mirror of git://anongit.mindrot.org/openssh.git
- Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
This commit is contained in:
parent
6ee9564901
commit
5bbbd364c9
|
@ -1,3 +1,6 @@
|
|||
19991119
|
||||
- Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
|
||||
|
||||
19991118
|
||||
- Merged OpenBSD CVS changes
|
||||
- [scp.c] foregroundproc() in scp
|
||||
|
|
3
README
3
README
|
@ -1,4 +1,5 @@
|
|||
This is the Unix port of OpenBSD's excellent OpenSSH.
|
||||
This is the port of OpenBSD's excellent OpenSSH to Linux and other
|
||||
Unices.
|
||||
|
||||
OpenSSH is based on the last free version of Tatu Ylonen's SSH with
|
||||
all patent-encumbered algorithms removed, all known security bugs
|
||||
|
|
35
sshd.c
35
sshd.c
|
@ -18,7 +18,7 @@ agent connections.
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: sshd.c,v 1.23 1999/11/17 22:28:11 damien Exp $");
|
||||
RCSID("$Id: sshd.c,v 1.24 1999/11/18 20:56:21 damien Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "rsa.h"
|
||||
|
@ -152,8 +152,10 @@ char *pamconv_msg = NULL;
|
|||
static int pamconv(int num_msg, const struct pam_message **msg,
|
||||
struct pam_response **resp, void *appdata_ptr)
|
||||
{
|
||||
int count = 0;
|
||||
struct pam_response *reply = NULL;
|
||||
struct pam_response *reply;
|
||||
int count;
|
||||
size_t msg_len;
|
||||
char *p;
|
||||
|
||||
/* PAM will free this later */
|
||||
reply = malloc(num_msg * sizeof(*reply));
|
||||
|
@ -178,25 +180,22 @@ static int pamconv(int num_msg, const struct pam_message **msg,
|
|||
reply[count].resp_retcode = PAM_SUCCESS;
|
||||
reply[count].resp = xstrdup("");
|
||||
|
||||
if (msg[count]->msg == NULL) break;
|
||||
if (msg[count]->msg == NULL)
|
||||
break;
|
||||
debug("Adding PAM message: %s", msg[count]->msg);
|
||||
if (pamconv_msg == NULL)
|
||||
{
|
||||
pamconv_msg = malloc(strlen(msg[count]->msg) + 2);
|
||||
|
||||
if (pamconv_msg == NULL)
|
||||
return PAM_CONV_ERR;
|
||||
|
||||
strncpy(pamconv_msg, msg[count]->msg, strlen(msg[count]->msg));
|
||||
pamconv_msg[strlen(msg[count]->msg)] = '\n';
|
||||
pamconv_msg[strlen(msg[count]->msg) + 1] = '\0';
|
||||
} else
|
||||
msg_len = strlen(msg[count]->msg);
|
||||
if (pamconv_msg)
|
||||
{
|
||||
pamconv_msg = realloc(pamconv_msg, strlen(pamconv_msg) + strlen(msg[count]->msg) + 2);
|
||||
strncat(pamconv_msg, msg[count]->msg, strlen(msg[count]->msg));
|
||||
pamconv_msg[strlen(pamconv_msg)] = '\n';
|
||||
pamconv_msg[strlen(pamconv_msg) + 1] = '\0';
|
||||
size_t n = strlen(pamconv_msg);
|
||||
pamconv_msg = xrealloc(pamconv_msg, n + msg_len + 2);
|
||||
p = pamconv_msg + n;
|
||||
}
|
||||
else
|
||||
pamconv_msg = p = xmalloc(msg_len + 2);
|
||||
memcpy(p, msg[count]->msg, msg_len);
|
||||
p[msg_len] = '\n';
|
||||
p[msg_len + 1] = '\0';
|
||||
break;
|
||||
|
||||
case PAM_PROMPT_ECHO_ON:
|
||||
|
|
Loading…
Reference in New Issue