diff options
| author | Damien Miller <djm@mindrot.org> | 2005-05-26 12:07:32 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2005-05-26 12:07:32 +1000 |
| commit | 41bfc29ea5416ea0a389635291bcf388d4bdc225 (patch) | |
| tree | 85eef9ee1416ca8dea07815847d77197038f212c | |
| parent | dadfd4dd3862df5cebae2f2dc9b7f112321fa85e (diff) | |
| download | openssh-git-41bfc29ea5416ea0a389635291bcf388d4bdc225.tar.gz | |
- moritz@cvs.openbsd.org 2005/04/28 10:17:56
[progressmeter.c ssh-keyscan.c]
add snprintf checks. ok djm@ markus@
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | progressmeter.c | 4 | ||||
| -rw-r--r-- | ssh-keyscan.c | 7 |
3 files changed, 13 insertions, 3 deletions
@@ -41,6 +41,9 @@ - jakob@cvs.openbsd.org 2005/04/26 13:08:37 [ssh.c ssh_config.5] fallback gracefully if client cannot connect to ControlPath. ok djm@ + - moritz@cvs.openbsd.org 2005/04/28 10:17:56 + [progressmeter.c ssh-keyscan.c] + add snprintf checks. ok djm@ markus@ 20050524 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] @@ -2540,4 +2543,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3772 2005/05/26 02:07:13 djm Exp $ +$Id: ChangeLog,v 1.3773 2005/05/26 02:07:32 djm Exp $ diff --git a/progressmeter.c b/progressmeter.c index 93f5a3e6..febe9aad 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $"); +RCSID("$OpenBSD: progressmeter.c,v 1.23 2005/04/28 10:17:56 moritz Exp $"); #include "progressmeter.h" #include "atomicio.h" @@ -147,6 +147,8 @@ refresh_progress_meter(void) len = snprintf(buf, file_len + 1, "\r%s", file); if (len < 0) len = 0; + if (len >= file_len + 1) + len = file_len; for (i = len; i < file_len; i++ ) buf[i] = ' '; buf[file_len] = '\0'; diff --git a/ssh-keyscan.c b/ssh-keyscan.c index bc2c3b72..fdcfc5b3 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.52 2005/03/01 15:47:14 jmc Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.53 2005/04/28 10:17:56 moritz Exp $"); #include "openbsd-compat/sys-queue.h" @@ -543,6 +543,11 @@ congreet(int s) n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2, c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2); + if (n == -1 || n >= sizeof buf) { + error("snprintf: buffer too small"); + confree(s); + return; + } if (atomicio(vwrite, s, buf, n) != n) { error("write (%s): %s", c->c_name, strerror(errno)); confree(s); |