ports/security/gvm-libs/patches/patch-util_passwordbasedauthentication_c

Index: util/passwordbasedauthentication.c
--- util/passwordbasedauthentication.c.orig
+++ util/passwordbasedauthentication.c
@@ -26,7 +26,13 @@
 // UFC_crypt defines crypt_r when only when __USE_GNU is set
 // this shouldn't affect other implementations
 #define __USE_GNU
+#if defined(__OpenBSD__)
+#if HAS_CRYPT_R
+#include <unistd.h>
+#endif
+#else
 #include <crypt.h>
+#endif
 // INVALID_HASH is used on verify when the given hash is a NULL pointer.
 // This is done to not directly jump to exit with a INVALID_HASH result
 // but rather keep calculating to make it a little bit harder to guess
@@ -166,16 +172,7 @@ pba_finalize (struct PBASettings *settings)
   free (settings);
 }
 
-static int
-pba_is_phc_compliant (const char *setting)
-{
-  if (setting == NULL)
-    {
-      return 1;
-    }
-  return strlen (setting) > 1 && setting[0] == '$';
-}
-
+#if HAS_CRYPT_R
 char *
 pba_hash (struct PBASettings *setting, const char *password)
 {
@@ -204,8 +201,8 @@ pba_hash (struct PBASettings *setting, const char *pas
   rslt = crypt_r (password, settings, data);
   if (rslt == NULL)
     goto exit;
-  result = calloc (1, CRYPT_OUTPUT_SIZE);
-  memcpy (result, rslt, CRYPT_OUTPUT_SIZE);
+  result = malloc (CRYPT_OUTPUT_SIZE);
+  strncpy (result, rslt, CRYPT_OUTPUT_SIZE);
   // remove pepper, by jumping to begin of applied pepper within result
   // and overriding it.
   tmp = result + (tmp - settings);
@@ -239,8 +236,8 @@ pba_verify_hash (const struct PBASettings *setting, co
     {
       data = calloc (1, sizeof (struct crypt_data));
       // manipulate hash to reapply pepper
-      tmp = calloc (1, CRYPT_OUTPUT_SIZE);
-      memcpy (tmp, hash ? hash : INVALID_HASH, CRYPT_OUTPUT_SIZE);
+      tmp = malloc (CRYPT_OUTPUT_SIZE);
+      strncpy (tmp, hash ? hash : INVALID_HASH, CRYPT_OUTPUT_SIZE);
       cmp = strrchr (tmp, '$');
       for (i = MAX_PEPPER_SIZE - 1; i > -1; i--)
         {
@@ -279,3 +276,4 @@ exit:
     free (tmp);
   return result;
 }
+#endif /* #if HAS_CRYPT_R */
SecBSD's official ports repository 2023-08-16 22:26:55 +00:00			`Index: util/passwordbasedauthentication.c`
			`--- util/passwordbasedauthentication.c.orig`
			`+++ util/passwordbasedauthentication.c`
			`@@ -26,7 +26,13 @@`
			`// UFC_crypt defines crypt_r when only when __USE_GNU is set`
			`// this shouldn't affect other implementations`
			`#define __USE_GNU`
			`+#if defined(__OpenBSD__)`
			`+#if HAS_CRYPT_R`
			`+#include <unistd.h>`
			`+#endif`
			`+#else`
			`#include <crypt.h>`
			`+#endif`
			`// INVALID_HASH is used on verify when the given hash is a NULL pointer.`
			`// This is done to not directly jump to exit with a INVALID_HASH result`
			`// but rather keep calculating to make it a little bit harder to guess`
			`@@ -166,16 +172,7 @@ pba_finalize (struct PBASettings *settings)`
			`free (settings);`
			`}`

			`-static int`
			`-pba_is_phc_compliant (const char *setting)`
			`-{`
			`- if (setting == NULL)`
			`- {`
			`- return 1;`
			`- }`
			`- return strlen (setting) > 1 && setting[0] == '$';`
			`-}`
			`-`
			`+#if HAS_CRYPT_R`
			`char *`
			`pba_hash (struct PBASettings setting, const char password)`
			`{`
			`@@ -204,8 +201,8 @@ pba_hash (struct PBASettings setting, const char pas`
			`rslt = crypt_r (password, settings, data);`
			`if (rslt == NULL)`
			`goto exit;`
			`- result = calloc (1, CRYPT_OUTPUT_SIZE);`
			`- memcpy (result, rslt, CRYPT_OUTPUT_SIZE);`
			`+ result = malloc (CRYPT_OUTPUT_SIZE);`
			`+ strncpy (result, rslt, CRYPT_OUTPUT_SIZE);`
			`// remove pepper, by jumping to begin of applied pepper within result`
			`// and overriding it.`
			`tmp = result + (tmp - settings);`
			`@@ -239,8 +236,8 @@ pba_verify_hash (const struct PBASettings *setting, co`
			`{`
			`data = calloc (1, sizeof (struct crypt_data));`
			`// manipulate hash to reapply pepper`
			`- tmp = calloc (1, CRYPT_OUTPUT_SIZE);`
			`- memcpy (tmp, hash ? hash : INVALID_HASH, CRYPT_OUTPUT_SIZE);`
			`+ tmp = malloc (CRYPT_OUTPUT_SIZE);`
			`+ strncpy (tmp, hash ? hash : INVALID_HASH, CRYPT_OUTPUT_SIZE);`
			`cmp = strrchr (tmp, '$');`
			`for (i = MAX_PEPPER_SIZE - 1; i > -1; i--)`
			`{`
			`@@ -279,3 +276,4 @@ exit:`
			`free (tmp);`
			`return result;`
			`}`
			`+#endif /* #if HAS_CRYPT_R */`