annotate srogue/xcrypt.c @ 176:db1c9a21a7c3

srogue: prevent overflowing the score file name. If SCOREFILE is not defined, roguehome() is called to find a directory for the score file. It copies up to PATH_MAX-20 bytes from an environment variable to a static buffer. Later these are strcpy()'d to scorefile, which is of size LINLEN. Unfortunately LINLEN is 80 and PATH_MAX is at least 256. On Linux, it happens to be 4096. I haven't yet managed to crash or exploit it, but there are surely no beneficial consequences, so roguehome() has been modified to check the length, and the string it returns is also checked in main().
author John "Elwin" Edwards
date Sun, 02 Aug 2015 12:14:47 -0400
parents e6c8652473fe
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
36
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
1 /*
121
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
2 * FreeSec: libcrypt
36
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
3 *
121
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
4 * Copyright (C) 1994 David Burren
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
5 * All rights reserved.
36
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
6 *
121
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
7 * Redistribution and use in source and binary forms, with or without
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
8 * modification, are permitted provided that the following conditions
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
9 * are met:
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
10 * 1. Redistributions of source code must retain the above copyright
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
11 * notice, this list of conditions and the following disclaimer.
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
14 * documentation and/or other materials provided with the distribution.
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
15 * 3. Neither the name(s) of the author(s) nor the names of other contributors
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
16 * may be used to endorse or promote products derived from this software
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
17 * without specific prior written permission.
36
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
18 *
121
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTORS ``AS IS'' AND
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTORS BE LIABLE
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
29 * SUCH DAMAGE.
36
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
30 *
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
31 *
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
32 * This is an original implementation of the DES and the crypt(3) interfaces
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
33 * by David Burren <davidb@werj.com.au>.
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
34 *
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
35 * An excellent reference on the underlying algorithm (and related
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
36 * algorithms) is:
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
37 *
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
38 * B. Schneier, Applied Cryptography: protocols, algorithms,
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
39 * and source code in C, John Wiley & Sons, 1994.
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
40 *
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
41 * Note that in that book's description of DES the lookups for the initial,
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
42 * pbox, and final permutations are inverted (this has been brought to the
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
43 * attention of the author). A list of errata for this book has been
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
44 * posted to the sci.crypt newsgroup by the author and is available for FTP.
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
45 *
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
46 * NOTE:
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
47 * This file has a static version of des_setkey() so that crypt.o exports
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
48 * only the crypt() interface. This is required to make binaries linked
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
49 * against crypt.o exportable or re-exportable from the USA.
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
50 */
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
51
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
52 #include <sys/types.h>
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
53 #include <string.h>
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
54
121
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
55 static unsigned int md_endian = 0x01020304;
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
56
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
57 unsigned int
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
58 xntohl(unsigned int x)
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
59 {
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
60 if ( *((char *)&md_endian) == 0x01 )
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
61 return(x);
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
62 else
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
63 return( ((x & 0x000000ffU) << 24) |
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
64 ((x & 0x0000ff00U) << 8) |
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
65 ((x & 0x00ff0000U) >> 8) |
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
66 ((x & 0xff000000U) >> 24) );
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
67 }
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
68
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
69 unsigned int
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
70 xhtonl(unsigned int x)
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
71 {
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
72 if ( *((char *)&md_endian) == 0x01 )
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
73 return(x);
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
74 else
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
75 return( ((x & 0x000000ffU) << 24) |
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
76 ((x & 0x0000ff00U) << 8) |
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
77 ((x & 0x00ff0000U) >> 8) |
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
78 ((x & 0xff000000U) >> 24) );
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
79 }
e6c8652473fe srogue: more compatibility improvements.
John "Elwin" Edwards
parents: 119
diff changeset
80
36
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
81 #define _PASSWORD_EFMT1 '_'
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
82
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
83 static unsigned char IP[64] = {
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
84 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
85 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
86 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
87 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
88 };
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
89
2128c7dc8a40 Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
90 static unsigned char inv_key_perm[64];