From: John Marino <draco@marino.st>
Date: Tue, 10 Feb 2015 21:38:44 +0000 (+0100)
Subject: opiekey (contrib): Fix serious (?) [-Wsizeof-pointer-memaccess]
X-Git-Tag: v4.2.0rc~870
X-Git-Url: https://gitweb.dragonflybsd.org/~tuxillo/dragonfly.git/commitdiff_plain/5f1ce051ad92f90610afb9534cd26ba1ab6b7086

opiekey (contrib): Fix serious (?) [-Wsizeof-pointer-memaccess]

On a password verification function of opiekey, the amount of bytes
allocated to a secret was 4 bytes of i386 and 8 bytes of x86-64.  Memset
was using the size of the pointer to allocate memory.

Change 3 instances of this to size OPIE_SECRET_MAX + 1 to fix it.
FYI this vendor branch is like 16 years old...
---

diff --git a/contrib/opie/opiekey.c b/contrib/opie/opiekey.c
index 4fdffb5003..0ca884c9ad 100644
--- a/contrib/opie/opiekey.c
+++ b/contrib/opie/opiekey.c
@@ -110,19 +110,19 @@ static void getsecret FUNCTION((secret, promptextra, retype), char *secret AND c
     if (!opiereadpass(verify, OPIE_SECRET_MAX, 0)) {
       fprintf(stderr, "Error reading %ssecret pass phrase!\n", promptextra);
       memset(verify, 0, sizeof(verify));
-      memset(secret, 0, sizeof(secret));
+      memset(secret, 0, sizeof(verify));
       exit(1);
     }
     if (verify[0] && strcmp(verify, secret)) {
       fprintf(stderr, "They don't match. Try again.\n");
       memset(verify, 0, sizeof(verify));
-      memset(secret, 0, sizeof(secret));
+      memset(secret, 0, sizeof(verify));
       exit(1);
     }
     memset(verify, 0, sizeof(verify));
   }
   if (!(flags & 2) && !aflag && opiepasscheck(secret)) {
-    memset(secret, 0, sizeof(secret));
+    memset(secret, 0, OPIE_SECRET_MAX + 1);
     fprintf(stderr, "Secret pass phrases must be between %d and %d characters long.\n", OPIE_SECRET_MIN, OPIE_SECRET_MAX);
     exit(1);
   };