Where is OpenSSH 2.5.0p1?

Marek Michalkiewicz marekm at amelek.gda.pl
Sun Feb 18 03:30:13 EST 2001 

Hi,

it seems the 2.5.0p1 announcement on www.openssh.com went out a little
bit too early ;).  Just curious, why 2.4 was skipped?  I don't believe
this is just to have a higher version number than the competition ;).
I see 2.5.0 is there, but no 2.5.0p1 yet even on ftp.openbsd.org itself.

Looking at the CVS tree, I see the two bugs I reported to this list
some time ago (with no response) are still there.  Below is a patch
to fix them, please tell me if you see anything wrong with it.
(I have tested it on Debian woody, appears to work fine so far.)

One bug is only swapped tests for no_libsocket and no_libnsl.
The other bug looks more serious to me - quote from glibc manual:

     *Warning:* Using the `openpty' function with NAME not set to
     `NULL' is *very dangerous* because it provides no protection
     against overflowing the string NAME.  You should use the `ttyname'
     function on the file descriptor returned in *SLAVE to find out the
     file name of the slave pseudo-terminal device instead.

Thanks, and keep up the good work!
Marek

Index: configure.in
===================================================================
RCS file: /cvs/openssh_cvs/configure.in,v
retrieving revision 1.243
diff -u -r1.243 configure.in
--- configure.in	2001/02/16 01:12:41	1.243
+++ configure.in	2001/02/17 16:06:48
@@ -317,10 +317,10 @@
 )
 
 # Checks for libraries.
-if test -z "$no_libsocket" ; then
+if test -z "$no_libnsl" ; then
 	AC_CHECK_LIB(nsl, yp_match, , )
 fi
-if test -z "$no_libnsl" ; then
+if test -z "$no_libsocket" ; then
 	AC_CHECK_LIB(socket, main, , )
 fi
 
Index: pty.c
===================================================================
RCS file: /cvs/openssh_cvs/pty.c,v
retrieving revision 1.31
diff -u -r1.31 pty.c
--- pty.c	2001/02/09 02:11:24	1.31
+++ pty.c	2001/02/17 16:06:49
@@ -49,15 +49,19 @@
 {
 #if defined(HAVE_OPENPTY) || defined(BSD4_4)
 	/* openpty(3) exists in OSF/1 and some other os'es */
-	char buf[64];
+	char *name;
 	int i;
 
-	i = openpty(ptyfd, ttyfd, buf, NULL, NULL);
+	i = openpty(ptyfd, ttyfd, NULL, NULL, NULL);
 	if (i < 0) {
 		error("openpty: %.100s", strerror(errno));
 		return 0;
 	}
-	strlcpy(namebuf, buf, namebuflen);	/* possible truncation */
+	name = ttyname(*ttyfd);
+	if (!name)
+		fatal("openpty returns device for which ttyname fails.");
+
+	strlcpy(namebuf, name, namebuflen);	/* possible truncation */
 	return 1;
 #else /* HAVE_OPENPTY */
 #ifdef HAVE__GETPTY

More information about the openssh-unix-dev mailing list