Plan 9 from Bell Labs 2007-09-02

dist/replica/_plan9.db

@@ -5512,7 +5512,7 @@ rc/bin/ipconf/outside - 775 sys sys 1058790951 550
 rc/bin/ipconf/theworld - 775 sys sys 1058790940 1212
 rc/bin/ipso - 775 sys sys 1079377794 2838
 rc/bin/ipv6on - 775 sys sys 1186362803 2047
-rc/bin/iwhois - 775 sys sys 1143979502 1637
+rc/bin/iwhois - 775 sys sys 1188682646 1792
 rc/bin/juke - 775 sys sys 1105565140 1131
 rc/bin/kill - 775 sys sys 1143389260 142
 rc/bin/kmem - 775 sys sys 1141940177 468
@@ -9624,18 +9624,18 @@ sys/src/cmd/auth/rsafill.c - 664 sys sys 1048614963 747
 sys/src/cmd/auth/rsagen.c - 664 sys sys 1048614963 992
 sys/src/cmd/auth/secstore - 20000000775 sys sys 1106575527 0
 sys/src/cmd/auth/secstore/SConn.c - 664 sys sys 1064789003 4419
-sys/src/cmd/auth/secstore/SConn.h - 664 sys sys 1015008431 955
+sys/src/cmd/auth/secstore/SConn.h - 664 sys sys 1188694756 952
 sys/src/cmd/auth/secstore/aescbc.c - 664 sys sys 1143465912 4063
 sys/src/cmd/auth/secstore/dirls.c - 664 sys sys 1062277640 1842
 sys/src/cmd/auth/secstore/mkfile - 664 sys sys 1106577499 836
 sys/src/cmd/auth/secstore/pak.c - 664 sys sys 1140272943 9314
 sys/src/cmd/auth/secstore/password.c - 664 sys sys 1180417351 3038
 sys/src/cmd/auth/secstore/secchk.c - 664 sys sys 1172776633 565
-sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1181068567 12637
-sys/src/cmd/auth/secstore/secstore.h - 664 sys sys 1106575526 859
-sys/src/cmd/auth/secstore/secstored.c - 664 sys sys 1140272944 8087
+sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1188695265 12518
+sys/src/cmd/auth/secstore/secstore.h - 664 sys sys 1188694756 881
+sys/src/cmd/auth/secstore/secstored.c - 664 sys sys 1188695492 8000
 sys/src/cmd/auth/secstore/secuser.c - 664 sys sys 1143465899 5136
-sys/src/cmd/auth/secstore/util.c - 664 sys sys 1143694883 1741
+sys/src/cmd/auth/secstore/util.c - 664 sys sys 1188695121 1818
 sys/src/cmd/auth/secureidcheck.c - 664 sys sys 1172776708 9914
 sys/src/cmd/auth/status - 775 sys sys 1015008430 738
 sys/src/cmd/auth/uniq.c - 664 sys sys 1140272945 1440
@@ -15631,3 +15631,7 @@ usr/glenda/lib/profile - 664 glenda glenda 1105128663 890
 usr/glenda/readme.acme - 664 glenda glenda 1019860628 4753
 usr/glenda/readme.rio - 664 glenda glenda 1019860628 6370
 usr/glenda/tmp - 20000000775 glenda glenda 1018802620 0
+386/bin/auth/aescbc - 775 sys sys 1188702764 140221
+386/bin/auth/secstore - 775 sys sys 1188702769 192724
+386/bin/auth/secstored - 775 sys sys 1188702773 197480
+386/bin/auth/secuser - 775 sys sys 1188702776 149443

