diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | auth2-pam.c | 11 |
2 files changed, 12 insertions, 2 deletions
@@ -59,6 +59,7 @@ | |||
59 | - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai | 59 | - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai |
60 | <nalin@redhat.com> | 60 | <nalin@redhat.com> |
61 | - (djm) Update spec files for release | 61 | - (djm) Update spec files for release |
62 | - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS | ||
62 | 63 | ||
63 | 20020625 | 64 | 20020625 |
64 | - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh | 65 | - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh |
@@ -1158,4 +1159,4 @@ | |||
1158 | - (stevesk) entropy.c: typo in debug message | 1159 | - (stevesk) entropy.c: typo in debug message |
1159 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 1160 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
1160 | 1161 | ||
1161 | $Id: ChangeLog,v 1.2298 2002/06/26 13:57:12 djm Exp $ | 1162 | $Id: ChangeLog,v 1.2299 2002/06/26 13:57:59 djm Exp $ |
diff --git a/auth2-pam.c b/auth2-pam.c index dd29ebd48..99aedeaeb 100644 --- a/auth2-pam.c +++ b/auth2-pam.c | |||
@@ -1,5 +1,5 @@ | |||
1 | #include "includes.h" | 1 | #include "includes.h" |
2 | RCSID("$Id: auth2-pam.c,v 1.12 2002/01/22 12:43:13 djm Exp $"); | 2 | RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $"); |
3 | 3 | ||
4 | #ifdef USE_PAM | 4 | #ifdef USE_PAM |
5 | #include <security/pam_appl.h> | 5 | #include <security/pam_appl.h> |
@@ -140,6 +140,15 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) | |||
140 | nresp = packet_get_int(); /* Number of responses. */ | 140 | nresp = packet_get_int(); /* Number of responses. */ |
141 | debug("got %d responses", nresp); | 141 | debug("got %d responses", nresp); |
142 | 142 | ||
143 | |||
144 | if (nresp != context_pam2.num_expected) | ||
145 | fatal("%s: Received incorrect number of responses " | ||
146 | "(expected %u, received %u)", __func__, nresp, | ||
147 | context_pam2.num_expected); | ||
148 | |||
149 | if (nresp > 100) | ||
150 | fatal("%s: too many replies", __func__); | ||
151 | |||
143 | for (i = 0; i < nresp; i++) { | 152 | for (i = 0; i < nresp; i++) { |
144 | int j = context_pam2.prompts[i]; | 153 | int j = context_pam2.prompts[i]; |
145 | 154 | ||