removed double xcalloc() function; do not leak memory for these small buffers; added safe xstrcpy()

4 files changed, 11 insertions, 10 deletions

diff --git a/libtac/lib/acct_s.c b/libtac/lib/acct_s.c
index 200dd62..929378a 100644
--- a/libtac/lib/acct_s.c
+++ b/libtac/lib/acct_s.c
@@ -78,7 +78,7 @@ int tac_acct_send(int fd, int type, const char *user, char *tty,
     tb.flags=(u_char) type;
     tb.authen_method=tac_authen_method;
     tb.priv_lvl=tac_priv_lvl;
-    if (tac_login == NULL) {
+    if (tac_login == NULL || !*tac_login) {
         /* default to PAP */
         tb.authen_type = TAC_PLUS_AUTHEN_TYPE_PAP;
     } else {
diff --git a/libtac/lib/authen_s.c b/libtac/lib/authen_s.c
index 8cb7cb9..87dcb74 100644
--- a/libtac/lib/authen_s.c
+++ b/libtac/lib/authen_s.c
@@ -51,7 +51,7 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty,
     th=_tac_req_header(TAC_PLUS_AUTHEN, 0);
 
     /* set some header options */
-    if ((tac_login != NULL) && (strcmp(tac_login,"login") == 0)) {
+    if (tac_login != NULL && !strcmp(tac_login,"login")) {
         th->version = TAC_PLUS_VER_0;
     } else {
         th->version = TAC_PLUS_VER_1;
@@ -62,7 +62,7 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty,
         __FUNCTION__, user, tty, r_addr, \
         (tac_encryption) ? "yes" : "no"))        
         
-    if ((tac_login != NULL) && (strcmp(tac_login,"chap") == 0)) {
+    if (tac_login != NULL && !strcmp(tac_login,"chap")) {
         chal_len = strlen(chal);
         mdp_len = sizeof(u_char) + strlen(pass) + chal_len;
         mdp = (u_char *) xcalloc(1, mdp_len);
@@ -90,13 +90,13 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty,
     /* fill the body of message */
     tb.action = TAC_PLUS_AUTHEN_LOGIN;
     tb.priv_lvl = tac_priv_lvl;
-    if (tac_login == NULL) {
+    if (tac_login == NULL || !*tac_login) {
         /* default to PAP */
         tb.authen_type = TAC_PLUS_AUTHEN_TYPE_PAP;
     } else {
-        if (strcmp(tac_login,"chap") == 0) {
+        if (!strcmp(tac_login,"chap")) {
             tb.authen_type = TAC_PLUS_AUTHEN_TYPE_CHAP;
-        } else if (strcmp(tac_login,"login") == 0) {
+        } else if (!strcmp(tac_login,"login")) {
             tb.authen_type = TAC_PLUS_AUTHEN_TYPE_ASCII;
         } else {
             tb.authen_type = TAC_PLUS_AUTHEN_TYPE_PAP;
diff --git a/libtac/lib/header.c b/libtac/lib/header.c
index dd04c92..73c4f13 100644
--- a/libtac/lib/header.c
+++ b/libtac/lib/header.c
@@ -33,10 +33,11 @@ int session_id;
 int tac_encryption = 0;
 
 /* Pointer to TACACS+ shared secret string. */
+/* note: tac_secret will point to tacplus_server[i].key */
 const char *tac_secret = NULL;
 
-/* Pointer to TACACS+ shared login string. */
-char *tac_login = NULL; /* default is PAP */
+/* TACACS+ shared login string. */
+char tac_login[64]; /* default is PAP */
 
 /* priv_lvl */
 int tac_priv_lvl = TAC_PLUS_PRIV_LVL_MIN;
diff --git a/libtac/lib/xalloc.c b/libtac/lib/xalloc.c
index ce34c44..d749b52 100644
--- a/libtac/lib/xalloc.c
+++ b/libtac/lib/xalloc.c
@@ -23,7 +23,7 @@
 #include "xalloc.h"
 
 void *xcalloc(size_t nmemb, size_t size) {
-    register void *val = calloc(nmemb, size);
+    void *val = calloc(nmemb, size);
     if(val == 0) {
         TACSYSLOG((LOG_ERR, "%s: calloc(%u,%u) failed", __FUNCTION__,\
             (unsigned) nmemb, (unsigned) size))
@@ -33,7 +33,7 @@ void *xcalloc(size_t nmemb, size_t size) {
 }
 
 void *xrealloc(void *ptr, size_t size) {
-    register void *val = realloc(ptr, size);
+    void *val = realloc(ptr, size);
     if(val == 0) {
         TACSYSLOG((LOG_ERR, "%s: realloc(%u) failed", __FUNCTION__, (unsigned) size))
         exit(1);