dist/replica/plan9.db

@@ -42,7 +42,7 @@
 386/bin/ascii - 775 sys sys 1168402265 64884
 386/bin/astro - 775 sys sys 1178568245 137403
 386/bin/auth - 20000000775 sys sys 1016920815 0
-386/bin/auth/aescbc - 775 sys sys 1188446810 140180
+386/bin/auth/aescbc - 775 sys sys 1188702764 140221
 386/bin/auth/asn12rsa - 775 sys sys 1188446816 121912
 386/bin/auth/authsrv - 775 sys sys 1188446820 165258
 386/bin/auth/changeuser - 775 sys sys 1178568246 96020
@@ -70,9 +70,9 @@
 386/bin/auth/rsafill - 775 sys sys 1168402273 143968
 386/bin/auth/rsagen - 775 sys sys 1178568249 151953
 386/bin/auth/secretpem - 775 sys sys 1045537944 118526
-386/bin/auth/secstore - 775 sys sys 1188446862 192819
-386/bin/auth/secstored - 775 sys sys 1188446866 197609
-386/bin/auth/secuser - 775 sys sys 1188446870 149410
+386/bin/auth/secstore - 775 sys sys 1188702769 192724
+386/bin/auth/secstored - 775 sys sys 1188702773 197480
+386/bin/auth/secuser - 775 sys sys 1188702776 149443
 386/bin/auth/status - 775 sys sys 1020319060 738
 386/bin/auth/uniq - 775 sys sys 1168402275 63314
 386/bin/auth/warning - 775 sys sys 1179372071 99970
@@ -5512,7 +5512,7 @@ rc/bin/ipconf/outside - 775 sys sys 1058790951 550
 rc/bin/ipconf/theworld - 775 sys sys 1058790940 1212
 rc/bin/ipso - 775 sys sys 1079377794 2838
 rc/bin/ipv6on - 775 sys sys 1186362803 2047
-rc/bin/iwhois - 775 sys sys 1143979502 1637
+rc/bin/iwhois - 775 sys sys 1188682646 1792
 rc/bin/juke - 775 sys sys 1105565140 1131
 rc/bin/kill - 775 sys sys 1143389260 142
 rc/bin/kmem - 775 sys sys 1141940177 468
@@ -9624,18 +9624,18 @@ sys/src/cmd/auth/rsafill.c - 664 sys sys 1048614963 747
 sys/src/cmd/auth/rsagen.c - 664 sys sys 1048614963 992
 sys/src/cmd/auth/secstore - 20000000775 sys sys 1106575527 0
 sys/src/cmd/auth/secstore/SConn.c - 664 sys sys 1064789003 4419
-sys/src/cmd/auth/secstore/SConn.h - 664 sys sys 1015008431 955
+sys/src/cmd/auth/secstore/SConn.h - 664 sys sys 1188694756 952
 sys/src/cmd/auth/secstore/aescbc.c - 664 sys sys 1143465912 4063
 sys/src/cmd/auth/secstore/dirls.c - 664 sys sys 1062277640 1842
 sys/src/cmd/auth/secstore/mkfile - 664 sys sys 1106577499 836
 sys/src/cmd/auth/secstore/pak.c - 664 sys sys 1140272943 9314
 sys/src/cmd/auth/secstore/password.c - 664 sys sys 1180417351 3038
 sys/src/cmd/auth/secstore/secchk.c - 664 sys sys 1172776633 565
-sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1181068567 12637
-sys/src/cmd/auth/secstore/secstore.h - 664 sys sys 1106575526 859
-sys/src/cmd/auth/secstore/secstored.c - 664 sys sys 1140272944 8087
+sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1188695265 12518
+sys/src/cmd/auth/secstore/secstore.h - 664 sys sys 1188694756 881
+sys/src/cmd/auth/secstore/secstored.c - 664 sys sys 1188695492 8000
 sys/src/cmd/auth/secstore/secuser.c - 664 sys sys 1143465899 5136
-sys/src/cmd/auth/secstore/util.c - 664 sys sys 1143694883 1741
+sys/src/cmd/auth/secstore/util.c - 664 sys sys 1188695121 1818
 sys/src/cmd/auth/secureidcheck.c - 664 sys sys 1172776708 9914
 sys/src/cmd/auth/status - 775 sys sys 1015008430 738
 sys/src/cmd/auth/uniq.c - 664 sys sys 1140272945 1440

