diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-12-06 05:06:21 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2017-12-07 11:49:00 +1100 |
| commit | e0ce54c0b9ca3a9388f9c50f4fa6cc25c28a3240 (patch) | |
| tree | dc050c73ba55355692bf71d517285b756cee9e7c /sshconnect.c | |
| parent | 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0 (diff) | |
upstream commit
don't accept junk after "yes" or "no" responses to
hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@
OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c
Diffstat (limited to 'sshconnect.c')
| -rw-r--r-- | sshconnect.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/sshconnect.c b/sshconnect.c index e29b069c9..44977707d 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect.c,v 1.288 2017/11/25 06:46:22 dtucker Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.289 2017/12/06 05:06:21 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -631,11 +631,12 @@ confirm(const char *prompt) | |||
| 631 | return 0; | 631 | return 0; |
| 632 | for (msg = prompt;;msg = again) { | 632 | for (msg = prompt;;msg = again) { |
| 633 | p = read_passphrase(msg, RP_ECHO); | 633 | p = read_passphrase(msg, RP_ECHO); |
| 634 | if (p == NULL || | 634 | if (p == NULL) |
| 635 | (p[0] == '\0') || (p[0] == '\n') || | 635 | return 0; |
| 636 | strncasecmp(p, "no", 2) == 0) | 636 | p[strcspn(p, "\n")] = '\0'; |
| 637 | if (p[0] == '\0' || strcasecmp(p, "no") == 0) | ||
| 637 | ret = 0; | 638 | ret = 0; |
| 638 | if (p && strncasecmp(p, "yes", 3) == 0) | 639 | else if (strcasecmp(p, "yes") == 0) |
| 639 | ret = 1; | 640 | ret = 1; |
| 640 | free(p); | 641 | free(p); |
| 641 | if (ret != -1) | 642 | if (ret != -1) |