diff options
-rw-r--r-- | ChangeLog | 11 | ||||
-rw-r--r-- | channels.c | 10 |
2 files changed, 15 insertions, 6 deletions
@@ -46,7 +46,14 @@ | |||
46 | - markus@cvs.openbsd.org 2001/02/09 13:38:07 | 46 | - markus@cvs.openbsd.org 2001/02/09 13:38:07 |
47 | [auth-options.c] | 47 | [auth-options.c] |
48 | reset options if no option is given; from han.holl@prismant.nl | 48 | reset options if no option is given; from han.holl@prismant.nl |
49 | instead of '0' (from the OpenBSD tree) | 49 | - markus@cvs.openbsd.org 2001/02/08 21:58:28 |
50 | [channels.c] | ||
51 | nuke sprintf, ok deraadt@ | ||
52 | - markus@cvs.openbsd.org 2001/02/08 21:58:28 | ||
53 | [channels.c] | ||
54 | nuke sprintf, ok deraadt@ | ||
55 | - (bal) fixed sftp-client.c. Return 'status' instead of '0' | ||
56 | (from the OpenBSD tree) | ||
50 | - (bal) Synced ssh.1 and sshd.8 w/ OpenBSD | 57 | - (bal) Synced ssh.1 and sshd.8 w/ OpenBSD |
51 | 58 | ||
52 | 20010210 | 59 | 20010210 |
@@ -3831,4 +3838,4 @@ | |||
3831 | - Wrote replacements for strlcpy and mkdtemp | 3838 | - Wrote replacements for strlcpy and mkdtemp |
3832 | - Released 1.0pre1 | 3839 | - Released 1.0pre1 |
3833 | 3840 | ||
3834 | $Id: ChangeLog,v 1.725 2001/02/10 22:27:19 mouring Exp $ | 3841 | $Id: ChangeLog,v 1.726 2001/02/10 22:33:19 mouring Exp $ |
diff --git a/channels.c b/channels.c index 354160e8f..a079fc24d 100644 --- a/channels.c +++ b/channels.c | |||
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: channels.c,v 1.89 2001/02/04 15:32:23 stevesk Exp $"); | 43 | RCSID("$OpenBSD: channels.c,v 1.90 2001/02/08 21:58:28 markus Exp $"); |
44 | 44 | ||
45 | #include <openssl/rsa.h> | 45 | #include <openssl/rsa.h> |
46 | #include <openssl/dsa.h> | 46 | #include <openssl/dsa.h> |
@@ -2227,7 +2227,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, | |||
2227 | const char *proto, const char *data) | 2227 | const char *proto, const char *data) |
2228 | { | 2228 | { |
2229 | u_int data_len = (u_int) strlen(data) / 2; | 2229 | u_int data_len = (u_int) strlen(data) / 2; |
2230 | u_int i, value; | 2230 | u_int i, value, len; |
2231 | char *new_data; | 2231 | char *new_data; |
2232 | int screen_number; | 2232 | int screen_number; |
2233 | const char *cp; | 2233 | const char *cp; |
@@ -2265,9 +2265,11 @@ x11_request_forwarding_with_spoofing(int client_session_id, | |||
2265 | x11_fake_data_len = data_len; | 2265 | x11_fake_data_len = data_len; |
2266 | 2266 | ||
2267 | /* Convert the fake data into hex. */ | 2267 | /* Convert the fake data into hex. */ |
2268 | new_data = xmalloc(2 * data_len + 1); | 2268 | len = 2 * data_len + 1; |
2269 | new_data = xmalloc(len); | ||
2269 | for (i = 0; i < data_len; i++) | 2270 | for (i = 0; i < data_len; i++) |
2270 | sprintf(new_data + 2 * i, "%02x", (u_char) x11_fake_data[i]); | 2271 | snprintf(new_data + 2 * i, len - 2 * i, |
2272 | "%02x", (u_char) x11_fake_data[i]); | ||
2271 | 2273 | ||
2272 | /* Send the request packet. */ | 2274 | /* Send the request packet. */ |
2273 | if (compat20) { | 2275 | if (compat20) { |