Limit the number of PAM environment variables.
xcalloc has its own limits, but these are specific to PAM. From Coverity CID 405198, ok djm@
This commit is contained in:
parent
a231414970
commit
bfd1ad01d9
|
@ -1097,6 +1097,10 @@ mm_answer_pam_respond(struct ssh *ssh, int sock, struct sshbuf *m)
|
||||||
sshpam_authok = NULL;
|
sshpam_authok = NULL;
|
||||||
if ((r = sshbuf_get_u32(m, &num)) != 0)
|
if ((r = sshbuf_get_u32(m, &num)) != 0)
|
||||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||||
|
if (num > PAM_MAX_NUM_MSG) {
|
||||||
|
fatal_f("Too many PAM messages, got %u, expected <= %u",
|
||||||
|
num, (unsigned)PAM_MAX_NUM_MSG);
|
||||||
|
}
|
||||||
if (num > 0) {
|
if (num > 0) {
|
||||||
resp = xcalloc(num, sizeof(char *));
|
resp = xcalloc(num, sizeof(char *));
|
||||||
for (i = 0; i < num; ++i) {
|
for (i = 0; i < num; ++i) {
|
||||||
|
|
Loading…
Reference in New Issue