfsproto.h admproto.h cfs.h mcg.h safer.h shs.h

	 

	-# truerand is a special case, no -O

	-truerand.o:

	-	$(CC) -c truerand.c

	-

	 nfsproto_xdr.c: nfsproto.x

	 	rpcgen $(RPCOPTS) -c -o nfsproto_xdr.c nfsproto.x 

	 

	@@ -297,7 +293,7 @@

	 

	 clean:

	 	rm -f $(OBJS) $(COBJS) $(OTHERS)

	-	rm -f cfsd cmkdir cattach cpassed cdetach cname ccat

	+	rm -f cfsd cmkdir cattach cpasswd cdetach cname ccat

	 	rm -f $(EOBJS) esm

	 

	 cfs.shar: $(SRCS) $(ESRCS) $(MANS)

	@@ -307,25 +303,27 @@

	 	$(PRINTCMD) $(SRCS) cfs.h mcg.h safer.h admproto.h nfsproto.h

	 

	 install_cfs: cfsd cattach cdetach cmkdir

	+	install -d -o root $(ETCDIR)

	+	install -d -o root $(BINDIR)

	 	install -m 0755 -c -o root cfsd $(ETCDIR)

	-	install -m 0755 -c -o root cattach cdetach cmkdir cpasswd ssh \\

	+	install -m 0755 -c -o root cattach cdetach cmkdir cpasswd \\

	                 cname ccat $(BINDIR)

	 #	install -m 0755 i o $(BINDIR)

	-	@echo \"Kill any running cfsd prior to restarting.\"

	-	@echo \"See the README file for more information.\"

	-	@echo \"Don\'t forget to install the man pages (*.[18]).\"

	+#	@echo \"Kill any running cfsd prior to restarting.\"

	+#	@echo \"See the README file for more information.\"

	+#	@echo \"Don\'t forget to install the man pages (*.[18]).\"

	 

	 

	 $(EOBJS): esm.h

	 

	-esm: esm.o cfs_des.o esm_cipher.o dhparams.o truerand.o shs.o

	-	$(CC) -o esm esm.o cfs_des.o esm_cipher.o dhparams.o truerand.o shs.o $(RSALIB)

	+esm: esm.o cfs_des.o esm_cipher.o dhparams.o shs.o

	+	$(CC) -o esm esm.o cfs_des.o esm_cipher.o dhparams.o shs.o $(RSALIB)

	 

	 # to generate your own dhparams, remove the existing dhparams.c and

	 # remake esm.  You shouldn\'t do this if you want to remain interoperable.

	 # esm_gen takes a long time.

	-esm_gen: esm_gen.o esm_cipher.o cfs_des.o truerand.o

	-	$(CC) -o esm_gen esm_gen.o esm_cipher.o cfs_des.o truerand.o $(RSALIB)

	+esm_gen: esm_gen.o esm_cipher.o cfs_des.o

	+	$(CC) -o esm_gen esm_gen.o esm_cipher.o cfs_des.o $(RSALIB)

	 

	 dhparams.c:

	 	make esm_gen

	@@ -336,4 +334,4 @@

	 

	 esm.shar: 

	 	shar README.esm Makefile esm.c *.x cfs_des.c esm_cipher.c esm_gen.c \\

	-	     dhparams.c truerand.c shs.c esm.h esm.1> esm.shar

	+	     dhparams.c shs.c esm.h esm.1> esm.shar

	--- cfs-1.3.3.orig/cfs.c

	+++ cfs-1.3.3/cfs.c

	@@ -202,7 +202,7 @@

	 			perror(\"cfsd: fork\\n\");

	 			exit(1);

	 		}

	-		printf(\"cfs ready [%d]\\n\",pid);

	+/*		printf(\"cfs ready [%d]\\n\",pid); */

	 		exit(0);

	 	}

	 #else

	--- cfs-1.3.3.orig/cfs_adm.c

	+++ cfs-1.3.3/cfs_adm.c

	@@ -36,14 +36,12 @@

	 }

	 

	 void *

	-admproc_null_2()

