Fix some buffer handling inconsistencies in ssh-vulnkey (thanks, Solar

Designer).

2 files changed, 4 insertions, 3 deletions

diff --git a/authfile.c b/authfile.c
index 9ab90e3c8..cffea2a6c 100644
--- a/authfile.c
+++ b/authfile.c
@@ -719,13 +719,13 @@ blacklisted_key_in_file(const Key *key, const char *blacklist_file)
                 ssize_t r;
                 char *newline;
 
-                r = atomicio(read, fd, buf, 256);
+                r = atomicio(read, fd, buf, sizeof(buf));
                 if (r <= 0)
                         goto out;
                 if (buf[0] != '#')
                         break;
 
-                newline = memchr(buf, '\n', 256);
+                newline = memchr(buf, '\n', sizeof(buf));
                 if (!newline)
                         goto out;
                 start += newline + 1 - buf;
@@ -741,7 +741,6 @@ blacklisted_key_in_file(const Key *key, const char *blacklist_file)
 
         while (lower != upper) {
                 off_t cur;
-                char buf[32];
                 int cmp;
 
                 cur = lower + (upper - lower) / 2;
diff --git a/debian/changelog b/debian/changelog
index 702d53154..6dafdad96 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -50,6 +50,8 @@ openssh (1:4.7p1-11) UNRELEASED; urgency=low
     - In verbose mode, output the name of each file examined.
   * Handle leading IP addresses in ssh-vulnkey input (LP: #230497).
   * Allow building with heimdal-dev (LP: #125805).
+  * Fix some buffer handling inconsistencies in ssh-vulnkey (thanks, Solar
+    Designer).
 
  -- Colin Watson <cjwatson@debian.org>  Sat, 17 May 2008 08:48:45 +0200