summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2008-05-26 09:42:02 +0000
committerColin Watson <cjwatson@debian.org>2008-05-26 09:42:02 +0000
commit38f3f889e7a7180d25036e41d5454d5cbf0dbe91 (patch)
treee159ada56899a01b10ce2d012b0f682e069f70f4
parent086170cb0ab5c16d8bc17aff3f7abb7556794757 (diff)
Use xasprintf to build user key file names in ssh-vulnkey, avoiding
truncation problems (thanks, Solar Designer).
-rw-r--r--debian/changelog2
-rw-r--r--ssh-vulnkey.c11
2 files changed, 9 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog
index 6dafdad96..6023c99df 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -52,6 +52,8 @@ openssh (1:4.7p1-11) UNRELEASED; urgency=low
52 * Allow building with heimdal-dev (LP: #125805). 52 * Allow building with heimdal-dev (LP: #125805).
53 * Fix some buffer handling inconsistencies in ssh-vulnkey (thanks, Solar 53 * Fix some buffer handling inconsistencies in ssh-vulnkey (thanks, Solar
54 Designer). 54 Designer).
55 * Use xasprintf to build user key file names in ssh-vulnkey, avoiding
56 truncation problems (thanks, Solar Designer).
55 57
56 -- Colin Watson <cjwatson@debian.org> Sat, 17 May 2008 08:48:45 +0200 58 -- Colin Watson <cjwatson@debian.org> Sat, 17 May 2008 08:48:45 +0200
57 59
diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c
index 467bef091..8e1f11f79 100644
--- a/ssh-vulnkey.c
+++ b/ssh-vulnkey.c
@@ -266,16 +266,19 @@ int
266do_user(const char *dir) 266do_user(const char *dir)
267{ 267{
268 int i; 268 int i;
269 char buf[MAXPATHLEN]; 269 char *file;
270 struct stat st; 270 struct stat st;
271 int ret = 1; 271 int ret = 1;
272 272
273 for (i = 0; default_files[i]; i++) { 273 for (i = 0; default_files[i]; i++) {
274 snprintf(buf, sizeof(buf), "%s/%s", dir, default_files[i]); 274 xasprintf(&file, "%s/%s", dir, default_files[i]);
275 if (stat(buf, &st) < 0 && errno == ENOENT) 275 if (stat(file, &st) < 0 && errno == ENOENT) {
276 xfree(file);
276 continue; 277 continue;
277 if (!do_filename(buf, 0)) 278 }
279 if (!do_filename(file, 0))
278 ret = 0; 280 ret = 0;
281 xfree(file);
279 } 282 }
280 283
281 return ret; 284 return ret;