[openssh-commits] [openssh] 06/06: upstream commit

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Dec 7 11:49:29 AEDT 2017


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit e0ce54c0b9ca3a9388f9c50f4fa6cc25c28a3240
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Dec 6 05:06:21 2017 +0000

    upstream commit
    
    don't accept junk after "yes" or "no" responses to
    hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@
    
    OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c
---
 sshconnect.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/sshconnect.c b/sshconnect.c
index e29b069c..44977707 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.288 2017/11/25 06:46:22 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.289 2017/12/06 05:06:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -631,11 +631,12 @@ confirm(const char *prompt)
 		return 0;
 	for (msg = prompt;;msg = again) {
 		p = read_passphrase(msg, RP_ECHO);
-		if (p == NULL ||
-		    (p[0] == '\0') || (p[0] == '\n') ||
-		    strncasecmp(p, "no", 2) == 0)
+		if (p == NULL)
+			return 0;
+		p[strcspn(p, "\n")] = '\0';
+		if (p[0] == '\0' || strcasecmp(p, "no") == 0)
 			ret = 0;
-		if (p && strncasecmp(p, "yes", 3) == 0)
+		else if (strcasecmp(p, "yes") == 0)
 			ret = 1;
 		free(p);
 		if (ret != -1)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list