	+admproc_null_2_svc(void *a, struct svc_req *r)

	 {

	 }

	 

	 cfsstat *

	-admproc_attach_2(ap,rp)

	-     cfs_attachargs *ap;

	-     SR *rp;

	+admproc_attach_2_svc(cfs_attachargs *ap, struct svc_req *rp)

	 {

	 	static cfsstat ret;

	 	int i;

	@@ -154,9 +152,7 @@

	 }

	 

	 cfsstat *

	-admproc_detach_2(ap,rp)

	-     cfs_detachargs *ap;

	-     SR *rp;

	+admproc_detach_2_svc(cfs_detachargs *ap, struct svc_req *rp)

	 {

	 	static cfsstat ret;

	 	int i;

	@@ -217,8 +213,11 @@

	 	FILE *fp;

	 	char fn[1024];

	 	char buf[9];

	+	int l;

	 

	-	sprintf(fn,\"%s/...\",path);

	+	l =snprintf(fn, NFS_MAXPATHLEN, \"%s/...\",path);

	+	if (l < 0 || l >= NFS_MAXPATHLEN)

	+	  return CFSERR_BADNAME;

	 	if ((fp=fopen(fn,\"r\"))==NULL)

	 		return CFSERR_NODIR;

	 	if (fread(buf,8,1,fp)!=1) {

	--- cfs-1.3.3.orig/cfs_fh.c

	+++ cfs-1.3.3/cfs_fh.c

	@@ -835,6 +835,7 @@

	 	char linkname[NFS_MAXPATHLEN+1];

	 	char vect[NFS_MAXPATHLEN+1];

	 	struct stat sb;

	+	int l;

	 	

	 	if (p==NULL) {

	 		cfserrno=NFSERR_STALE;

	@@ -848,12 +849,20 @@

	 	}

	 	if ((p->parent==0) && (!strcmp(comp,\"..\")))

	 		return fhrootlook(p->ins->name,h);

	-	sprintf(path,\"%s/%s\",p->name,comp);

	+	l =snprintf(path, NFS_MAXPATHLEN, \"%s/%s\",p->name,comp);

	+	if (l < 0 || l >= NFS_MAXPATHLEN) {

	+	  cfserrno =NFSERR_NAMETOOLONG;

	+	  return -2;

	+	}

	 	if (lstat(path,&sb)<0) {

	 		return -1;	/* just need the inode */

	 	}

	 	/* check for a linkfile */

	-	sprintf(linkname,\"%s/.pvect_%s\",p->name,comp);

	+	l =snprintf(linkname, NFS_MAXPATHLEN, \"%s/.pvect_%s\",p->name,comp);

	+	if (l < 0 || l >= NFS_MAXPATHLEN) {

	+	  cfserrno =NFSERR_NAMETOOLONG;

	+	  return -2;

	+	}

	 	if (readlink(linkname,vect,9) != 8) {

	 		bcopy((char *)zerovect,(char *)vect,8);

	 		strcpy(linkname,\"/NOWHERE/null\");

	--- cfs-1.3.3.orig/cfs_nfs.c

	+++ cfs-1.3.3/cfs_nfs.c

	@@ -58,9 +58,7 @@

	 }

	 

	 void *

	-nfsproc_null_2(ap,rp)

	-     void *ap;

	-     SR rp;

	+nfsproc_null_2_svc(void *ap, struct svc_req *rp)

	 {

	 	static int ret=0;

	 	return ((void*) &ret);

	@@ -72,9 +70,7 @@

	 readdirres *rootreaddir();

	 

	 attrstat *

	-nfsproc_getattr_2(ap,rp)

	-     nfs_fh *ap;

	-     SR rp;

	+nfsproc_getattr_2_svc(nfs_fh *ap, struct svc_req *rp)

	 {

	 	static attrstat ret;

	 	int uid;

