2 files changed, 7 insertions, 8 deletions

diff --git a/ChangeLog b/ChangeLog
index c099443d..06693071 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@
      channel_print_adm_permitted_opens() should deal with all the printing
      for that config option.  suggested by markus@; ok markus@ djm@
      dtucker@
+   - djm@cvs.openbsd.org 2008/12/09 04:32:22
+     [auth2-chall.c]
+     replace by-hand string building with xasprinf(); ok deraadt@
 
 20090107
  - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X.
@@ -5014,5 +5017,5 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.5161 2009/01/28 05:13:04 djm Exp $
+$Id: ChangeLog,v 1.5162 2009/01/28 05:13:39 djm Exp $
 
diff --git a/auth2-chall.c b/auth2-chall.c
index d816578c..e6dbffe2 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.33 2007/09/21 08:15:29 djm Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.34 2008/12/09 04:32:22 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2001 Per Allansson.  All rights reserved.
@@ -281,7 +281,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
 	KbdintAuthctxt *kbdintctxt;
-	int authenticated = 0, res, len;
+	int authenticated = 0, res;
 	u_int i, nresp;
 	char **response = NULL, *method;
 
@@ -330,11 +330,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 		break;
 	}
 
-	len = strlen("keyboard-interactive") + 2 +
-		strlen(kbdintctxt->device->name);
-	method = xmalloc(len);
-	snprintf(method, len, "keyboard-interactive/%s",
-	    kbdintctxt->device->name);
+	xasprintf(&method, "keyboard-interactive/%s", kbdintctxt->device->name);
 
 	if (!authctxt->postponed) {
 		if (authenticated) {