4 files changed, 14 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index 6a200586a..b9a85da00 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -41,6 +41,10 @@
     [sshpty.c]
     sort #include
     NB. RCS ID sync only
+   - gilles@cvs.openbsd.org 2007/09/11 15:47:17
+     [session.c ssh-keygen.c sshlogin.c]
+     use strcspn to properly overwrite '\n' in fgets returned buffer
+     ok pyr@, ray@, millert@, moritz@, chl@
 20070914
 - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
@@ -3238,4 +3242,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4751 2007/09/17 06:07:32 djm Exp $
+$Id: ChangeLog,v 1.4752 2007/09/17 06:09:15 djm Exp $
diff --git a/session.c b/session.c
index c19c2ac5a..2b0580b45 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.223 2007/08/23 02:55:51 djm Exp $ */
+/* $OpenBSD: session.c,v 1.224 2007/09/11 15:47:17 gilles Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -897,8 +897,9 @@ read_environment_file(char ***env, u_int *envsize,
                        ;
                if (!*cp || *cp == '#' || *cp == '\n')
                        continue;
-                if (strchr(cp, '\n'))
-                        *strchr(cp, '\n') = '\0';
+                cp[strcspn(cp, "\n")] = '\0';
                value = strchr(cp, '=');
                if (value == NULL) {
                        fprintf(stderr, "Bad line %u in %.100s\n", lineno,
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 95b0ac850..2b2399c50 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.161 2007/09/09 11:38:01 sobrado Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.162 2007/09/11 15:47:17 gilles Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -141,8 +141,7 @@ ask_filename(struct passwd *pw, const char *prompt)
        fprintf(stderr, "%s (%s): ", prompt, identity_file);
        if (fgets(buf, sizeof(buf), stdin) == NULL)
                exit(1);
-        if (strchr(buf, '\n'))
+        buf[strcspn(buf, "\n")] = '\0';
-                *strchr(buf, '\n') = 0;
        if (strcmp(buf, "") != 0)
                strlcpy(identity_file, buf, sizeof(identity_file));
        have_identity = 1;
@@ -962,8 +961,7 @@ do_change_comment(struct passwd *pw)
                        key_free(private);
                        exit(1);
                }
-                if (strchr(new_comment, '\n'))
+                new_comment[strcspn(new_comment, "\n")] = '\0';
-                        *strchr(new_comment, '\n') = 0;
        }
        /* Save the file using the new passphrase. */
diff --git a/sshlogin.c b/sshlogin.c
index 0059ff8d0..cc35d6024 100644
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshlogin.c,v 1.25 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sshlogin.c,v 1.26 2007/09/11 15:47:17 gilles Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -98,8 +98,7 @@ store_lastlog_message(const char *user, uid_t uid)
        if (last_login_time != 0) {
                time_string = ctime(&last_login_time);
-                if (strchr(time_string, '\n'))
+                time_string[strcspn(time_string, "\n")] = '\0';
-                    *strchr(time_string, '\n') = '\0';
                if (strcmp(hostname, "") == 0)
                        snprintf(buf, sizeof(buf), "Last login: %s\r\n",
                            time_string);

diff --git a/ChangeLog b/ChangeLog index 6a200586a..b9a85da00 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -41,6 +41,10 @@
41	[sshpty.c]	41	[sshpty.c]
42	sort #include	42	sort #include
43	NB. RCS ID sync only	43	NB. RCS ID sync only
		44	- gilles@cvs.openbsd.org 2007/09/11 15:47:17
		45	[session.c ssh-keygen.c sshlogin.c]
		46	use strcspn to properly overwrite '\n' in fgets returned buffer
		47	ok pyr@, ray@, millert@, moritz@, chl@
44		48
45	20070914	49	20070914
46	- (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.	50	- (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
@@ -3238,4 +3242,4 @@
3238	OpenServer 6 and add osr5bigcrypt support so when someone migrates	3242	OpenServer 6 and add osr5bigcrypt support so when someone migrates
3239	passwords between UnixWare and OpenServer they will still work. OK dtucker@	3243	passwords between UnixWare and OpenServer they will still work. OK dtucker@
3240		3244
3241	$Id: ChangeLog,v 1.4751 2007/09/17 06:07:32 djm Exp $	3245	$Id: ChangeLog,v 1.4752 2007/09/17 06:09:15 djm Exp $


