From 41bfc29ea5416ea0a389635291bcf388d4bdc225 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Thu, 26 May 2005 12:07:32 +1000
Subject: [PATCH]    - moritz@cvs.openbsd.org 2005/04/28 10:17:56     
 [progressmeter.c ssh-keyscan.c]      add snprintf checks. ok djm@ markus@

---
 ChangeLog       | 5 ++++-
 progressmeter.c | 4 +++-
 ssh-keyscan.c   | 7 ++++++-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 90eaf2d8b..e1ef7a5e5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -41,6 +41,9 @@
    - jakob@cvs.openbsd.org 2005/04/26 13:08:37
      [ssh.c ssh_config.5]
      fallback gracefully if client cannot connect to ControlPath. ok djm@
+   - moritz@cvs.openbsd.org 2005/04/28 10:17:56
+     [progressmeter.c ssh-keyscan.c]
+     add snprintf checks. ok djm@ markus@
 
 20050524
  - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
@@ -2540,4 +2543,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3772 2005/05/26 02:07:13 djm Exp $
+$Id: ChangeLog,v 1.3773 2005/05/26 02:07:32 djm Exp $
diff --git a/progressmeter.c b/progressmeter.c
index 93f5a3e62..febe9aad5 100644
--- a/progressmeter.c
+++ b/progressmeter.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: progressmeter.c,v 1.23 2005/04/28 10:17:56 moritz Exp $");
 
 #include "progressmeter.h"
 #include "atomicio.h"
@@ -147,6 +147,8 @@ refresh_progress_meter(void)
 		len = snprintf(buf, file_len + 1, "\r%s", file);
 		if (len < 0)
 			len = 0;
+		if (len >= file_len + 1)
+			len = file_len;
 		for (i = len;  i < file_len; i++ )
 			buf[i] = ' ';
 		buf[file_len] = '\0';
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index bc2c3b728..fdcfc5b3c 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -7,7 +7,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.52 2005/03/01 15:47:14 jmc Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.53 2005/04/28 10:17:56 moritz Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -543,6 +543,11 @@ congreet(int s)
 	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
 	    c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
 	    c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
+	if (n == -1 || n >= sizeof buf) {
+		error("snprintf: buffer too small");
+		confree(s);
+		return;
+	}
 	if (atomicio(vwrite, s, buf, n) != n) {
 		error("write (%s): %s", c->c_name, strerror(errno));
 		confree(s);