- (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,

instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
This commit is contained in:
Damien Miller 2004-07-19 09:39:11 +10:00
parent 65df174574
commit a6fb77fd6c
2 changed files with 10 additions and 5 deletions

View File

@ -1,6 +1,8 @@
20040719 20040719
- (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD - (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD
ok dtucker@ ok dtucker@
- (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,
instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
20040717 20040717
- (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
@ -1531,4 +1533,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3478 2004/07/18 23:30:38 djm Exp $ $Id: ChangeLog,v 1.3479 2004/07/18 23:39:11 djm Exp $

View File

@ -47,7 +47,7 @@
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h" #include "includes.h"
RCSID("$Id: auth-pam.c,v 1.111 2004/07/11 06:54:08 dtucker Exp $"); RCSID("$Id: auth-pam.c,v 1.112 2004/07/18 23:39:11 djm Exp $");
#ifdef USE_PAM #ifdef USE_PAM
#if defined(HAVE_SECURITY_PAM_APPL_H) #if defined(HAVE_SECURITY_PAM_APPL_H)
@ -817,7 +817,8 @@ sshpam_tty_conv(int n, struct pam_message **msg,
case PAM_PROMPT_ECHO_ON: case PAM_PROMPT_ECHO_ON:
fprintf(stderr, "%s\n", PAM_MSG_MEMBER(msg, i, msg)); fprintf(stderr, "%s\n", PAM_MSG_MEMBER(msg, i, msg));
fgets(input, sizeof input, stdin); fgets(input, sizeof input, stdin);
reply[i].resp = xstrdup(input); if ((reply[i].resp = strdup(input)) == NULL)
goto fail;
reply[i].resp_retcode = PAM_SUCCESS; reply[i].resp_retcode = PAM_SUCCESS;
break; break;
case PAM_ERROR_MSG: case PAM_ERROR_MSG:
@ -1003,7 +1004,8 @@ sshpam_passwd_conv(int n, struct pam_message **msg,
case PAM_PROMPT_ECHO_OFF: case PAM_PROMPT_ECHO_OFF:
if (sshpam_password == NULL) if (sshpam_password == NULL)
goto fail; goto fail;
reply[i].resp = xstrdup(sshpam_password); if ((reply[i].resp = strdup(sshpam_password)) == NULL)
goto fail;
reply[i].resp_retcode = PAM_SUCCESS; reply[i].resp_retcode = PAM_SUCCESS;
break; break;
case PAM_ERROR_MSG: case PAM_ERROR_MSG:
@ -1014,7 +1016,8 @@ sshpam_passwd_conv(int n, struct pam_message **msg,
PAM_MSG_MEMBER(msg, i, msg), len); PAM_MSG_MEMBER(msg, i, msg), len);
buffer_append(&loginmsg, "\n", 1); buffer_append(&loginmsg, "\n", 1);
} }
reply[i].resp = xstrdup(""); if ((reply[i].resp = strdup("")) == NULL)
goto fail;
reply[i].resp_retcode = PAM_SUCCESS; reply[i].resp_retcode = PAM_SUCCESS;
break; break;
default: default: