avoid sending pointer values in struct passwd
naito.yuichiro at gmail.com
Fri Nov 27 20:13:13 AEDT 2020
2020年11月25日(水) 9:11 Damien Miller <djm at mindrot.org>:
> On Wed, 25 Nov 2020, Yuichiro NAITO wrote:
> > Thanks for reviewing my patch.
> > > 2020/11/20 23:45、Peter Stuge <peter at stuge.se>のメール:
> > >
> > > Yuichiro NAITO wrote:
> > >> Take a look at my GitHub pull request to see my patch.
> > >>
> > >> https://github.com/openssh/openssh-portable/pull/216
> > >
> > > I think the length at the beginning should be tied to the (number of?)
> > > members that are sent instead of the struct passwd size on either side.
> > OK.
> > I fixed to send number of struct passwd members at first in sshbuf_put_passwd().
> > And sshbuf_get_passwd() checks it.
> Thanks for reminding me about this.
> IMO sshbuf-*.c isn't the right place for this. Sending/receiving password
> structs is only done in one place in OpenSSH, so I'd prefer to leave it
> where it is.
Yes, code of sending struct passwd appears in one place.
I've tried to reduce the difference between FreeBSD sources,
but it can not be a motivation to OpenSSH (that I'm guessing).
And you have written the size aware macros which is better than my
code in portability.
There is no advantage to my code.
I think the issue in the subject is solved by your patch.
Yuichiro NAITO (naito.yuichiro at gmail.com)
More information about the openssh-unix-dev