- Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
This commit is contained in:
parent
6ee9564901
commit
5bbbd364c9
|
@ -1,3 +1,6 @@
|
||||||
|
19991119
|
||||||
|
- Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
|
||||||
|
|
||||||
19991118
|
19991118
|
||||||
- Merged OpenBSD CVS changes
|
- Merged OpenBSD CVS changes
|
||||||
- [scp.c] foregroundproc() in scp
|
- [scp.c] foregroundproc() in scp
|
||||||
|
|
3
README
3
README
|
@ -1,4 +1,5 @@
|
||||||
This is the Unix port of OpenBSD's excellent OpenSSH.
|
This is the port of OpenBSD's excellent OpenSSH to Linux and other
|
||||||
|
Unices.
|
||||||
|
|
||||||
OpenSSH is based on the last free version of Tatu Ylonen's SSH with
|
OpenSSH is based on the last free version of Tatu Ylonen's SSH with
|
||||||
all patent-encumbered algorithms removed, all known security bugs
|
all patent-encumbered algorithms removed, all known security bugs
|
||||||
|
|
37
sshd.c
37
sshd.c
|
@ -18,7 +18,7 @@ agent connections.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$Id: sshd.c,v 1.23 1999/11/17 22:28:11 damien Exp $");
|
RCSID("$Id: sshd.c,v 1.24 1999/11/18 20:56:21 damien Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
|
@ -152,8 +152,10 @@ char *pamconv_msg = NULL;
|
||||||
static int pamconv(int num_msg, const struct pam_message **msg,
|
static int pamconv(int num_msg, const struct pam_message **msg,
|
||||||
struct pam_response **resp, void *appdata_ptr)
|
struct pam_response **resp, void *appdata_ptr)
|
||||||
{
|
{
|
||||||
int count = 0;
|
struct pam_response *reply;
|
||||||
struct pam_response *reply = NULL;
|
int count;
|
||||||
|
size_t msg_len;
|
||||||
|
char *p;
|
||||||
|
|
||||||
/* PAM will free this later */
|
/* PAM will free this later */
|
||||||
reply = malloc(num_msg * sizeof(*reply));
|
reply = malloc(num_msg * sizeof(*reply));
|
||||||
|
@ -178,25 +180,22 @@ static int pamconv(int num_msg, const struct pam_message **msg,
|
||||||
reply[count].resp_retcode = PAM_SUCCESS;
|
reply[count].resp_retcode = PAM_SUCCESS;
|
||||||
reply[count].resp = xstrdup("");
|
reply[count].resp = xstrdup("");
|
||||||
|
|
||||||
if (msg[count]->msg == NULL) break;
|
if (msg[count]->msg == NULL)
|
||||||
|
break;
|
||||||
debug("Adding PAM message: %s", msg[count]->msg);
|
debug("Adding PAM message: %s", msg[count]->msg);
|
||||||
if (pamconv_msg == NULL)
|
|
||||||
|
msg_len = strlen(msg[count]->msg);
|
||||||
|
if (pamconv_msg)
|
||||||
{
|
{
|
||||||
pamconv_msg = malloc(strlen(msg[count]->msg) + 2);
|
size_t n = strlen(pamconv_msg);
|
||||||
|
pamconv_msg = xrealloc(pamconv_msg, n + msg_len + 2);
|
||||||
if (pamconv_msg == NULL)
|
p = pamconv_msg + n;
|
||||||
return PAM_CONV_ERR;
|
|
||||||
|
|
||||||
strncpy(pamconv_msg, msg[count]->msg, strlen(msg[count]->msg));
|
|
||||||
pamconv_msg[strlen(msg[count]->msg)] = '\n';
|
|
||||||
pamconv_msg[strlen(msg[count]->msg) + 1] = '\0';
|
|
||||||
} else
|
|
||||||
{
|
|
||||||
pamconv_msg = realloc(pamconv_msg, strlen(pamconv_msg) + strlen(msg[count]->msg) + 2);
|
|
||||||
strncat(pamconv_msg, msg[count]->msg, strlen(msg[count]->msg));
|
|
||||||
pamconv_msg[strlen(pamconv_msg)] = '\n';
|
|
||||||
pamconv_msg[strlen(pamconv_msg) + 1] = '\0';
|
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
pamconv_msg = p = xmalloc(msg_len + 2);
|
||||||
|
memcpy(p, msg[count]->msg, msg_len);
|
||||||
|
p[msg_len] = '\n';
|
||||||
|
p[msg_len + 1] = '\0';
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case PAM_PROMPT_ECHO_ON:
|
case PAM_PROMPT_ECHO_ON:
|
||||||
|
|
Loading…
Reference in New Issue