From a9825785e864fa795d4b39d99d14bc6f9995a7dc Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 18 May 2003 20:53:10 +1000 Subject: - itojun@cvs.openbsd.org 2003/05/17 03:25:58 [auth-rhosts.c] just in case, put numbers to sscanf %s arg. --- ChangeLog | 5 ++++- auth-rhosts.c | 5 +++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 126f497a..0e5bb37e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ [readconf.c ssh_config ssh_config.5 ssh-keysign.c] add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@ + - itojun@cvs.openbsd.org 2003/05/17 03:25:58 + [auth-rhosts.c] + just in case, put numbers to sscanf %s arg. - (djm) Remove IPv4 by default hack now that we can specify AF in config 20030517 @@ -1562,4 +1565,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2734 2003/05/18 10:52:40 djm Exp $ +$Id: ChangeLog,v 1.2735 2003/05/18 10:53:10 djm Exp $ diff --git a/auth-rhosts.c b/auth-rhosts.c index de2cb67f..a3847810 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.29 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.30 2003/05/17 03:25:58 itojun Exp $"); #include "packet.h" #include "uidswap.h" @@ -68,7 +68,8 @@ check_rhosts_file(const char *filename, const char *hostname, * This should be safe because each buffer is as big as the * whole string, and thus cannot be overwritten. */ - switch (sscanf(buf, "%s %s %s", hostbuf, userbuf, dummy)) { + switch (sscanf(buf, "%1023s %1023s %1023s", hostbuf, userbuf, + dummy)) { case 0: auth_debug_add("Found empty line in %.100s.", filename); continue; -- cgit v1.2.3