dist/replica/plan9.log

@@ -52361,3 +52361,15 @@
 1188583203 167 d sys/src/9/ip/il.c - 664 sys sys 1184946959 0
 1188594004 0 c 386/9loaddebug - 775 sys sys 1188593351 435045
 1188594004 1 c 386/9loadlitedebug - 775 sys sys 1188593356 220555
+1188682204 0 c rc/bin/iwhois - 775 sys sys 1188680875 1721
+1188684004 0 c rc/bin/iwhois - 775 sys sys 1188682646 1792
+1188689404 0 c sys/src/cmd/auth/secstore/SConn.h - 664 sys sys 1188688678 960
+1188694804 0 c sys/src/cmd/auth/secstore/SConn.h - 664 sys sys 1188694756 952
+1188694804 1 c sys/src/cmd/auth/secstore/secstore.h - 664 sys sys 1188694756 881
+1188696604 0 c sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1188695265 12518
+1188696604 1 c sys/src/cmd/auth/secstore/secstored.c - 664 sys sys 1188695492 8000
+1188696604 2 c sys/src/cmd/auth/secstore/util.c - 664 sys sys 1188695121 1818
+1188703805 0 c 386/bin/auth/aescbc - 775 sys sys 1188702764 140221
+1188703805 1 c 386/bin/auth/secstore - 775 sys sys 1188702769 192724
+1188703805 2 c 386/bin/auth/secstored - 775 sys sys 1188702773 197480
+1188703805 3 c 386/bin/auth/secuser - 775 sys sys 1188702776 149443

rc/bin/iwhois

@@ -47,6 +47,9 @@ case *.in
 case *.cn
 	machine=whois.cnnic.net.cn
 	fn boilerplate { cat $* }
+case [0-9]*.[0-9]*.[0-9]*.[0-9]*
+	machine=whois.arin.net
+	fn boilerplate { cat $* }
 case *
 	machine=whois.internic.net	# alternate: whois.networksolutions.com
 	fn boilerplate { cat $* }
@@ -56,7 +59,10 @@ fn sigexit {
 	rm -f $file
 }
 echo $person | telnet -nr tcp!$machine!whois > $file
-x=`{ sed -n 's/.*Whois Server: (.*)/\1/p' $file }
+x=`{ sed -n '
+	s/.*Whois Server: (.*)/\1/p
+	s;.*ReferralServer: whois://(.*);\1;p
+	' $file }
 switch($x){
 case ''
 	;			# e.g., for .ca
@@ -64,6 +70,7 @@ case *' '*
 	echo $0: buggery: $x >[1=2]
 	exit botch
 case *
+	# chase the referral chain
 	echo $person | telnet -nr tcp!$x!whois > $file
 }
 boilerplate $file

sys/src/cmd/auth/secstore/SConn.h

@@ -1,26 +1,35 @@
-// delimited, authenticated, encrypted connection
-enum{ Maxmsg=4096 };	// messages > Maxmsg bytes are truncated
-typedef struct SConn SConn;
+/* delimited, authenticated, encrypted connection */
+enum {
+	Maxmsg	= 4096,		/* messages > Maxmsg bytes are truncated */
+};
 
-extern SConn* newSConn(int);	// arg is open file descriptor
-struct SConn{
-	void *chan;
-	int secretlen;
-	int (*secret)(SConn*, uchar*, int);// 
-	int (*read)(SConn*, uchar*, int); // <0 if error;  errmess in buffer
-	int (*write)(SConn*, uchar*, int);
-	void (*free)(SConn*);		// also closes file descriptor
+typedef struct SConn SConn;
+struct SConn {
+	void 	*chan;
+	int 	secretlen;
+	int 	(*secret)(SConn*, uchar*, int);
+	int 	(*read)(SConn*, uchar*, int); /* <0 if error; errmess in buffer */
+	int	(*write)(SConn*, uchar*, int);
+	void	(*free)(SConn*);	/* also closes file descriptor */
 };
-// secret(s,b,dir) sets secret for digest, encrypt, using the secretlen
-//		bytes in b to form keys 	for the two directions;
-//	  set dir=0 in client, dir=1 in server
 