	@@ -118,9 +114,7 @@

	 }

	 

	 attrstat *

	-nfsproc_setattr_2(ap,rp)

	-     sattrargs *ap;

	-     SR rp;

	+nfsproc_setattr_2_svc(sattrargs *ap, struct svc_req *rp)

	 {

	 	static attrstat ret;

	 	int uid;

	@@ -168,9 +162,7 @@

	 }

	 

	 void *

	-nfsproc_root_2(ap,rp)

	-     void *ap;

	-     SR rp;

	+nfsproc_root_2_svc(void *ap, struct svc_req *rp)

	 {

	 	static int ret=0;

	 

	@@ -179,9 +171,7 @@

	 

	 /* fix this to deal w/ fs root (instance root should be ok) */

	 diropres *

	-nfsproc_lookup_2(ap,rp)

	-     diropargs *ap;

	-     SR rp;

	+nfsproc_lookup_2_svc(diropargs *ap, struct svc_req *rp)

	 {

	 	static diropres ret;

	 	diropres *retp;

	@@ -258,9 +248,7 @@

	 }

	 

	 readlinkres *

	-nfsproc_readlink_2(ap,rp)

	-     nfs_fh *ap;

	-     SR rp;

	+nfsproc_readlink_2_svc(nfs_fh *ap, struct svc_req *rp)

	 {

	 	static readlinkres ret;

	 	int uid;

	@@ -309,9 +297,7 @@

	 

	 

	 readres *

	-nfsproc_read_2(ap,rp)

	-     readargs *ap;

	-     SR rp;

	+nfsproc_read_2_svc(readargs *ap, struct svc_req *rp)

	 {

	 	static readres ret;

	 	static char buffer[8192];

	@@ -370,9 +356,7 @@

	 

	 

	 void *

	-nfsproc_writecache_2(ap,rp)

	-     void *ap;

	-     SR rp;

	+nfsproc_writecache_2_svc(void *ap, struct svc_req *rp)

	 {

	 	static int ret;

	 

	@@ -381,9 +365,7 @@

	 

	 

	 attrstat *

	-nfsproc_write_2(ap,rp)

	-     writeargs *ap;

	-     SR rp;

	+nfsproc_write_2_svc(writeargs *ap, struct svc_req *rp)

	 {

	 	static attrstat ret;

	 	int fd;

	@@ -442,9 +424,7 @@

	 

	 

	 diropres *

	-nfsproc_create_2(ap,rp)

	-     createargs *ap;

	-     SR rp;

	+nfsproc_create_2_svc(createargs *ap, struct svc_req *rp)

	 {

	 	static diropres ret;

	 	static nfs_fh handle;

	@@ -545,9 +525,7 @@

	 

	 

	 nfsstat *

	-nfsproc_remove_2(ap,rp)

	-     diropargs *ap;

	-     SR rp;

	+nfsproc_remove_2_svc(diropargs *ap, struct svc_req *rp)

	 {

	 	static nfsstat ret;

	 	char *s;

	@@ -587,9 +565,7 @@

	 

	 

	 nfsstat *

	-nfsproc_rename_2(ap,rp)

	-     renameargs *ap;

	-     SR rp;

	+nfsproc_rename_2_svc(renameargs *ap, struct svc_req *rp)

	 {

	 	static nfsstat ret;

	 	int uid;

	@@ -643,9 +619,7 @@

	 

	 

	 nfsstat *

	-nfsproc_link_2(ap,rp)

	-     linkargs *ap;

	-     SR rp;

	+nfsproc_link_2_svc(linkargs *ap, struct svc_req *rp)

	 {

	 	static nfsstat ret;

	 	int uid;

	@@ -694,9 +668,7 @@

	 

	 

	 nfsstat *

	-nfsproc_symlink_2(ap,rp)

	-     symlinkargs *ap;

	-     SR rp;

	+nfsproc_symlink_2_svc(symlinkargs *ap, struct svc_req *rp)

	 {

	 	static nfsstat ret;

	 	int uid;

