diff options
| author | Damien Miller <djm@mindrot.org> | 2004-10-16 18:52:44 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2004-10-16 18:52:44 +1000 |
| commit | daffc6a1152ccebdd6eb70a029e28cc5949110d7 (patch) | |
| tree | c0b2012e29b70aebacb2dba09e49e3c0239c357d | |
| parent | dbc2296e2c4af222f079cb400d75797b566caab6 (diff) | |
- (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | auth-pam.c | 17 |
2 files changed, 15 insertions, 7 deletions
@@ -1,3 +1,6 @@ +20041016 + - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations + 20041006 - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode and other PAM platforms. @@ -1763,4 +1766,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3558 2004/10/06 13:15:44 dtucker Exp $ +$Id: ChangeLog,v 1.3559 2004/10/16 08:52:44 djm Exp $ @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.117 2004/09/11 13:07:03 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.118 2004/10/16 08:52:44 djm Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -654,7 +654,7 @@ sshpam_query(void *ctx, char **name, char **info, size_t plen; u_char type; char *msg; - size_t len; + size_t len, mlen; debug3("PAM: %s entering", __func__); buffer_init(&buffer); @@ -667,22 +667,27 @@ sshpam_query(void *ctx, char **name, char **info, while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) { type = buffer_get_char(&buffer); msg = buffer_get_string(&buffer, NULL); + mlen = strlen(msg); switch (type) { case PAM_PROMPT_ECHO_ON: case PAM_PROMPT_ECHO_OFF: *num = 1; - len = plen + strlen(msg) + 1; + len = plen + mlen + 1; **prompts = xrealloc(**prompts, len); - plen += snprintf(**prompts + plen, len, "%s", msg); + strlcpy(**prompts + plen, msg, len - plen); + plen += mlen; **echo_on = (type == PAM_PROMPT_ECHO_ON); xfree(msg); return (0); case PAM_ERROR_MSG: case PAM_TEXT_INFO: /* accumulate messages */ - len = plen + strlen(msg) + 2; + len = plen + mlen + 2; **prompts = xrealloc(**prompts, len); - plen += snprintf(**prompts + plen, len, "%s\n", msg); + strlcpy(**prompts + plen, msg, len - plen); + plen += mlen; + strlcat(**prompts + plen, "\n", len - plen); + plen++; xfree(msg); break; case PAM_SUCCESS: |