https://bugzilla.mindrot.org/show_bug.cgi?id=3579
Bug ID: 3579
Summary: OpenSSH trims last character of fixed-lenght buffers
received from the pkcs11 providers providing users
with inaccurate information
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Smartcard
Assignee: [email protected]
Reporter: [email protected]
The rmspace() function is removing last character from the fixed-length
buffers to make sure they are safe for handling with standard functions
such as printf and null terminated. But this is problematic when the
buffer is full, which is common for serial number.
Right now, these buffers are not used for anything else than debug
information and PIN prompt so it should be safe not to remove the last
character and use printfs()'s precision modifier to make sure we do not
go over the buffer limits.
https://github.com/openssh/openssh-portable/pull/406
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