-// error convention: write !message in-band
-extern void writerr(SConn*, char*);
-extern int readstr(SConn*, char*);  // call with buf of size Maxmsg+1
-	// returns -1 upon error, with error message in buf
+SConn *newSConn(int);			/* arg is open file descriptor */
+
+/*
+ * secret(s,b,dir) sets secret for digest, encrypt, using the secretlen
+ *		bytes in b to form keys 	for the two directions;
+ *	  set dir=0 in client, dir=1 in server
+ */
+
+/* error convention: write !message in-band */
+void	writerr(SConn*, char*);
 
-extern void *emalloc(ulong); /* dies on failure; clears memory */
-extern void *erealloc(void *, ulong);
-extern char *estrdup(char *);
+/*
+ * returns -1 upon error, with error message in buf
+ * call with buf of size Maxmsg+1
+ */
+int	readstr(SConn*, char*);
 
+void	*emalloc(ulong);		/* dies on failure; clears memory */
+void	*erealloc(void*, ulong);
+char	*estrdup(char*);

sys/src/cmd/auth/secstore/secstore.c

@@ -35,13 +35,9 @@ getfile(SConn *conn, char *gf, uchar **buf, ulong *buflen, uchar *key, int nkey)
 	AESstate aes;
 	DigestState *sha;
 
-	if(strchr(gf, '/') != nil){
-		fprint(2, "secstore: simple filenames, not paths like %s\n", gf);
-		return -1;
-	}
 	memset(&aes, 0, sizeof aes);
 
-	snprint(s, Maxmsg, "GET %s\n", gf);
+	snprint(s, Maxmsg, "GET %s", gf);
 	conn->write(conn, (uchar*)s, strlen(s));
 
 	/* get file size */
@@ -167,7 +163,7 @@ putfile(SConn *conn, char *pf, uchar *buf, ulong len, uchar *key, int nkey)
 	setupAESstate(&aes, skey, AESbsize, IV);
 	memset(skey, 0, sizeof skey);
 
-	snprint(s, Maxmsg, "PUT %s\n", pf);
+	snprint(s, Maxmsg, "PUT %s", pf);
 	conn->write(conn, (uchar*)s, strlen(s));
 
 	if(buf == nil){
@@ -242,7 +238,7 @@ removefile(SConn *conn, char *rf)
 		return -1;
 	}
 
-	snprint(buf, Maxmsg, "RM %s\n", rf);
+	snprint(buf, Maxmsg, "RM %s", rf);
 	conn->write(conn, (uchar*)buf, strlen(buf));
 
 	return 0;

sys/src/cmd/auth/secstore/secstore.h

@@ -1,31 +1,36 @@
-enum{ MAXFILESIZE = 10*1024*1024 };
+#define LOG		"secstore"
+#define SECSTORE_DIR	"/adm/secstore"
+
+enum {
+	MAXFILESIZE = 10*1024*1024,
+};
 
-enum{// PW status bits
-	Enabled 	= (1<<0),
-	STA 		= (1<<1),	// extra SecurID step
+/* PW status bits */
+enum {
+	Enabled 	= 1<<0,
+	STA 		= 1<<1,	/* extra SecurID step */
 };
 
 typedef struct PW {
-	char *id;		// user id
-	ulong expire;	// expiration time (epoch seconds)
-	ushort status;	// Enabled, STA, ...
-	ushort failed;	// number of failed login attempts
-	char *other;	// other information, e.g. sponsor
-	mpint *Hi;  	// H(passphrase)^-1 mod p
+	char	*id;		/* user id */
+	ulong	expire;		/* expiration time (epoch seconds) */
+	ushort	status;		/* Enabled, STA, ... */
+	ushort	failed;		/* number of failed login attempts */
+	char	*other;		/* other information, e.g. sponsor */
+	mpint	*Hi;  		/* H(passphrase)^-1 mod p */
 } PW;
 
