[openssh-commits] [openssh] 02/02: upstream: scrub keyboard-interactive authentication prompts coming
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Nov 13 18:32:31 AEDT 2020
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 04088725ec9c44880c01799b588cd4ba47b3e8bc
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Nov 13 07:30:44 2020 +0000
upstream: scrub keyboard-interactive authentication prompts coming
from the server through asmprintf() prior to display; suggested by and ok
dtucker@
OpenBSD-Commit-ID: 31fe93367645c37fbfe4691596bf6cf1e3972a58
---
sshconnect2.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/sshconnect2.c b/sshconnect2.c
index 6c31eeaf..149bb8d6 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.335 2020/11/13 04:53:12 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.336 2020/11/13 07:30:44 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -33,6 +33,7 @@
#include <errno.h>
#include <fcntl.h>
+#include <limits.h>
#include <netdb.h>
#include <pwd.h>
#include <signal.h>
@@ -1924,9 +1925,10 @@ input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
if ((r = sshpkt_get_cstring(ssh, &prompt, NULL)) != 0 ||
(r = sshpkt_get_u8(ssh, &echo)) != 0)
goto out;
- xasprintf(&display_prompt, "(%s@%s) %s",
+ if (asmprintf(&display_prompt, INT_MAX, NULL, "(%s@%s) %s",
authctxt->server_user, options.host_key_alias ?
- options.host_key_alias : authctxt->host, prompt);
+ options.host_key_alias : authctxt->host, prompt) == -1)
+ fatal_f("asmprintf failed");
response = read_passphrase(display_prompt, echo ? RP_ECHO : 0);
if ((r = sshpkt_put_cstring(ssh, response)) != 0)
goto out;
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list