Few question...

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Tue Mar 28 19:52:53 EST 2000


On Mon, Mar 27, 2000 at 06:52:35PM +0200, Waldemar Thiel wrote:
> 1/ there is probably bug in auth-password.c in auth_password function
> 
> 	if (pw->pw_uid == 0 && options.permit_root_login == 2)
> 		return 0;
> 	if (*password == '\0' && options.permit_empty_passwd == 0)
> 		return 0;
> 	/* deny if no user. */
> 	if (pw == NULL)	<----------- this should be first checked ....
> 		return 0;

this has been fixed in December. are you using a recent version?

> 2/ do I have to always read whole packed ? In example: I send packet with
> int and string
> as a data. Can I forget about reading string when I don't need it or there
> is a possibility
> of memory fragmentation ?

i assume you are talking about packet_get_int() and packet_get_string():
no, you don't need to add matching packet_get_string() calls on the
receving side. the next packet_read() discards the current packet.
note that you need to xfree() the string returned by packet_get_string().

-markus

PS: are you extending the protocol?





More information about the openssh-unix-dev mailing list