-PW *getPW(char *, int);
-int putPW(PW *);
-void freePW(PW *);
-char* getpassm(char*);
-char *validatefile(char *f);
+void	freePW(PW*);
+PW	*getPW(char*, int);
+char	*getpassm(char*);
+int	putPW(PW*);
+char	*validatefile(char*f);
 
-// *client: SConn, client name, passphrase
-// *server: SConn, (partial) 1st msg, PW entry
-// *setpass: Username, hashed passphrase, PW entry
-int PAKclient(SConn *, char *, char *, char **);
-int PAKserver(SConn *, char *, char *, PW **);
-char *PAK_Hi(char *, char *, mpint *, mpint *);
-
-#define LOG "secstore"
-#define SECSTORE_DIR	"/adm/secstore"
+/*
+ * *client: SConn, client name, passphrase
+ * *server: SConn, (partial) 1st msg, PW entry
+ * *setpass: Username, hashed passphrase, PW entry
+ */
+int	PAKclient(SConn*, char*, char*, char**);
+int	PAKserver(SConn*, char*, char*, PW**);
+char*	PAK_Hi(char*, char*, mpint*, mpint*);

sys/src/cmd/auth/secstore/secstored.c

@@ -1,3 +1,4 @@
+/* secstored - secure store daemon */
 #include <u.h>
 #include <libc.h>
 #include <bio.h>
@@ -7,7 +8,7 @@
 #include "SConn.h"
 #include "secstore.h"
 
-char* secureidcheck(char *, char *);   // from /sys/src/cmd/auth/
+char* secureidcheck(char *, char *);	/* from /sys/src/cmd/auth/ */
 extern char* dirls(char *path);
 
 int verbose;
@@ -16,14 +17,15 @@ Ndb *db;
 static void
 usage(void)
 {
-	fprint(2, "usage: secstored [-R] [-S servername] [-s tcp!*!5356] [-v] [-x netmtpt]\n");
+	fprint(2, "usage: secstored [-R] [-S servername] [-s tcp!*!5356] "
+		"[-v] [-x netmtpt]\n");
 	exits("usage");
 }
 
 static int
 getdir(SConn *conn, char *id)
 {
-	char *ls, *s; 
+	char *ls, *s;
 	uchar *msg;
 	int n, len;
 
@@ -70,14 +72,14 @@ getfile(SConn *conn, char *id, char *gf)
 	snprint(s, Maxmsg, "%s/store/%s/%s", SECSTORE_DIR, id, gf);
 	gd = open(s, OREAD);
 	if(gd < 0){
-		syslog(0, LOG, "can't open %s: %r\n", s);
+		syslog(0, LOG, "can't open %s: %r", s);
 		free(s);
 		conn->write(conn, (uchar*)"-1", 2);
 		return -1;
 	}
 	st = dirfstat(gd);
 	if(st == nil){
-		syslog(0, LOG, "can't stat %s: %r\n", s);
+		syslog(0, LOG, "can't stat %s: %r", s);
 		free(s);
 		conn->write(conn, (uchar*)"-1", 2);
 		return -1;
@@ -86,13 +88,13 @@ getfile(SConn *conn, char *id, char *gf)
 	len = st->length;
 	free(st);
 	if(mode & DMDIR) {
-		syslog(0, LOG, "%s should be a plain file, not a directory\n", s);
+		syslog(0, LOG, "%s should be a plain file, not a directory", s);
 		free(s);
 		conn->write(conn, (uchar*)"-1", 2);
 		return -1;
 	}
 	if(len < 0 || len > MAXFILESIZE){
-		syslog(0, LOG, "implausible filesize %d for %s\n", len, gf);
+		syslog(0, LOG, "implausible filesize %d for %s", len, gf);
 		free(s);
 		conn->write(conn, (uchar*)"-3", 2);
 		return -1;
@@ -104,7 +106,7 @@ getfile(SConn *conn, char *id, char *gf)
 	while(len > 0){
 		n = read(gd, s, Maxmsg);
 		if(n <= 0){
-			syslog(0, LOG, "read error on %s: %r\n", gf);
+			syslog(0, LOG, "read error on %s: %r", gf);
 			free(s);
 			return -1;
 		}
@@ -126,23 +128,18 @@ putfile(SConn *conn, char *id, char *pf)
 	/* get file size */
 	n = readstr(conn, s);
 	if(n < 0){
-		syslog(0, LOG, "remote: %s: %r\n", s);
+		syslog(0, LOG, "remote: %s: %r", s);
 		return -1;
 	}
 	len = atoi(s);
 	if(len == -1){
-		syslog(0, LOG, "remote file %s does not exist\n", pf);
+		syslog(0, LOG, "remote file %s does not exist", pf);
 		return -1;
 	}else if(len < 0 || len > MAXFILESIZE){
-		syslog(0, LOG, "implausible filesize %ld for %s\n", len, pf);
+		syslog(0, LOG, "implausible filesize %ld for %s", len, pf);
 		return -1;
 	}
 
