- (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
This commit is contained in:
parent
d4b11d62e9
commit
7868202d56
|
@ -59,6 +59,7 @@
|
||||||
- (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
|
- (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
|
||||||
<nalin@redhat.com>
|
<nalin@redhat.com>
|
||||||
- (djm) Update spec files for release
|
- (djm) Update spec files for release
|
||||||
|
- (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
|
||||||
|
|
||||||
20020625
|
20020625
|
||||||
- (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
|
- (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
|
||||||
|
@ -1158,4 +1159,4 @@
|
||||||
- (stevesk) entropy.c: typo in debug message
|
- (stevesk) entropy.c: typo in debug message
|
||||||
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.2298 2002/06/26 13:57:12 djm Exp $
|
$Id: ChangeLog,v 1.2299 2002/06/26 13:57:59 djm Exp $
|
||||||
|
|
11
auth2-pam.c
11
auth2-pam.c
|
@ -1,5 +1,5 @@
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$Id: auth2-pam.c,v 1.12 2002/01/22 12:43:13 djm Exp $");
|
RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $");
|
||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
#include <security/pam_appl.h>
|
#include <security/pam_appl.h>
|
||||||
|
@ -140,6 +140,15 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
|
||||||
nresp = packet_get_int(); /* Number of responses. */
|
nresp = packet_get_int(); /* Number of responses. */
|
||||||
debug("got %d responses", nresp);
|
debug("got %d responses", nresp);
|
||||||
|
|
||||||
|
|
||||||
|
if (nresp != context_pam2.num_expected)
|
||||||
|
fatal("%s: Received incorrect number of responses "
|
||||||
|
"(expected %u, received %u)", __func__, nresp,
|
||||||
|
context_pam2.num_expected);
|
||||||
|
|
||||||
|
if (nresp > 100)
|
||||||
|
fatal("%s: too many replies", __func__);
|
||||||
|
|
||||||
for (i = 0; i < nresp; i++) {
|
for (i = 0; i < nresp; i++) {
|
||||||
int j = context_pam2.prompts[i];
|
int j = context_pam2.prompts[i];
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue