- markus@cvs.openbsd.org 2001/11/08 10:51:08
[readpass.c]
don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
diff --git a/ChangeLog b/ChangeLog
index 4e7471b..85641c4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,6 +42,9 @@
- markus@cvs.openbsd.org 2001/11/07 22:53:21
[channels.h]
crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
+ - markus@cvs.openbsd.org 2001/11/08 10:51:08
+ [readpass.c]
+ don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
20011109
- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
@@ -6851,4 +6854,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1647 2001/11/12 00:04:54 djm Exp $
+$Id: ChangeLog,v 1.1648 2001/11/12 00:05:20 djm Exp $
diff --git a/readpass.c b/readpass.c
index 577a407..a042981 100644
--- a/readpass.c
+++ b/readpass.c
@@ -32,7 +32,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.22 2001/07/14 15:10:16 stevesk Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.23 2001/11/08 10:51:08 markus Exp $");
#include "xmalloc.h"
#include "readpass.h"
@@ -45,7 +45,7 @@
{
pid_t pid;
size_t len;
- char *nl, *pass;
+ char *pass;
int p[2], status;
char buf[1024];
@@ -71,16 +71,15 @@
fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
}
close(p[1]);
- len = read(p[0], buf, sizeof buf);
+ len = read(p[0], buf, sizeof buf -1);
close(p[0]);
while (waitpid(pid, &status, 0) < 0)
if (errno != EINTR)
break;
if (len <= 1)
return xstrdup("");
- nl = strchr(buf, '\n');
- if (nl)
- *nl = '\0';
+ buf[len] = '\0';
+ buf[strcspn(buf, "\r\n")] = '\0';
pass = xstrdup(buf);
memset(buf, 0, sizeof(buf));
return pass;