Where is OpenSSH 2.5.0p1?
Damien Miller
djm at mindrot.org
Sun Feb 18 12:51:20 EST 2001
On Sat, 17 Feb 2001, Marek Michalkiewicz wrote:
> One bug is only swapped tests for no_libsocket and no_libnsl.
> The other bug looks more serious to me - quote from glibc manual:
>
> *Warning:* Using the `openpty' function with NAME not set to
> `NULL' is *very dangerous* because it provides no protection
> against overflowing the string NAME. You should use the `ttyname'
> function on the file descriptor returned in *SLAVE to find out the
> file name of the slave pseudo-terminal device instead.
I think that you would have a hard time causing any trouble with this
- you would have to have a pretty messed up system if the path to your
tty was more than 64 chars.
Both applied.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list