OpenSSH 3.0
Shun-ichi GOTO
gotoh at taiyo.co.jp
Wed Nov 7 14:47:48 EST 2001
> OpenSSH 3.0 has just been released. It will be available from the
> mirrors listed at http://www.openssh.com/ shortly.
Following patch reported at 2001/10/09 is not applied in OpenSSH 3.0p1.
Without this, ssh program cause acecss violation or memory overwrite
problem if SSH_ASKPASS program returns too long string (greater than
sizeof buf).
And also treat '\r' character as line terminator like '\n' for safe.
--- readpass.c 2001/10/09 05:42:49 1.1.1.1
+++ readpass.c 2001/10/09 08:06:38
@@ -45,7 +45,7 @@
{
pid_t pid;
size_t len;
- char *nl, *pass;
+ char *pass;
int p[2], status;
char buf[1024];
@@ -71,16 +71,15 @@
fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
}
close(p[1]);
- len = read(p[0], buf, sizeof buf);
+ len = read(p[0], buf, sizeof buf -1);
close(p[0]);
while (waitpid(pid, &status, 0) < 0)
if (errno != EINTR)
break;
if (len <= 1)
return xstrdup("");
- nl = strchr(buf, '\n');
- if (nl)
- *nl = '\0';
+ buf[len] = '\0';
+ buf[strcspn(buf, "\r\n")] = '\0';
pass = xstrdup(buf);
memset(buf, 0, sizeof(buf));
return pass;
--- Regards,
Shun-ichi Goto <gotoh at taiyo.co.jp>
R&D Group, TAIYO Corp., Tokyo, JAPAN
More information about the openssh-unix-dev
mailing list