- Merged more OpenBSD changes:

   - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
     move atomicio into it's own file.  wrap all socket write()s which
     were doing write(sock, buf, len) != len, with atomicio() calls.
   - [auth-skey.c]
     fd leak
   - [authfile.c]
     properly name fd variable
   - [channels.c]
     display great hatred towards strcpy
   - [pty.c pty.h sshd.c]
     use openpty() if it exists (it does on BSD4_4)
   - [tildexpand.c]
     check for ~ expansion past MAXPATHLEN
 - Modified helper.c to use new atomicio function.
 - Reformat Makefile a little
 - Moved RC4 routines from rc4.[ch] into helper.c
 - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)

1 files changed, 7 insertions, 3 deletions

diff --git a/tildexpand.c b/tildexpand.c
index 8ee551f1..f615362f 100644
--- a/tildexpand.c
+++ b/tildexpand.c
@@ -6,7 +6,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: tildexpand.c,v 1.3 1999/11/25 00:54:59 damien Exp $");
+RCSID("$Id: tildexpand.c,v 1.4 1999/12/07 04:38:32 damien Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -23,6 +23,7 @@ tilde_expand_filename(const char *filename, uid_t my_uid)
 	char *expanded;
 	struct passwd *pw;
 	char user[100];
+	int len;
 
 	/* Return immediately if no tilde. */
 	if (filename[0] != '~')
@@ -56,7 +57,10 @@ tilde_expand_filename(const char *filename, uid_t my_uid)
 		return xstrdup(pw->pw_dir);
 	}
 	/* Build a path combining the specified directory and path. */
-	expanded = xmalloc(strlen(pw->pw_dir) + strlen(cp + 1) + 2);
-	sprintf(expanded, "%s/%s", pw->pw_dir, cp + 1);
+	len = strlen(pw->pw_dir) + strlen(cp + 1) + 2;
+	if (len > MAXPATHLEN)
+		fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1);
+	expanded = xmalloc(len);
+	snprintf(expanded, len, "%s/%s", pw->pw_dir, cp + 1);
 	return expanded;
 }