Index: bufaux.c
===================================================================
RCS file: /var/cvs/openssh/bufaux.c,v
retrieving revision 1.24
diff -u -r1.24 bufaux.c
--- bufaux.c	22 Jan 2002 12:33:32 -0000	1.24
+++ bufaux.c	23 Apr 2002 23:58:06 -0000
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.22 2002/01/18 18:14:17 stevesk Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.25 2002/04/20 09:14:58 markus Exp $");
 
 #include <openssl/bn.h>
 #include "bufaux.h"
@@ -137,10 +137,18 @@
 	BN_bin2bn(bin, len, value);
 	xfree(bin);
 }
-
 /*
- * Returns an integer from the buffer (4 bytes, msb first).
+ * Returns integers from the buffer (msb first).
  */
+
+u_short
+buffer_get_short(Buffer *buffer)
+{
+	u_char buf[2];
+	buffer_get(buffer, (char *) buf, 2);
+	return GET_16BIT(buf);
+}
+
 u_int
 buffer_get_int(Buffer *buffer)
 {
@@ -160,8 +168,16 @@
 #endif
 
 /*
- * Stores an integer in the buffer in 4 bytes, msb first.
+ * Stores integers in the buffer, msb first.
  */
+void
+buffer_put_short(Buffer *buffer, u_short value)
+{
+	char buf[2];
+	PUT_16BIT(buf, value);
+	buffer_append(buffer, buf, 2);
+}
+
 void
 buffer_put_int(Buffer *buffer, u_int value)
 {
Index: bufaux.h
===================================================================
RCS file: /var/cvs/openssh/bufaux.h,v
retrieving revision 1.17
diff -u -r1.17 bufaux.h
--- bufaux.h	5 Mar 2002 18:59:45 -0000	1.17
+++ bufaux.h	23 Apr 2002 23:58:06 -0000
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bufaux.h,v 1.16 2002/03/04 17:27:39 stevesk Exp $	*/
+/*	$OpenBSD: bufaux.h,v 1.18 2002/04/20 09:14:58 markus Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -22,6 +22,9 @@
 void    buffer_put_bignum2(Buffer *, BIGNUM *);
 void	buffer_get_bignum(Buffer *, BIGNUM *);
 void	buffer_get_bignum2(Buffer *, BIGNUM *);
+
+u_short	buffer_get_short(Buffer *);
+void	buffer_put_short(Buffer *, u_short);
 
 u_int	buffer_get_int(Buffer *);
 void    buffer_put_int(Buffer *, u_int);
Index: radix.c
===================================================================
RCS file: /var/cvs/openssh/radix.c,v
retrieving revision 1.13
diff -u -r1.13 radix.c
--- radix.c	6 Dec 2001 16:39:57 -0000	1.13
+++ radix.c	23 Apr 2002 23:58:08 -0000
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 1999 Dug Song.  All rights reserved.
+ * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -25,190 +26,133 @@
 #include "includes.h"
 #include "uuencode.h"
 
-RCSID("$OpenBSD: radix.c,v 1.17 2001/11/19 19:02:16 mpech Exp $");
+RCSID("$OpenBSD: radix.c,v 1.19 2002/04/22 06:15:47 markus Exp $");
 
 #ifdef AFS
 #include <krb.h>
 
 #include <radix.h>
+#include "bufaux.h"
 
-typedef u_char my_u_char;
-typedef u_int my_u_int32_t;
-typedef u_short my_u_short;
-
-/* Nasty macros from BIND-4.9.2 */
-
-#define GETSHORT(s, cp) { \
-	my_u_char *t_cp = (my_u_char *)(cp); \
-	(s) = (((my_u_short)t_cp[0]) << 8) \
-	    | (((my_u_short)t_cp[1])) \
-	    ; \
-	(cp) += 2; \
-}
-
-#define GETLONG(l, cp) { \
-	my_u_char *t_cp = (my_u_char *)(cp); \
-	(l) = (((my_u_int32_t)t_cp[0]) << 24) \
-	    | (((my_u_int32_t)t_cp[1]) << 16) \
-	    | (((my_u_int32_t)t_cp[2]) << 8) \
-	    | (((my_u_int32_t)t_cp[3])) \
-	    ; \
-	(cp) += 4; \
-}
-
-#define PUTSHORT(s, cp) { \
-	my_u_short t_s = (my_u_short)(s); \
-	my_u_char *t_cp = (my_u_char *)(cp); \
-	*t_cp++ = t_s >> 8; \
-	*t_cp   = t_s; \
-	(cp) += 2; \
-}
+int
+creds_to_radix(CREDENTIALS *creds, u_char *buf, size_t buflen)
+{
+	Buffer b;
+	int ret;
 
