diff options
| author | Damien Miller <djm@mindrot.org> | 2004-10-16 18:52:44 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2004-10-16 18:52:44 +1000 |
| commit | daffc6a1152ccebdd6eb70a029e28cc5949110d7 (patch) | |
| tree | c0b2012e29b70aebacb2dba09e49e3c0239c357d /auth-pam.c | |
| parent | dbc2296e2c4af222f079cb400d75797b566caab6 (diff) | |
- (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations
Diffstat (limited to 'auth-pam.c')
| -rw-r--r-- | auth-pam.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/auth-pam.c b/auth-pam.c index 0a6817d63..a1b26cc59 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
| @@ -47,7 +47,7 @@ | |||
| 47 | 47 | ||
| 48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
| 49 | #include "includes.h" | 49 | #include "includes.h" |
| 50 | RCSID("$Id: auth-pam.c,v 1.117 2004/09/11 13:07:03 dtucker Exp $"); | 50 | RCSID("$Id: auth-pam.c,v 1.118 2004/10/16 08:52:44 djm Exp $"); |
| 51 | 51 | ||
| 52 | #ifdef USE_PAM | 52 | #ifdef USE_PAM |
| 53 | #if defined(HAVE_SECURITY_PAM_APPL_H) | 53 | #if defined(HAVE_SECURITY_PAM_APPL_H) |
| @@ -654,7 +654,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
| 654 | size_t plen; | 654 | size_t plen; |
| 655 | u_char type; | 655 | u_char type; |
| 656 | char *msg; | 656 | char *msg; |
| 657 | size_t len; | 657 | size_t len, mlen; |
| 658 | 658 | ||
| 659 | debug3("PAM: %s entering", __func__); | 659 | debug3("PAM: %s entering", __func__); |
| 660 | buffer_init(&buffer); | 660 | buffer_init(&buffer); |
| @@ -667,22 +667,27 @@ sshpam_query(void *ctx, char **name, char **info, | |||
| 667 | while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) { | 667 | while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) { |
| 668 | type = buffer_get_char(&buffer); | 668 | type = buffer_get_char(&buffer); |
| 669 | msg = buffer_get_string(&buffer, NULL); | 669 | msg = buffer_get_string(&buffer, NULL); |
| 670 | mlen = strlen(msg); | ||
| 670 | switch (type) { | 671 | switch (type) { |
| 671 | case PAM_PROMPT_ECHO_ON: | 672 | case PAM_PROMPT_ECHO_ON: |
| 672 | case PAM_PROMPT_ECHO_OFF: | 673 | case PAM_PROMPT_ECHO_OFF: |
| 673 | *num = 1; | 674 | *num = 1; |
| 674 | len = plen + strlen(msg) + 1; | 675 | len = plen + mlen + 1; |
| 675 | **prompts = xrealloc(**prompts, len); | 676 | **prompts = xrealloc(**prompts, len); |
| 676 | plen += snprintf(**prompts + plen, len, "%s", msg); | 677 | strlcpy(**prompts + plen, msg, len - plen); |
| 678 | plen += mlen; | ||
| 677 | **echo_on = (type == PAM_PROMPT_ECHO_ON); | 679 | **echo_on = (type == PAM_PROMPT_ECHO_ON); |
| 678 | xfree(msg); | 680 | xfree(msg); |
| 679 | return (0); | 681 | return (0); |
| 680 | case PAM_ERROR_MSG: | 682 | case PAM_ERROR_MSG: |
| 681 | case PAM_TEXT_INFO: | 683 | case PAM_TEXT_INFO: |
| 682 | /* accumulate messages */ | 684 | /* accumulate messages */ |
| 683 | len = plen + strlen(msg) + 2; | 685 | len = plen + mlen + 2; |
| 684 | **prompts = xrealloc(**prompts, len); | 686 | **prompts = xrealloc(**prompts, len); |
| 685 | plen += snprintf(**prompts + plen, len, "%s\n", msg); | 687 | strlcpy(**prompts + plen, msg, len - plen); |
| 688 | plen += mlen; | ||
| 689 | strlcat(**prompts + plen, "\n", len - plen); | ||
| 690 | plen++; | ||
| 686 | xfree(msg); | 691 | xfree(msg); |
| 687 | break; | 692 | break; |
| 688 | case PAM_SUCCESS: | 693 | case PAM_SUCCESS: |