| apply fixes from upstream for empty banner |
| |
| https://bugzilla.mindrot.org/show_bug.cgi?id=1496 |
| http://bugs.gentoo.org/244222 |
| |
| ---------------------------- |
| revision 1.168 |
| date: 2008/10/03 23:56:28; author: deraadt; state: Exp; lines: +3 -3 |
| Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the |
| function. |
| spotted by des@freebsd, who commited an incorrect fix to the freebsd tree |
| and (as is fairly typical) did not report the problem to us. But this fix |
| is correct. |
| ok djm |
| ---------------------------- |
| revision 1.167 |
| date: 2008/07/31 14:48:28; author: markus; state: Exp; lines: +2 -2 |
| don't allocate space for empty banners; report t8m at centrum.cz; ok deraadt |
| --- src/usr.bin/ssh/sshconnect2.c 2008/07/17 09:48:00 1.166 |
| +++ src/usr.bin/ssh/sshconnect2.c 2008/10/04 00:56:28 1.168 |
| @@ -377,11 +377,11 @@ input_userauth_banner(int type, u_int32_t seq, void *c |
| debug3("input_userauth_banner"); |
| raw = packet_get_string(&len); |
| lang = packet_get_string(NULL); |
| - if (options.log_level >= SYSLOG_LEVEL_INFO) { |
| + if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) { |
| if (len > 65536) |
| len = 65536; |
| - msg = xmalloc(len * 4); /* max expansion from strnvis() */ |
| - strnvis(msg, raw, len * 4, VIS_SAFE|VIS_OCTAL); |
| + msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ |
| + strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL); |
| fprintf(stderr, "%s", msg); |
| xfree(msg); |
| } |