Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 41bfc29ea5416ea0a389635291bcf388d4bdc225^! / .
commit41bfc29ea5416ea0a389635291bcf388d4bdc225[log] [tgz]
authorDamien Miller <djm@mindrot.org>Thu May 26 12:07:32 2005 +1000
committerDamien Miller <djm@mindrot.org>Thu May 26 12:07:32 2005 +1000
tree85eef9ee1416ca8dea07815847d77197038f212c
parentdadfd4dd3862df5cebae2f2dc9b7f112321fa85e [diff]
   - moritz@cvs.openbsd.org 2005/04/28 10:17:56
     [progressmeter.c ssh-keyscan.c]
     add snprintf checks. ok djm@ markus@

diff --git a/ChangeLog b/ChangeLog
index 90eaf2d..e1ef7a5 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -41,6 +41,9 @@
    - jakob@cvs.openbsd.org 2005/04/26 13:08:37
      [ssh.c ssh_config.5]
      fallback gracefully if client cannot connect to ControlPath. ok djm@
+   - moritz@cvs.openbsd.org 2005/04/28 10:17:56
+     [progressmeter.c ssh-keyscan.c]
+     add snprintf checks. ok djm@ markus@
 
 20050524
  - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
@@ -2540,4 +2543,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3772 2005/05/26 02:07:13 djm Exp $
+$Id: ChangeLog,v 1.3773 2005/05/26 02:07:32 djm Exp $

diff --git a/progressmeter.c b/progressmeter.c
index 93f5a3e..febe9aa 100644
--- a/progressmeter.c
+++ b/progressmeter.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $");
+RCSID("$OpenBSD: progressmeter.c,v 1.23 2005/04/28 10:17:56 moritz Exp $");
 
 #include "progressmeter.h"
 #include "atomicio.h"
@@ -147,6 +147,8 @@
 		len = snprintf(buf, file_len + 1, "\r%s", file);
 		if (len < 0)
 			len = 0;
+		if (len >= file_len + 1)
+			len = file_len;
 		for (i = len;  i < file_len; i++ )
 			buf[i] = ' ';
 		buf[file_len] = '\0';

diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index bc2c3b7..fdcfc5b 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c

@@ -7,7 +7,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.52 2005/03/01 15:47:14 jmc Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.53 2005/04/28 10:17:56 moritz Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -543,6 +543,11 @@
 	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
 	    c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
 	    c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
+	if (n == -1 || n >= sizeof buf) {
+		error("snprintf: buffer too small");
+		confree(s);
+		return;
+	}
 	if (atomicio(vwrite, s, buf, n) != n) {
 		error("write (%s): %s", c->c_name, strerror(errno));
 		confree(s);