-#define PUTLONG(l, cp) { \
-	my_u_int32_t t_l = (my_u_int32_t)(l); \
-	my_u_char *t_cp = (my_u_char *)(cp); \
-	*t_cp++ = t_l >> 24; \
-	*t_cp++ = t_l >> 16; \
-	*t_cp++ = t_l >> 8; \
-	*t_cp   = t_l; \
-	(cp) += 4; \
-}
+	buffer_init(&b);
 
-#define GETSTRING(s, p, p_l) {			\
-    char *p_targ = (p) + p_l;		\
-    char *s_c = (s);			\
-    char *p_c = (p);			\
-    while (*p_c && (p_c < p_targ)) {		\
-	*s_c++ = *p_c++;			\
-    }						\
-    if (p_c == p_targ) {			\
-	return 1;				\
-    }						\
-    *s_c = *p_c++;				\
-    (p_l) = (p_l) - (p_c - (p));		\
-    (p) = p_c;					\
-}
+	buffer_put_char(&b, 1);	/* version */
 
+	buffer_append(&b, creds->service, strlen(creds->service));
+	buffer_put_char(&b, '\0');
+	buffer_append(&b, creds->instance, strlen(creds->instance));
+	buffer_put_char(&b, '\0');
+	buffer_append(&b, creds->realm, strlen(creds->realm));
+	buffer_put_char(&b, '\0');
+	buffer_append(&b, creds->pname, strlen(creds->pname));
+	buffer_put_char(&b, '\0');
+	buffer_append(&b, creds->pinst, strlen(creds->pinst));
+	buffer_put_char(&b, '\0');
 
-int
-creds_to_radix(CREDENTIALS *creds, u_char *buf, size_t buflen)
-{
-	char *p, *s;
-	int len;
-	char temp[2048];
-
-	p = temp;
-	*p++ = 1;		/* version */
-	s = creds->service;
-	while (*s)
-		*p++ = *s++;
-	*p++ = *s;
-	s = creds->instance;
-	while (*s)
-		*p++ = *s++;
-	*p++ = *s;
-	s = creds->realm;
-	while (*s)
-		*p++ = *s++;
-	*p++ = *s;
-
-	s = creds->pname;
-	while (*s)
-		*p++ = *s++;
-	*p++ = *s;
-	s = creds->pinst;
-	while (*s)
-		*p++ = *s++;
-	*p++ = *s;
 	/* Null string to repeat the realm. */
-	*p++ = '\0';
-
-	PUTLONG(creds->issue_date, p);
-	{
-		u_int endTime;
-		endTime = (u_int) krb_life_to_time(creds->issue_date,
-							  creds->lifetime);
-		PUTLONG(endTime, p);
-	}
-
-	memcpy(p, &creds->session, sizeof(creds->session));
-	p += sizeof(creds->session);
-
-	PUTSHORT(creds->kvno, p);
-	PUTLONG(creds->ticket_st.length, p);
-
-	memcpy(p, creds->ticket_st.dat, creds->ticket_st.length);
-	p += creds->ticket_st.length;
-	len = p - temp;
+	buffer_put_char(&b, '\0');
 
-	return (uuencode((u_char *)temp, len, (char *)buf, buflen));
-}
+	buffer_put_int(&b, creds->issue_date);
+	buffer_put_int(&b, krb_life_to_time(creds->issue_date,
+	    creds->lifetime));
+	buffer_append(&b, creds->session, sizeof(creds->session));
+	buffer_put_short(&b, creds->kvno);
+
+	/* 32 bit size + data */
+	buffer_put_string(&b, creds->ticket_st.dat,
+	    creds->ticket_st.length);
+
+	ret = uuencode(buffer_ptr(&b), buffer_len(&b), (char *)buf, buflen);
+
+	buffer_free(&b);
+	return ret;
+}
+
+#define GETSTRING(b, t, tlen) \
+	do { \
+		int i, found = 0; \
+		for (i = 0; i < tlen; i++) { \
+			if (buffer_len(b) == 0) \
+				goto done; \
+			t[i] = buffer_get_char(b); \
+			if (t[i] == '\0') { \
+				found = 1; \
+				break; \
+			} \
+		} \
+		if (!found) \
+			goto done; \
+	} while(0)
 
