- (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
occur if the server did not have the privsep user and an invalid user
tried to login and both privsep and krb5 auth are disabled; ok dtucker@
+ - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@
20061108
- (dtucker) OpenBSD CVS Sync
#define INIT_SZ 128
-int vasprintf(char **str, const char *fmt, va_list ap)
+int
+vasprintf(char **str, const char *fmt, va_list ap)
{
int ret = -1;
va_list ap2;
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */
*str = string;
- } else if (ret == INT_MAX) { /* shouldn't happen */
+ } else if (ret == INT_MAX || ret < 0) { /* Bad length */
goto fail;
} else { /* bigger than initial, realloc allowing for nul */
len = (size_t)ret + 1;