CVSROOT: /cvs Module name: src Changes by: mill...@cvs.openbsd.org 2023/03/15 11:01:35
Modified files:
lib/libskey : skeylogin.c
Log message:
Fix the length check when computing a fake challenge for users not
in the S/Key database. If the system hostname is longer than 126
characters this could result in NUL bytes being written past the
end of a stack buffer. There is no impact on systems with a hostname
126 characters or less. Found by Qualys. OK deraadt@
