summaryrefslogtreecommitdiff
path: root/auth-pam.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth-pam.c')
-rw-r--r--auth-pam.c14
1 files changed, 7 insertions, 7 deletions
diff --git a/auth-pam.c b/auth-pam.c
index c12f413e7..5ddc8bec3 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -288,7 +288,10 @@ import_environments(Buffer *b)
288 288
289 /* Import environment from subprocess */ 289 /* Import environment from subprocess */
290 num_env = buffer_get_int(b); 290 num_env = buffer_get_int(b);
291 sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env)); 291 if (num_env > 1024)
292 fatal("%s: received %u environment variables, expected <= 1024",
293 __func__, num_env);
294 sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env));
292 debug3("PAM: num env strings %d", num_env); 295 debug3("PAM: num env strings %d", num_env);
293 for(i = 0; i < num_env; i++) 296 for(i = 0; i < num_env; i++)
294 sshpam_env[i] = buffer_get_string(b, NULL); 297 sshpam_env[i] = buffer_get_string(b, NULL);
@@ -335,9 +338,8 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
335 if (n <= 0 || n > PAM_MAX_NUM_MSG) 338 if (n <= 0 || n > PAM_MAX_NUM_MSG)
336 return (PAM_CONV_ERR); 339 return (PAM_CONV_ERR);
337 340
338 if ((reply = malloc(n * sizeof(*reply))) == NULL) 341 if ((reply = calloc(n, sizeof(*reply))) == NULL)
339 return (PAM_CONV_ERR); 342 return (PAM_CONV_ERR);
340 memset(reply, 0, n * sizeof(*reply));
341 343
342 buffer_init(&buffer); 344 buffer_init(&buffer);
343 for (i = 0; i < n; ++i) { 345 for (i = 0; i < n; ++i) {
@@ -533,9 +535,8 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg,
533 if (n <= 0 || n > PAM_MAX_NUM_MSG) 535 if (n <= 0 || n > PAM_MAX_NUM_MSG)
534 return (PAM_CONV_ERR); 536 return (PAM_CONV_ERR);
535 537
536 if ((reply = malloc(n * sizeof(*reply))) == NULL) 538 if ((reply = calloc(n, sizeof(*reply))) == NULL)
537 return (PAM_CONV_ERR); 539 return (PAM_CONV_ERR);
538 memset(reply, 0, n * sizeof(*reply));
539 540
540 for (i = 0; i < n; ++i) { 541 for (i = 0; i < n; ++i) {
541 switch (PAM_MSG_MEMBER(msg, i, msg_style)) { 542 switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
@@ -935,9 +936,8 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg,
935 if (n <= 0 || n > PAM_MAX_NUM_MSG || !isatty(STDIN_FILENO)) 936 if (n <= 0 || n > PAM_MAX_NUM_MSG || !isatty(STDIN_FILENO))
936 return (PAM_CONV_ERR); 937 return (PAM_CONV_ERR);
937 938
938 if ((reply = malloc(n * sizeof(*reply))) == NULL) 939 if ((reply = calloc(n, sizeof(*reply))) == NULL)
939 return (PAM_CONV_ERR); 940 return (PAM_CONV_ERR);
940 memset(reply, 0, n * sizeof(*reply));
941 941
942 for (i = 0; i < n; ++i) { 942 for (i = 0; i < n; ++i) {
943 switch (PAM_MSG_MEMBER(msg, i, msg_style)) { 943 switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 19:13:26 +0000