OpenSSH-2.1.1p2: Is this misuse of strtok?

Chan Shih-Ping Richard cshihpin at dso.org.sg
Wed Jul 5 19:25:28 EST 2000


Is this a misuse of strtok() in OpenSSH-2.1.1p2?

readconf.c:process_config_line() calls strtok() to
parse config lines. When it finds oProtocol it calls
compat.c:proto_spec() which in turns uses strtok().

However on return of proto_spec(),  process_config_line() calls
strtok() once more to (quoting from the source code)
	/* Check that there is no garbage at end of line. */

But surely strtok() is being called with the context established
by proto_spec() rather than the original context.

A similar problem seems to occur in servconf.c.


-- 

Chan Shih-Ping (Richard) <cshihpin at dso.org.sg>
DSO National Laboratories
20 Science Park Drive
Singapore 118230






More information about the openssh-unix-dev mailing list