- markus@cvs.openbsd.org 2001/11/08 10:51:08

[readpass.c] don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
2001-11-12 11:05:20 +11:00 · 2001-11-12 11:05:20 +11:00 · 637b8ae2d4
parent 36f8dd3ed6
commit 637b8ae2d4
2 changed files with 9 additions and 7 deletions
--- a/5
+++ b/5
@ -42,6 +42,9 @@
   - markus@cvs.openbsd.org 2001/11/07 22:53:21
     [channels.h]
     crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
+   - markus@cvs.openbsd.org 2001/11/08 10:51:08
+     [readpass.c]
+     don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.

 20011109
 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
@ -6851,4 +6854,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1

-$Id: ChangeLog,v 1.1647 2001/11/12 00:04:54 djm Exp $
+$Id: ChangeLog,v 1.1648 2001/11/12 00:05:20 djm Exp $
--- a/readpass.c
+++ b/readpass.c
@ -32,7 +32,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.22 2001/07/14 15:10:16 stevesk Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.23 2001/11/08 10:51:08 markus Exp $");

 #include "xmalloc.h"
 #include "readpass.h"
@ -45,7 +45,7 @@ ssh_askpass(char *askpass, const char *msg)
 {
 	pid_t pid;
 	size_t len;
-	char *nl, *pass;
+	char *pass;
 	int p[2], status;
 	char buf[1024];

@ -71,16 +71,15 @@ ssh_askpass(char *askpass, const char *msg)
 		fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
 	}
 	close(p[1]);
-	len = read(p[0], buf, sizeof buf);
+	len = read(p[0], buf, sizeof buf -1);
 	close(p[0]);
 	while (waitpid(pid, &status, 0) < 0)
 		if (errno != EINTR)
 			break;
 	if (len <= 1)
 		return xstrdup("");
-	nl = strchr(buf, '\n');
-	if (nl)
-		*nl = '\0';
+	buf[len] = '\0';
+	buf[strcspn(buf, "\r\n")] = '\0';
 	pass = xstrdup(buf);
 	memset(buf, 0, sizeof(buf));
 	return pass;