diff --git a/session.c b/session.c index c19c2ac5a..2b0580b45 100644 --- a/session.c +++ b/session.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: session.c,v 1.223 2007/08/23 02:55:51 djm Exp $ */	1	/* $OpenBSD: session.c,v 1.224 2007/09/11 15:47:17 gilles Exp $ */
2	/*	2	/*
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4	* All rights reserved	4	* All rights reserved
@@ -897,8 +897,9 @@ read_environment_file(char **env, u_int envsize,
897	;	897	;
898	if (!cp \|\| cp == '#' \|\| *cp == '\n')	898	if (!cp \|\| cp == '#' \|\| *cp == '\n')
899	continue;	899	continue;
900	if (strchr(cp, '\n'))	900
901	*strchr(cp, '\n') = '\0';	901	cp[strcspn(cp, "\n")] = '\0';
		902
902	value = strchr(cp, '=');	903	value = strchr(cp, '=');
903	if (value == NULL) {	904	if (value == NULL) {
904	fprintf(stderr, "Bad line %u in %.100s\n", lineno,	905	fprintf(stderr, "Bad line %u in %.100s\n", lineno,


diff --git a/ssh-keygen.c b/ssh-keygen.c index 95b0ac850..2b2399c50 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-keygen.c,v 1.161 2007/09/09 11:38:01 sobrado Exp $ */	1	/* $OpenBSD: ssh-keygen.c,v 1.162 2007/09/11 15:47:17 gilles Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -141,8 +141,7 @@ ask_filename(struct passwd pw, const char prompt)
141	fprintf(stderr, "%s (%s): ", prompt, identity_file);	141	fprintf(stderr, "%s (%s): ", prompt, identity_file);
142	if (fgets(buf, sizeof(buf), stdin) == NULL)	142	if (fgets(buf, sizeof(buf), stdin) == NULL)
143	exit(1);	143	exit(1);
144	if (strchr(buf, '\n'))	144	buf[strcspn(buf, "\n")] = '\0';
145	*strchr(buf, '\n') = 0;
146	if (strcmp(buf, "") != 0)	145	if (strcmp(buf, "") != 0)
147	strlcpy(identity_file, buf, sizeof(identity_file));	146	strlcpy(identity_file, buf, sizeof(identity_file));
148	have_identity = 1;	147	have_identity = 1;
@@ -962,8 +961,7 @@ do_change_comment(struct passwd *pw)
962	key_free(private);	961	key_free(private);
963	exit(1);	962	exit(1);
964	}	963	}
965	if (strchr(new_comment, '\n'))	964	new_comment[strcspn(new_comment, "\n")] = '\0';
966	*strchr(new_comment, '\n') = 0;
967	}	965	}
968		966
969	/* Save the file using the new passphrase. */	967	/* Save the file using the new passphrase. */


diff --git a/sshlogin.c b/sshlogin.c index 0059ff8d0..cc35d6024 100644 --- a/sshlogin.c +++ b/sshlogin.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshlogin.c,v 1.25 2006/08/03 03:34:42 deraadt Exp $ */	1	/* $OpenBSD: sshlogin.c,v 1.26 2007/09/11 15:47:17 gilles Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -98,8 +98,7 @@ store_lastlog_message(const char *user, uid_t uid)
98		98
99	if (last_login_time != 0) {	99	if (last_login_time != 0) {
100	time_string = ctime(&last_login_time);	100	time_string = ctime(&last_login_time);
101	if (strchr(time_string, '\n'))	101	time_string[strcspn(time_string, "\n")] = '\0';
102	*strchr(time_string, '\n') = '\0';
103	if (strcmp(hostname, "") == 0)	102	if (strcmp(hostname, "") == 0)
104	snprintf(buf, sizeof(buf), "Last login: %s\r\n",	103	snprintf(buf, sizeof(buf), "Last login: %s\r\n",
105	time_string);	104	time_string);