 int
 radix_to_creds(const char *buf, CREDENTIALS *creds)
 {
+	Buffer b;
+	char c, version, *space, *p;
+	u_int endTime;
+	int len, blen, ret;
 
-	char *p;
-	int len, tl;
-	char version;
-	char temp[2048];
+	ret = 0;
+	blen = strlen(buf);
 
-	len = uudecode(buf, (u_char *)temp, sizeof(temp));
-	if (len < 0)
+	/* sanity check for size */
+	if (blen > 8192)
 		return 0;
 
-	p = temp;
+	buffer_init(&b);
+	space = buffer_append_space(&b, blen);
 
 	/* check version and length! */
+	len = uudecode(buf, space, blen);
 	if (len < 1)
-		return 0;
-	version = *p;
-	p++;
-	len--;
-
-	GETSTRING(creds->service, p, len);
-	GETSTRING(creds->instance, p, len);
-	GETSTRING(creds->realm, p, len);
+		goto done;
 
-	GETSTRING(creds->pname, p, len);
-	GETSTRING(creds->pinst, p, len);
-	/* Ignore possibly different realm. */
-	while (*p && len)
-		p++, len--;
-	if (len == 0)
-		return 0;
-	p++, len--;
+	version = buffer_get_char(&b);
 
-	/* Enough space for remaining fixed-length parts? */
-	if (len < (4 + 4 + sizeof(creds->session) + 2 + 4))
-		return 0;
+	GETSTRING(&b, creds->service, sizeof creds->service);
+	GETSTRING(&b, creds->instance, sizeof creds->instance);
+	GETSTRING(&b, creds->realm, sizeof creds->realm);
+	GETSTRING(&b, creds->pname, sizeof creds->pname);
+	GETSTRING(&b, creds->pinst, sizeof creds->pinst);
 
-	GETLONG(creds->issue_date, p);
-	len -= 4;
-	{
-		u_int endTime;
-		GETLONG(endTime, p);
-		len -= 4;
-		creds->lifetime = krb_time_to_life(creds->issue_date, endTime);
-	}
-
-	memcpy(&creds->session, p, sizeof(creds->session));
-	p += sizeof(creds->session);
-	len -= sizeof(creds->session);
-
-	GETSHORT(creds->kvno, p);
-	len -= 2;
-	GETLONG(creds->ticket_st.length, p);
-	len -= 4;
+	if (buffer_len(&b) == 0)
+		goto done;
 
-	tl = creds->ticket_st.length;
-	if (tl < 0 || tl > len || tl > sizeof(creds->ticket_st.dat))
-		return 0;
+	/* Ignore possibly different realm. */
+	while (buffer_len(&b) > 0 && (c = buffer_get_char(&b)) != '\0')
+		;
+
+	if (buffer_len(&b) == 0)
+		goto done;
 
-	memcpy(creds->ticket_st.dat, p, tl);
-	p += tl;
-	len -= tl;
+	creds->issue_date = buffer_get_int(&b);
 
-	return 1;
+	endTime = buffer_get_int(&b);
+	creds->lifetime = krb_time_to_life(creds->issue_date, endTime);
+
+	len = buffer_len(&b);
+	if (len < sizeof(creds->session))
+		goto done;
+	memcpy(&creds->session, buffer_ptr(&b), sizeof(creds->session));
+	buffer_consume(&b, sizeof(creds->session));
+
+	creds->kvno = buffer_get_short(&b);
+
+	p = buffer_get_string(&b, &len);
+	if (len < 0 || len > sizeof(creds->ticket_st.dat))
+		goto done;
+	memcpy(&creds->ticket_st.dat, p, len);
+	creds->ticket_st.length = len;
+	
+	ret = 1;
+done:
+	buffer_free(&b);
+	return ret;
 }
 #endif /* AFS */