Re: [PATCH] OpenSSH: auth.c
Le 14/12/2012 06:27, Darren Tucker a écrit : On Thu, Dec 13, 2012 at 07:31:46PM +0100, Maxime Villard wrote: Hi, I was looking at some openssh code when I spotted a mistake applied, thanks. Another trivial patch. Make a more detailed error message. Or, we should use strlcpy(). Ok ? --- auth.c 2012-12-14 15:54:15.0 +0100 +++ auth.c 2012-12-14 16:22:01.897130976 +0100 @@ -367,7 +367,8 @@ /* for each component of the canonical path, walking upwards */ for (;;) { if ((cp = dirname(buf)) == NULL) { - snprintf(err, errlen, dirname() failed); + snprintf(err, errlen, dirname %s failed: %s, buf, + strerror(errno)); return -1; } strlcpy(buf, cp, sizeof(buf));
[PATCH] OpenSSH: auth.c
Hi, I was looking at some openssh code when I spotted a mistake in a function from auth.c: static int secure_filename(FILE *f, const char *file, struct passwd *pw, char *err, size_t errlen) { char buf[MAXPATHLEN]; struct stat st; /* check the open file to avoid races */ if (fstat(fileno(f), st) 0) { snprintf(err, errlen, cannot stat file %s: %s, buf, strerror(errno)); return -1; } return auth_secure_path(file, st, pw-pw_dir, pw-pw_uid, err, errlen); } 'buf' is not initialized and used whereas it should be 'file'. Patch: --- auth.c 2012-12-08 12:51:32.0 +0100 +++ auth.c 2012-12-13 19:11:30.968193729 +0100 @@ -404,13 +404,12 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, char *err, size_t errlen) { - char buf[MAXPATHLEN]; struct stat st; /* check the open file to avoid races */ if (fstat(fileno(f), st) 0) { snprintf(err, errlen, cannot stat file %s: %s, - buf, strerror(errno)); + file, strerror(errno)); return -1; } return auth_secure_path(file, st, pw-pw_dir, pw-pw_uid, err, errlen);
Re: [PATCH] OpenSSH: auth.c
On Thu, Dec 13, 2012 at 07:31:46PM +0100, Maxime Villard wrote: Hi, I was looking at some openssh code when I spotted a mistake applied, thanks. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.