- markus@cvs.openbsd.org 2001/11/08 10:51:08

     [readpass.c]
     don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.

diff --git a/ChangeLog b/ChangeLog
index 3d954c04922370c0a473b4282b59be131bc302a7..0e851b044abd360e8d4985e29c33bac70d79c24c 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,6 +42,9 @@
    - markus@cvs.openbsd.org 2001/11/07 22:53:21
      [channels.h]
      crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
+   - markus@cvs.openbsd.org 2001/11/08 10:51:08
+     [readpass.c]
+     don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
 
 20011109
  - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)

diff --git a/readpass.c b/readpass.c
index 577a407f39b8ca9a311a18323ccb939fe1e665e1..a0429818e7c5ce8c9f84506daa520641a7615d0b 100644 (file)
--- a/readpass.c
+++ b/readpass.c
@@ -32,7 +32,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.22 2001/07/14 15:10:16 stevesk Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.23 2001/11/08 10:51:08 markus Exp $");
 
 #include "xmalloc.h"
 #include "readpass.h"
@@ -45,7 +45,7 @@ ssh_askpass(char *askpass, const char *msg)
 {
        pid_t pid;
        size_t len;
-       char *nl, *pass;
+       char *pass;
        int p[2], status;
        char buf[1024];
 
@@ -71,16 +71,15 @@ ssh_askpass(char *askpass, const char *msg)
                fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
        }
        close(p[1]);
-       len = read(p[0], buf, sizeof buf);
+       len = read(p[0], buf, sizeof buf -1);
        close(p[0]);
        while (waitpid(pid, &status, 0) < 0)
                if (errno != EINTR)
                        break;
        if (len <= 1)
                return xstrdup("");
-       nl = strchr(buf, '\n');
-       if (nl)
-               *nl = '\0';
+       buf[len] = '\0';
+       buf[strcspn(buf, "\r\n")] = '\0';
        pass = xstrdup(buf);
        memset(buf, 0, sizeof(buf));
        return pass;