-	/* get file in Maxmsg chunks */
-	if(strchr(pf,'/') != nil || strcmp(pf,"..")==0){
-		syslog(0, LOG, "no slashes allowed: %s\n", pf);
-		return -1;
-	}
 	snprint(s, Maxmsg, "%s/store/%s/%s", SECSTORE_DIR, id, pf);
 	pd = create(s, OWRITE, 0660);
 	if(pd < 0){
@@ -152,7 +149,7 @@ putfile(SConn *conn, char *id, char *pf)
 	while(len > 0){
 		n = conn->read(conn, (uchar*)s, Maxmsg);
 		if(n <= 0){
-			syslog(0, LOG, "empty file chunk\n");
+			syslog(0, LOG, "empty file chunk");
 			return -1;
 		}
 		nw = write(pd, s, n);
@@ -222,7 +219,7 @@ static int
 dologin(int fd, char *S, int forceSTA)
 {
 	int i, n, rv;
-	char *file, *mess;
+	char *file, *mess, *nl;
 	char msg[Maxmsg+1];
 	PW *pw;
 	SConn *conn;
@@ -230,7 +227,7 @@ dologin(int fd, char *S, int forceSTA)
 	pw = nil;
 	rv = -1;
 
-	// collect the first message
+	/* collect the first message */
 	if((conn = newSConn(fd)) == nil)
 		return -1;
 	if(readstr(conn, msg) < 0){
@@ -239,7 +236,7 @@ dologin(int fd, char *S, int forceSTA)
 		goto Out;
 	}
 
-	// authenticate
+	/* authenticate */
 	if(PAKserver(conn, S, msg, &pw) < 0){
 		if(pw != nil)
 			syslog(0, LOG, "secstore denied for %s", pw->id);
@@ -260,8 +257,10 @@ dologin(int fd, char *S, int forceSTA)
 	conn->write(conn, (uchar*)"OK", 2);
 	syslog(0, LOG, "AUTH %s", pw->id);
 
-	// perform operations as asked
+	/* perform operations as asked */
 	while((n = readstr(conn, msg)) > 0){
+		if(nl = strchr(msg, '\n'))
+			*nl = 0;
 		syslog(0, LOG, "[%s] %s", pw->id, msg);
 
 		if(strncmp(msg, "GET ", 4) == 0){
@@ -306,7 +305,7 @@ dologin(int fd, char *S, int forceSTA)
 
 	}
 	if(n <= 0)
-		syslog(0, LOG, "%s closed connection without saying goodbye\n", pw->id);
+		syslog(0, LOG, "%s closed connection without saying goodbye", pw->id);
 
 Out:
 	freePW(pw);
@@ -321,9 +320,8 @@ void
 main(int argc, char **argv)
 {
 	int afd, dfd, lcfd, forceSTA = 0;
-	char adir[40], ldir[40], *remote;
-	char *serve = "tcp!*!5356", *p, aserve[128], net[128];
-	char *S = "secstore";
+	char aserve[128], net[128], adir[40], ldir[40];
+	char *remote, *serve = "tcp!*!5356", *S = "secstore";
 	Ndb *db2;
 
 	setnetmtpt(net, sizeof(net), nil);
@@ -338,10 +336,7 @@ main(int argc, char **argv)
 		S = EARGF(usage());
 		break;
 	case 'x':
-		p = ARGF();
-		if(p == nil)
-			usage();
-		setnetmtpt(net, sizeof(net), p);
+		setnetmtpt(net, sizeof(net), EARGF(usage()));
 		break;
 	case 'v':
 		verbose++;
@@ -374,7 +369,10 @@ main(int argc, char **argv)
 			close(lcfd);
 			break;
 		case 0:
-			// "/lib/ndb/common.radius does not exist" if db set before fork
+			/*
+			 * "/lib/ndb/common.radius does not exist"
+			 * if db set before fork.
+			 */
 			db = ndbopen("/lib/ndb/auth");
 			if(db == 0)
 				syslog(0, LOG, "no /lib/ndb/auth");
@@ -384,7 +382,7 @@ main(int argc, char **argv)
 			db = ndbcat(db, db2);
 			if((dfd = accept(lcfd, ldir)) < 0)
 				exits("can't accept");
-			alarm(30*60*1000); 	// 30 min
+			alarm(30*60*1000);		/* 30 min */
 			remote = remoteIP(ldir);
 			syslog(0, LOG, "secstore from %s", remote);
 			free(remote);
@@ -396,4 +394,3 @@ main(int argc, char **argv)
 		}
 	}
 }
-

sys/src/cmd/auth/secstore/util.c

@@ -9,6 +9,7 @@ void *
 emalloc(ulong n)
 {
 	void *p = malloc(n);
+
 	if(p == nil)
 		sysfatal("emalloc");
 	memset(p, 0, n);
@@ -36,9 +37,9 @@ getpassm(char *prompt)
 {
 	char *p, line[4096];
 	int n, nr;
-	static int cons, consctl;  // closing and reopening fails in ssh environment
+	static int cons, consctl; /* closing & reopening fails in ssh environment */
 
-	if(cons == 0){ // first time
+	if(cons == 0){			/* first time? */
 		cons = open("/dev/cons", ORDWR);
 		if(cons < 0)
 			sysfatal("couldn't open cons");
@@ -70,7 +71,7 @@ getpassm(char *prompt)
 				nr--;
 				p--;
 			}
-		}else if(*p == 21){		/* cntrl-u */
+		}else if(*p == ('u' & 037)){		/* cntrl-u */
 			fprint(cons, "\n%s", prompt);
 			nr = 0;
 			p = line;
@@ -86,19 +87,24 @@ getpassm(char *prompt)
 	}
 }
 
+static char *
+illegal(char *f)
+{
+	syslog(0, LOG, "illegal name: %s", f);
+	return nil;
+}
+
 char *
 validatefile(char *f)
 {
-	char *nl;
+	char *p;
 
-	if(f==nil || *f==0)
+	if(f == nil || *f == '\0')
 		return nil;
-	if(nl = strchr(f, '\n'))
-		*nl = 0;
-	if(strchr(f,'/') != nil || strcmp(f,"..")==0 || strlen(f) >= 300){
-		syslog(0, LOG, "no slashes allowed: %s\n", f);
-		return nil;
-	}
+	if(strcmp(f, "..") == 0 || strlen(f) >= 250)
+		return illegal(f);
+	for(p = f; *p; p++)
+		if(*p < 040 || *p == '/')
+			return illegal(f);
 	return f;
 }
-