From 14b017d6f2277c83856489054e9c6c1428095bbb Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Mon, 17 Sep 2007 16:09:15 +1000
Subject:    - gilles@cvs.openbsd.org 2007/09/11 15:47:17      [session.c
 ssh-keygen.c sshlogin.c]      use strcspn to properly overwrite '\n' in fgets
 returned buffer      ok pyr@, ray@, millert@, moritz@, chl@

---
 ChangeLog    | 6 +++++-
 session.c    | 7 ++++---
 ssh-keygen.c | 8 +++-----
 sshlogin.c   | 5 ++---
 4 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6a200586a..b9a85da00 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -41,6 +41,10 @@
      [sshpty.c]
      sort #include
      NB. RCS ID sync only
+   - gilles@cvs.openbsd.org 2007/09/11 15:47:17
+     [session.c ssh-keygen.c sshlogin.c]
+     use strcspn to properly overwrite '\n' in fgets returned buffer
+     ok pyr@, ray@, millert@, moritz@, chl@
 
 20070914
  - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
@@ -3238,4 +3242,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4751 2007/09/17 06:07:32 djm Exp $
+$Id: ChangeLog,v 1.4752 2007/09/17 06:09:15 djm Exp $
diff --git a/session.c b/session.c
index c19c2ac5a..2b0580b45 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.223 2007/08/23 02:55:51 djm Exp $ */
+/* $OpenBSD: session.c,v 1.224 2007/09/11 15:47:17 gilles Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -897,8 +897,9 @@ read_environment_file(char ***env, u_int *envsize,
 			;
 		if (!*cp || *cp == '#' || *cp == '\n')
 			continue;
-		if (strchr(cp, '\n'))
-			*strchr(cp, '\n') = '\0';
+
+		cp[strcspn(cp, "\n")] = '\0';
+
 		value = strchr(cp, '=');
 		if (value == NULL) {
 			fprintf(stderr, "Bad line %u in %.100s\n", lineno,
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 95b0ac850..2b2399c50 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.161 2007/09/09 11:38:01 sobrado Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.162 2007/09/11 15:47:17 gilles Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -141,8 +141,7 @@ ask_filename(struct passwd *pw, const char *prompt)
 	fprintf(stderr, "%s (%s): ", prompt, identity_file);
 	if (fgets(buf, sizeof(buf), stdin) == NULL)
 		exit(1);
-	if (strchr(buf, '\n'))
-		*strchr(buf, '\n') = 0;
+	buf[strcspn(buf, "\n")] = '\0';
 	if (strcmp(buf, "") != 0)
 		strlcpy(identity_file, buf, sizeof(identity_file));
 	have_identity = 1;
@@ -962,8 +961,7 @@ do_change_comment(struct passwd *pw)
 			key_free(private);
 			exit(1);
 		}
-		if (strchr(new_comment, '\n'))
-			*strchr(new_comment, '\n') = 0;
+		new_comment[strcspn(new_comment, "\n")] = '\0';
 	}
 
 	/* Save the file using the new passphrase. */
diff --git a/sshlogin.c b/sshlogin.c
index 0059ff8d0..cc35d6024 100644
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshlogin.c,v 1.25 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sshlogin.c,v 1.26 2007/09/11 15:47:17 gilles Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -98,8 +98,7 @@ store_lastlog_message(const char *user, uid_t uid)
 
 	if (last_login_time != 0) {
 		time_string = ctime(&last_login_time);
-		if (strchr(time_string, '\n'))
-		    *strchr(time_string, '\n') = '\0';
+		time_string[strcspn(time_string, "\n")] = '\0';
 		if (strcmp(hostname, "") == 0)
 			snprintf(buf, sizeof(buf), "Last login: %s\r\n",
 			    time_string);
-- 
cgit v1.2.3