diff options
| author | Damien Miller <djm@mindrot.org> | 2002-06-26 23:57:59 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-06-26 23:57:59 +1000 |
| commit | 7868202d56f72b5f833b454f0756b301bcf58190 (patch) | |
| tree | f44d6db5740521b1b4ca19a808ade9e27ebeba38 | |
| parent | d4b11d62e9de29bbadd09c26c2d2a4d05fb56305 (diff) | |
- (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | auth2-pam.c | 11 |
2 files changed, 12 insertions, 2 deletions
@@ -59,6 +59,7 @@ - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai <nalin@redhat.com> - (djm) Update spec files for release + - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS 20020625 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh @@ -1158,4 +1159,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2298 2002/06/26 13:57:12 djm Exp $ +$Id: ChangeLog,v 1.2299 2002/06/26 13:57:59 djm Exp $ diff --git a/auth2-pam.c b/auth2-pam.c index dd29ebd4..99aedeae 100644 --- a/auth2-pam.c +++ b/auth2-pam.c @@ -1,5 +1,5 @@ #include "includes.h" -RCSID("$Id: auth2-pam.c,v 1.12 2002/01/22 12:43:13 djm Exp $"); +RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $"); #ifdef USE_PAM #include <security/pam_appl.h> @@ -140,6 +140,15 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) nresp = packet_get_int(); /* Number of responses. */ debug("got %d responses", nresp); + + if (nresp != context_pam2.num_expected) + fatal("%s: Received incorrect number of responses " + "(expected %u, received %u)", __func__, nresp, + context_pam2.num_expected); + + if (nresp > 100) + fatal("%s: too many replies", __func__); + for (i = 0; i < nresp; i++) { int j = context_pam2.prompts[i]; |