mirror of git://anongit.mindrot.org/openssh.git
- markus@cvs.openbsd.org 2002/06/26 13:55:37
[auth2-chall.c] make sure # of response matches # of queries, fixes int overflow; from ISS
This commit is contained in:
parent
7868202d56
commit
fb7fd9580c
|
@ -55,6 +55,10 @@
|
||||||
[session.c]
|
[session.c]
|
||||||
disclose less information from environment files; based on input
|
disclose less information from environment files; based on input
|
||||||
from djm, and dschultz@uclink.Berkeley.EDU
|
from djm, and dschultz@uclink.Berkeley.EDU
|
||||||
|
- markus@cvs.openbsd.org 2002/06/26 13:55:37
|
||||||
|
[auth2-chall.c]
|
||||||
|
make sure # of response matches # of queries, fixes int overflow;
|
||||||
|
from ISS
|
||||||
- (djm) Require krb5 devel for RPM build w/ KrbV
|
- (djm) Require krb5 devel for RPM build w/ KrbV
|
||||||
- (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
|
- (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
|
||||||
<nalin@redhat.com>
|
<nalin@redhat.com>
|
||||||
|
@ -1159,4 +1163,4 @@
|
||||||
- (stevesk) entropy.c: typo in debug message
|
- (stevesk) entropy.c: typo in debug message
|
||||||
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.2299 2002/06/26 13:57:59 djm Exp $
|
$Id: ChangeLog,v 1.2300 2002/06/26 13:58:39 djm Exp $
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: auth2-chall.c,v 1.18 2002/06/19 00:27:55 deraadt Exp $");
|
RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $");
|
||||||
|
|
||||||
#include "ssh2.h"
|
#include "ssh2.h"
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
|
@ -63,6 +63,7 @@ struct KbdintAuthctxt
|
||||||
char *devices;
|
char *devices;
|
||||||
void *ctxt;
|
void *ctxt;
|
||||||
KbdintDevice *device;
|
KbdintDevice *device;
|
||||||
|
u_int nreq;
|
||||||
};
|
};
|
||||||
|
|
||||||
static KbdintAuthctxt *
|
static KbdintAuthctxt *
|
||||||
|
@ -90,6 +91,7 @@ kbdint_alloc(const char *devs)
|
||||||
debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
|
debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
|
||||||
kbdintctxt->ctxt = NULL;
|
kbdintctxt->ctxt = NULL;
|
||||||
kbdintctxt->device = NULL;
|
kbdintctxt->device = NULL;
|
||||||
|
kbdintctxt->nreq = 0;
|
||||||
|
|
||||||
return kbdintctxt;
|
return kbdintctxt;
|
||||||
}
|
}
|
||||||
|
@ -209,26 +211,26 @@ send_userauth_info_request(Authctxt *authctxt)
|
||||||
KbdintAuthctxt *kbdintctxt;
|
KbdintAuthctxt *kbdintctxt;
|
||||||
char *name, *instr, **prompts;
|
char *name, *instr, **prompts;
|
||||||
int i;
|
int i;
|
||||||
u_int numprompts, *echo_on;
|
u_int *echo_on;
|
||||||
|
|
||||||
kbdintctxt = authctxt->kbdintctxt;
|
kbdintctxt = authctxt->kbdintctxt;
|
||||||
if (kbdintctxt->device->query(kbdintctxt->ctxt,
|
if (kbdintctxt->device->query(kbdintctxt->ctxt,
|
||||||
&name, &instr, &numprompts, &prompts, &echo_on))
|
&name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
|
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
|
||||||
packet_put_cstring(name);
|
packet_put_cstring(name);
|
||||||
packet_put_cstring(instr);
|
packet_put_cstring(instr);
|
||||||
packet_put_cstring(""); /* language not used */
|
packet_put_cstring(""); /* language not used */
|
||||||
packet_put_int(numprompts);
|
packet_put_int(kbdintctxt->nreq);
|
||||||
for (i = 0; i < numprompts; i++) {
|
for (i = 0; i < kbdintctxt->nreq; i++) {
|
||||||
packet_put_cstring(prompts[i]);
|
packet_put_cstring(prompts[i]);
|
||||||
packet_put_char(echo_on[i]);
|
packet_put_char(echo_on[i]);
|
||||||
}
|
}
|
||||||
packet_send();
|
packet_send();
|
||||||
packet_write_wait();
|
packet_write_wait();
|
||||||
|
|
||||||
for (i = 0; i < numprompts; i++)
|
for (i = 0; i < kbdintctxt->nreq; i++)
|
||||||
xfree(prompts[i]);
|
xfree(prompts[i]);
|
||||||
xfree(prompts);
|
xfree(prompts);
|
||||||
xfree(echo_on);
|
xfree(echo_on);
|
||||||
|
@ -256,6 +258,10 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
|
||||||
|
|
||||||
authctxt->postponed = 0; /* reset */
|
authctxt->postponed = 0; /* reset */
|
||||||
nresp = packet_get_int();
|
nresp = packet_get_int();
|
||||||
|
if (nresp != kbdintctxt->nreq)
|
||||||
|
fatal("input_userauth_info_response: wrong number of replies");
|
||||||
|
if (nresp > 100)
|
||||||
|
fatal("input_userauth_info_response: too many replies");
|
||||||
if (nresp > 0) {
|
if (nresp > 0) {
|
||||||
response = xmalloc(nresp * sizeof(char*));
|
response = xmalloc(nresp * sizeof(char*));
|
||||||
for (i = 0; i < nresp; i++)
|
for (i = 0; i < nresp; i++)
|
||||||
|
|
Loading…
Reference in New Issue