	@@ -743,9 +715,7 @@

	 }

	 

	 diropres *

	-nfsproc_mkdir_2(ap,rp)

	-     createargs *ap;

	-     SR rp;

	+nfsproc_mkdir_2_svc(createargs *ap, struct svc_req *rp)

	 {

	 	static diropres ret;

	 	nfs_fh handle;

	@@ -817,9 +787,7 @@

	 

	 

	 nfsstat *

	-nfsproc_rmdir_2(ap,rp)

	-     diropargs *ap;

	-     SR rp;

	+nfsproc_rmdir_2_svc(diropargs *ap, struct svc_req *rp)

	 {

	 	static nfsstat ret;

	 	char *s;

	@@ -864,9 +832,7 @@

	 /* #define cfsclosedir(x) fhclosedir(x) */

	 

	 readdirres *

	-nfsproc_readdir_2(ap,rp)

	-     readdirargs *ap;

	-     SR rp;

	+nfsproc_readdir_2_svc(readdirargs *ap, struct svc_req *rp)

	 {

	 	static readdirres ret;

	 	int uid;

	@@ -991,9 +957,7 @@

	 }

	 

	 statfsres *

	-nfsproc_statfs_2(ap,rp)

	-     nfs_fh *ap;

	-     SR rp;

	+nfsproc_statfs_2_svc(nfs_fh *ap, struct svc_req *rp)

	 {

	 	static statfsres ret;

	 

	--- cfs-1.3.3.orig/cmkdir.c

	+++ cfs-1.3.3/cmkdir.c

	@@ -18,6 +18,10 @@

	 /*

	  * client cfs mkdir - 1.3.2

	  */

	+#include <unistd.h>

	+#include <sys/types.h>

	+#include <sys/stat.h>

	+#include <fcntl.h>

	 #include <stdio.h>

	 #include <rpc/rpc.h>

	 #include <sys/time.h>

	@@ -50,6 +54,7 @@

	 	unsigned char ek1[128];

	 	unsigned int l;

	 	int keycheck=1;

	+	int rfd; /* File descriptor for /dev/random.*/

	 	

	 	while (--argc && (**++argv == \'-\')) {

	 		for (flg= ++*argv; *flg; ++flg)

	@@ -131,6 +136,11 @@

	 	if (smsize != LARGESMSIZE)

	 		sprintf(pw,\"%s%d\",pword,smsize);

	 	k.cipher=ciph;

	+	rfd = open(\"/dev/random\", O_RDONLY);

	+	if (rfd < 0) {

	+		perror (\"/dev/random\");

	+		exit (1);

	+	}

	 	if (cfmt==0) { 

	 		if (old_pwcrunch(pw,&k)!=0) {

	 			fprintf(stderr,\"Invalid key\\n\");

	@@ -145,7 +155,13 @@

	 		/* now we xor in some truerand bytes for good measure */

	 		bcopy(&k,ekey,32);  /* assumes key material < 32 bytes */

	 		for (i=0; i<32; i++) {

	-			ekey[i] ^= randbyte(); 

	+			char b; /* Random byte */

	+			if (1 != read (rfd, &b, 1))

	+			{

	+				perror (\"/dev/random read 1\");

	+				exit (1);

	+			}

	+			ekey[i] ^= b;

	 		}

	 		encrypt_key(&k,ekey);

	 		bcopy(ekey,ek1,32);

	@@ -159,7 +175,12 @@

	 	sprintf(path,\"%s/...\",argv[0]);

	 	strcpy(str,\"qua!\");

	 	/* now randomize the end of str.. */

	-	r = trand32();

	+	if (sizeof (r) != read (rfd, &r, sizeof(r)))

	+	{

	+		perror (\"/dev/random read long\");

	+		exit (1);

	+	}

	+	(void) close (rfd);

	 	for (i=0; i<4; i++)

	 		str[i+4]=(r<<(i*8))&0377;

	 	copykey(&k,&kt);

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH