RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Limit the number of PAM environment variables. 

xcalloc has its own limits, but these are specific to PAM.  From
Coverity CID 405198, ok djm@
This commit is contained in:
Darren Tucker 2023-03-09 18:24:54 +11:00
parent a231414970
commit bfd1ad01d9
No known key found for this signature in database
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
monitor.c
View File

@ -1097,6 +1097,10 @@ mm_answer_pam_respond(struct ssh *ssh, int sock, struct sshbuf *m)
sshpam_authok = NULL; sshpam_authok = NULL;
if ((r = sshbuf_get_u32(m, &num)) != 0) if ((r = sshbuf_get_u32(m, &num)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r)); fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (num > PAM_MAX_NUM_MSG) {
fatal_f("Too many PAM messages, got %u, expected <= %u",
num, (unsigned)PAM_MAX_NUM_MSG);
}
if (num > 0) { if (num > 0) {
resp = xcalloc(num, sizeof(char *)); resp = xcalloc(num, sizeof(char *));
for (i = 0; i < num; ++i) { for (i = 0; i < num; ++i) {