diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | auth-pam.c | 13 |
2 files changed, 12 insertions, 6 deletions
| @@ -1,3 +1,6 @@ | |||
| 1 | 20030730 | ||
| 2 | - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal | ||
| 3 | |||
| 1 | 20030726 | 4 | 20030726 |
| 2 | - (dtucker) [openbsd-compat/xcrypt.c] Fix typo: DISABLED_SHADOW -> | 5 | - (dtucker) [openbsd-compat/xcrypt.c] Fix typo: DISABLED_SHADOW -> |
| 3 | DISABLE_SHADOW. Fixes HP-UX compile error. | 6 | DISABLE_SHADOW. Fixes HP-UX compile error. |
| @@ -732,4 +735,4 @@ | |||
| 732 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 735 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
| 733 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 736 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
| 734 | 737 | ||
| 735 | $Id: ChangeLog,v 1.2866 2003/07/26 09:38:30 dtucker Exp $ | 738 | $Id: ChangeLog,v 1.2867 2003/07/30 04:53:11 djm Exp $ |
diff --git a/auth-pam.c b/auth-pam.c index 057164ad3..9ca18e77e 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
| @@ -31,7 +31,7 @@ | |||
| 31 | 31 | ||
| 32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
| 33 | #include "includes.h" | 33 | #include "includes.h" |
| 34 | RCSID("$Id: auth-pam.c,v 1.64 2003/06/03 00:25:48 djm Exp $"); | 34 | RCSID("$Id: auth-pam.c,v 1.65 2003/07/30 04:53:11 djm Exp $"); |
| 35 | 35 | ||
| 36 | #ifdef USE_PAM | 36 | #ifdef USE_PAM |
| 37 | #include <security/pam_appl.h> | 37 | #include <security/pam_appl.h> |
| @@ -373,6 +373,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
| 373 | size_t plen; | 373 | size_t plen; |
| 374 | u_char type; | 374 | u_char type; |
| 375 | char *msg; | 375 | char *msg; |
| 376 | size_t len; | ||
| 376 | 377 | ||
| 377 | buffer_init(&buffer); | 378 | buffer_init(&buffer); |
| 378 | *name = xstrdup(""); | 379 | *name = xstrdup(""); |
| @@ -388,16 +389,18 @@ sshpam_query(void *ctx, char **name, char **info, | |||
| 388 | case PAM_PROMPT_ECHO_ON: | 389 | case PAM_PROMPT_ECHO_ON: |
| 389 | case PAM_PROMPT_ECHO_OFF: | 390 | case PAM_PROMPT_ECHO_OFF: |
| 390 | *num = 1; | 391 | *num = 1; |
| 391 | **prompts = xrealloc(**prompts, plen + strlen(msg) + 1); | 392 | len = plen + strlen(msg) + 1; |
| 392 | plen += sprintf(**prompts + plen, "%s", msg); | 393 | **prompts = xrealloc(**prompts, len); |
| 394 | plen += snprintf(**prompts + plen, len, "%s", msg); | ||
| 393 | **echo_on = (type == PAM_PROMPT_ECHO_ON); | 395 | **echo_on = (type == PAM_PROMPT_ECHO_ON); |
| 394 | xfree(msg); | 396 | xfree(msg); |
| 395 | return (0); | 397 | return (0); |
| 396 | case PAM_ERROR_MSG: | 398 | case PAM_ERROR_MSG: |
| 397 | case PAM_TEXT_INFO: | 399 | case PAM_TEXT_INFO: |
| 398 | /* accumulate messages */ | 400 | /* accumulate messages */ |
| 399 | **prompts = xrealloc(**prompts, plen + strlen(msg) + 1); | 401 | len = plen + strlen(msg) + 1; |
| 400 | plen += sprintf(**prompts + plen, "%s", msg); | 402 | **prompts = xrealloc(**prompts, len); |
| 403 | plen += snprintf(**prompts + plen, len, "%s", msg); | ||
| 401 | xfree(msg); | 404 | xfree(msg); |
| 402 | break; | 405 | break; |
| 403 | case PAM_NEW_AUTHTOK_REQD: | 406 | case PAM_NEW_AUTHTOK_REQD: |