diff options
author | Damien Miller <djm@mindrot.org> | 2004-10-16 18:52:44 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2004-10-16 18:52:44 +1000 |
commit | daffc6a1152ccebdd6eb70a029e28cc5949110d7 (patch) | |
tree | c0b2012e29b70aebacb2dba09e49e3c0239c357d | |
parent | dbc2296e2c4af222f079cb400d75797b566caab6 (diff) |
- (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | auth-pam.c | 17 |
2 files changed, 15 insertions, 7 deletions
@@ -1,3 +1,6 @@ | |||
1 | 20041016 | ||
2 | - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations | ||
3 | |||
1 | 20041006 | 4 | 20041006 |
2 | - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode | 5 | - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode |
3 | and other PAM platforms. | 6 | and other PAM platforms. |
@@ -1763,4 +1766,4 @@ | |||
1763 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1766 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
1764 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1767 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
1765 | 1768 | ||
1766 | $Id: ChangeLog,v 1.3558 2004/10/06 13:15:44 dtucker Exp $ | 1769 | $Id: ChangeLog,v 1.3559 2004/10/16 08:52:44 djm Exp $ |
diff --git a/auth-pam.c b/auth-pam.c index 0a6817d63..a1b26cc59 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -47,7 +47,7 @@ | |||
47 | 47 | ||
48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
49 | #include "includes.h" | 49 | #include "includes.h" |
50 | RCSID("$Id: auth-pam.c,v 1.117 2004/09/11 13:07:03 dtucker Exp $"); | 50 | RCSID("$Id: auth-pam.c,v 1.118 2004/10/16 08:52:44 djm Exp $"); |
51 | 51 | ||
52 | #ifdef USE_PAM | 52 | #ifdef USE_PAM |
53 | #if defined(HAVE_SECURITY_PAM_APPL_H) | 53 | #if defined(HAVE_SECURITY_PAM_APPL_H) |
@@ -654,7 +654,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
654 | size_t plen; | 654 | size_t plen; |
655 | u_char type; | 655 | u_char type; |
656 | char *msg; | 656 | char *msg; |
657 | size_t len; | 657 | size_t len, mlen; |
658 | 658 | ||
659 | debug3("PAM: %s entering", __func__); | 659 | debug3("PAM: %s entering", __func__); |
660 | buffer_init(&buffer); | 660 | buffer_init(&buffer); |
@@ -667,22 +667,27 @@ sshpam_query(void *ctx, char **name, char **info, | |||
667 | while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) { | 667 | while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) { |
668 | type = buffer_get_char(&buffer); | 668 | type = buffer_get_char(&buffer); |
669 | msg = buffer_get_string(&buffer, NULL); | 669 | msg = buffer_get_string(&buffer, NULL); |
670 | mlen = strlen(msg); | ||
670 | switch (type) { | 671 | switch (type) { |
671 | case PAM_PROMPT_ECHO_ON: | 672 | case PAM_PROMPT_ECHO_ON: |
672 | case PAM_PROMPT_ECHO_OFF: | 673 | case PAM_PROMPT_ECHO_OFF: |
673 | *num = 1; | 674 | *num = 1; |
674 | len = plen + strlen(msg) + 1; | 675 | len = plen + mlen + 1; |
675 | **prompts = xrealloc(**prompts, len); | 676 | **prompts = xrealloc(**prompts, len); |
676 | plen += snprintf(**prompts + plen, len, "%s", msg); | 677 | strlcpy(**prompts + plen, msg, len - plen); |
678 | plen += mlen; | ||
677 | **echo_on = (type == PAM_PROMPT_ECHO_ON); | 679 | **echo_on = (type == PAM_PROMPT_ECHO_ON); |
678 | xfree(msg); | 680 | xfree(msg); |
679 | return (0); | 681 | return (0); |
680 | case PAM_ERROR_MSG: | 682 | case PAM_ERROR_MSG: |
681 | case PAM_TEXT_INFO: | 683 | case PAM_TEXT_INFO: |
682 | /* accumulate messages */ | 684 | /* accumulate messages */ |
683 | len = plen + strlen(msg) + 2; | 685 | len = plen + mlen + 2; |
684 | **prompts = xrealloc(**prompts, len); | 686 | **prompts = xrealloc(**prompts, len); |
685 | plen += snprintf(**prompts + plen, len, "%s\n", msg); | 687 | strlcpy(**prompts + plen, msg, len - plen); |
688 | plen += mlen; | ||
689 | strlcat(**prompts + plen, "\n", len - plen); | ||
690 | plen++; | ||
686 | xfree(msg); | 691 | xfree(msg); |
687 | break; | 692 | break; |
688 | case PAM_SUCCESS: | 693 | case PAM_SUCCESS: |