Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 4a4bd719ea926739cea6ec8704b2ecc60553e8bc^! / . / ssh.c
commit4a4bd719ea926739cea6ec8704b2ecc60553e8bc[log] [tgz]
authorBen Lindstrom <mouring@eviladmin.org>Thu Dec 06 17:45:19 2001 +0000
committerBen Lindstrom <mouring@eviladmin.org>Thu Dec 06 17:45:19 2001 +0000
tree94bf2948c4b4fd5ba5cf55b5db4767ba61f6ef41
parent57fe5b592c5ab759af803737b8f9f50061924cb9 [diff] [blame]
   - stevesk@cvs.openbsd.org 2001/11/30 20:39:28
     [ssh.c]
     sscanf() length dependencies are clearer now; can also shrink proto
     and data if desired, but i have not done that.  ok markus@

diff --git a/ssh.c b/ssh.c
index 2984a59..9f4d117 100644
--- a/ssh.c
+++ b/ssh.c

@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.149 2001/10/24 08:51:35 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.150 2001/11/30 20:39:28 stevesk Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -787,19 +787,23 @@
 }
 
 static void
-x11_get_proto(char *proto, int proto_len, char *data, int data_len)
+x11_get_proto(char **_proto, char **_data)
 {
 	char line[512];
+	static char proto[512], data[512];
 	FILE *f;
 	int got_data = 0, i;
 
+	*_proto = proto;
+	*_data = data;
+	proto[0] = data[0] = '\0';
 	if (options.xauth_location) {
 		/* Try to get Xauthority information for the display. */
 		snprintf(line, sizeof line, "%.100s list %.200s 2>" _PATH_DEVNULL,
 		    options.xauth_location, getenv("DISPLAY"));
 		f = popen(line, "r");
 		if (f && fgets(line, sizeof(line), f) &&
-		    sscanf(line, "%*s %s %s", proto, data) == 2)
+		    sscanf(line, "%*s %511s %511s", proto, data) == 2)
 			got_data = 1;
 		if (f)
 			pclose(f);
@@ -815,11 +819,11 @@
 	if (!got_data) {
 		u_int32_t rand = 0;
 
-		strlcpy(proto, "MIT-MAGIC-COOKIE-1", proto_len);
+		strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);
 		for (i = 0; i < 16; i++) {
 			if (i % 4 == 0)
 				rand = arc4random();
-			snprintf(data + 2 * i, data_len - 2 * i, "%02x", rand & 0xff);
+			snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", rand & 0xff);
 			rand >>= 8;
 		}
 	}
@@ -943,9 +947,9 @@
 	}
 	/* Request X11 forwarding if enabled and DISPLAY is set. */
 	if (options.forward_x11 && getenv("DISPLAY") != NULL) {
-		char proto[512], data[512];
+		char *proto, *data;
 		/* Get reasonable local authentication information. */
-		x11_get_proto(proto, sizeof proto, data, sizeof data);
+		x11_get_proto(&proto, &data);
 		/* Request forwarding with authentication spoofing. */
 		debug("Requesting X11 forwarding with authentication spoofing.");
 		x11_request_forwarding_with_spoofing(0, proto, data);
@@ -1059,9 +1063,9 @@
 	}
 	if (options.forward_x11 &&
 	    getenv("DISPLAY") != NULL) {
-		char proto[512], data[512];
+		char *proto, *data;
 		/* Get reasonable local authentication information. */
-		x11_get_proto(proto, sizeof proto, data, sizeof data);
+		x11_get_proto(&proto, &data);
 		/* Request forwarding with authentication spoofing. */
 		debug("Requesting X11 forwarding with authentication spoofing.");
 		x11_request_forwarding_with_spoofing(id, proto, data);