Re: [PATCH] OpenSSH: auth.c
Le 14/12/2012 06:27, Darren Tucker a écrit :
On Thu, Dec 13, 2012 at 07:31:46PM +0100, Maxime Villard wrote:
Hi,
I was looking at some openssh code when I spotted a mistake
applied, thanks.
Another trivial patch. Make a more detailed error message.
Or, we should use strlcpy().
Ok ?
--- auth.c 2012-12-14 15:54:15.0 +0100
+++ auth.c 2012-12-14 16:22:01.897130976 +0100
@@ -367,7 +367,8 @@
/* for each component of the canonical path, walking upwards */
for (;;) {
if ((cp = dirname(buf)) == NULL) {
- snprintf(err, errlen, dirname() failed);
+ snprintf(err, errlen, dirname %s failed: %s, buf,
+ strerror(errno));
return -1;
}
strlcpy(buf, cp, sizeof(buf));
[PATCH] OpenSSH: auth.c
Hi,
I was looking at some openssh code when I spotted a mistake
in a function from auth.c:
static int
secure_filename(FILE *f, const char *file, struct passwd *pw,
char *err, size_t errlen)
{
char buf[MAXPATHLEN];
struct stat st;
/* check the open file to avoid races */
if (fstat(fileno(f), st) 0) {
snprintf(err, errlen, cannot stat file %s: %s,
buf, strerror(errno));
return -1;
}
return auth_secure_path(file, st, pw-pw_dir, pw-pw_uid, err, errlen);
}
'buf' is not initialized and used whereas it should be 'file'.
Patch:
--- auth.c 2012-12-08 12:51:32.0 +0100
+++ auth.c 2012-12-13 19:11:30.968193729 +0100
@@ -404,13 +404,12 @@
secure_filename(FILE *f, const char *file, struct passwd *pw,
char *err, size_t errlen)
{
- char buf[MAXPATHLEN];
struct stat st;
/* check the open file to avoid races */
if (fstat(fileno(f), st) 0) {
snprintf(err, errlen, cannot stat file %s: %s,
- buf, strerror(errno));
+ file, strerror(errno));
return -1;
}
return auth_secure_path(file, st, pw-pw_dir, pw-pw_uid, err, errlen);
Re: [PATCH] OpenSSH: auth.c
On Thu, Dec 13, 2012 at 07:31:46PM +0100, Maxime Villard wrote: Hi, I was looking at some openssh code when I spotted a mistake applied, thanks. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
