- djm@cvs.openbsd.org 2006/03/25 00:05:41

     [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@

1 files changed, 3 insertions, 7 deletions

diff --git a/monitor_wrap.c b/monitor_wrap.c
index e5a65491d..cd340360a 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -859,8 +859,8 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
         *name = xstrdup("");
         *infotxt = xstrdup("");
         *numprompts = 1;
-        *prompts = xmalloc(*numprompts * sizeof(char *));
-        *echo_on = xmalloc(*numprompts * sizeof(u_int));
+        *prompts = xcalloc(*numprompts, sizeof(char *));
+        *echo_on = xcalloc(*numprompts, sizeof(u_int));
         (*echo_on)[0] = 0;
 }
 
@@ -953,11 +953,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
 
         mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
 
-        len = strlen(challenge) + strlen(SKEY_PROMPT) + 1;
-        p = xmalloc(len);
-        strlcpy(p, challenge, len);
-        strlcat(p, SKEY_PROMPT, len);
-        (*prompts)[0] = p;
+        xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
         xfree(challenge);
 
         return (0);