[PATCH] kbdintctxt->nreq test
Frank Cusack
fcusack at fcusack.com
Thu Jun 27 11:51:31 EST 2002
If the info_response code is going to test that the # of responses is < 100,
then the info_request code should check that < 100 prompts are sent. It
would be rude to send 101 prompts and then fail when the responses come
back.
I actually think the test should be removed altogether, the limit seems
quite arbitrary, but here is a patch to not send > 100 prompts. With
this patch, the test in the info_response code could actually be removed.
--- auth2-chall.c.orig Wed Jun 26 18:40:14 2002
+++ auth2-chall.c Wed Jun 26 18:42:54 2002
@@ -217,6 +217,8 @@
if (kbdintctxt->device->query(kbdintctxt->ctxt,
&name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
return 0;
+ if (kbdintctxt->nreq > 100)
+ fatal("send_userauth_info_request: too many prompts");
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
packet_put_cstring(name);
/fc
More information about the openssh-unix-dev
mailing list