From 56b551e2174c29148b4b9a24c399f082e5b22460 Mon Sep 17 00:00:00 2001 From: djm Date: Mon, 12 Nov 2001 00:05:20 +0000 Subject: [PATCH] - markus@cvs.openbsd.org 2001/11/08 10:51:08 [readpass.c] don't strdup too much data; from gotoh@taiyo.co.jp; ok millert. --- ChangeLog | 3 +++ readpass.c | 11 +++++------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3d954c04..0e851b04 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,9 @@ - markus@cvs.openbsd.org 2001/11/07 22:53:21 [channels.h] crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com + - markus@cvs.openbsd.org 2001/11/08 10:51:08 + [readpass.c] + don't strdup too much data; from gotoh@taiyo.co.jp; ok millert. 20011109 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) diff --git a/readpass.c b/readpass.c index 577a407f..a0429818 100644 --- a/readpass.c +++ b/readpass.c @@ -32,7 +32,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.22 2001/07/14 15:10:16 stevesk Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.23 2001/11/08 10:51:08 markus Exp $"); #include "xmalloc.h" #include "readpass.h" @@ -45,7 +45,7 @@ ssh_askpass(char *askpass, const char *msg) { pid_t pid; size_t len; - char *nl, *pass; + char *pass; int p[2], status; char buf[1024]; @@ -71,16 +71,15 @@ ssh_askpass(char *askpass, const char *msg) fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); } close(p[1]); - len = read(p[0], buf, sizeof buf); + len = read(p[0], buf, sizeof buf -1); close(p[0]); while (waitpid(pid, &status, 0) < 0) if (errno != EINTR) break; if (len <= 1) return xstrdup(""); - nl = strchr(buf, '\n'); - if (nl) - *nl = '\0'; + buf[len] = '\0'; + buf[strcspn(buf, "\r\n")] = '\0'; pass = xstrdup(buf); memset(buf, 0, sizeof(buf)); return pass; -- 2.45.1