From daffc6a1152ccebdd6eb70a029e28cc5949110d7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 16 Oct 2004 18:52:44 +1000 Subject: [PATCH] - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations --- ChangeLog | 5 ++++- auth-pam.c | 17 +++++++++++------ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6baa4bc66..47deee9c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20041016 + - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations + 20041006 - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode and other PAM platforms. @@ -1763,4 +1766,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3558 2004/10/06 13:15:44 dtucker Exp $ +$Id: ChangeLog,v 1.3559 2004/10/16 08:52:44 djm Exp $ diff --git a/auth-pam.c b/auth-pam.c index 0a6817d63..a1b26cc59 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.117 2004/09/11 13:07:03 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.118 2004/10/16 08:52:44 djm Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -654,7 +654,7 @@ sshpam_query(void *ctx, char **name, char **info, size_t plen; u_char type; char *msg; - size_t len; + size_t len, mlen; debug3("PAM: %s entering", __func__); buffer_init(&buffer); @@ -667,22 +667,27 @@ sshpam_query(void *ctx, char **name, char **info, while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) { type = buffer_get_char(&buffer); msg = buffer_get_string(&buffer, NULL); + mlen = strlen(msg); switch (type) { case PAM_PROMPT_ECHO_ON: case PAM_PROMPT_ECHO_OFF: *num = 1; - len = plen + strlen(msg) + 1; + len = plen + mlen + 1; **prompts = xrealloc(**prompts, len); - plen += snprintf(**prompts + plen, len, "%s", msg); + strlcpy(**prompts + plen, msg, len - plen); + plen += mlen; **echo_on = (type == PAM_PROMPT_ECHO_ON); xfree(msg); return (0); case PAM_ERROR_MSG: case PAM_TEXT_INFO: /* accumulate messages */ - len = plen + strlen(msg) + 2; + len = plen + mlen + 2; **prompts = xrealloc(**prompts, len); - plen += snprintf(**prompts + plen, len, "%s\n", msg); + strlcpy(**prompts + plen, msg, len - plen); + plen += mlen; + strlcat(**prompts + plen, "\n", len - plen); + plen++; xfree(msg); break; case PAM_SUCCESS: