Tue Apr 14 11:53:40 2009 UTC ()
Fix two bugs in handling banners in sshconnect2:
1) If the length of the banner is zero, don't bother printing it.
   This can happen if the remote server has a zero-length /etc/issue
   file.  Previously, ssh would die with "xmalloc: zero size".
2) strvisx() needs an extra byte for the nul terminator.


(apb)
diff -r1.34 -r1.35 src/crypto/dist/ssh/sshconnect2.c
cvs diff -r1.34 -r1.35 src/crypto/dist/ssh/Attic/sshconnect2.c (expand / switch to unified diff)

--- src/crypto/dist/ssh/Attic/sshconnect2.c 2009/02/16 20:53:55 1.34
+++ src/crypto/dist/ssh/Attic/sshconnect2.c 2009/04/14 11:53:40 1.35
@@ -1,41 +1,41 @@ @@ -1,41 +1,41 @@
1/* $NetBSD: sshconnect2.c,v 1.34 2009/02/16 20:53:55 christos Exp $ */ 1/* $NetBSD: sshconnect2.c,v 1.35 2009/04/14 11:53:40 apb Exp $ */
2/* $OpenBSD: sshconnect2.c,v 1.166 2008/07/17 08:48:00 djm Exp $ */ 2/* $OpenBSD: sshconnect2.c,v 1.166 2008/07/17 08:48:00 djm Exp $ */
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
14 * 14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28__RCSID("$NetBSD: sshconnect2.c,v 1.34 2009/02/16 20:53:55 christos Exp $"); 28__RCSID("$NetBSD: sshconnect2.c,v 1.35 2009/04/14 11:53:40 apb Exp $");
29 29
30#include <sys/queue.h> 30#include <sys/queue.h>
31 31
32#ifdef KRB5 32#ifdef KRB5
33#include <krb5.h> 33#include <krb5.h>
34#endif 34#endif
35#include <sys/types.h> 35#include <sys/types.h>
36#include <sys/socket.h> 36#include <sys/socket.h>
37#include <sys/wait.h> 37#include <sys/wait.h>
38#include <sys/queue.h> 38#include <sys/queue.h>
39#include <sys/stat.h> 39#include <sys/stat.h>
40 40
41#include <errno.h> 41#include <errno.h>
@@ -410,31 +410,31 @@ input_userauth_error(int type, u_int32_t @@ -410,31 +410,31 @@ input_userauth_error(int type, u_int32_t
410 fatal("input_userauth_error: bad message during authentication: " 410 fatal("input_userauth_error: bad message during authentication: "
411 "type %d", type); 411 "type %d", type);
412} 412}
413 413
414void 414void
415input_userauth_banner(int type, u_int32_t seq, void *ctxt) 415input_userauth_banner(int type, u_int32_t seq, void *ctxt)
416{ 416{
417 char *msg, *raw, *lang; 417 char *msg, *raw, *lang;
418 u_int len; 418 u_int len;
419 419
420 debug3("input_userauth_banner"); 420 debug3("input_userauth_banner");
421 raw = packet_get_string(&len); 421 raw = packet_get_string(&len);
422 lang = packet_get_string(NULL); 422 lang = packet_get_string(NULL);
423 if (options.log_level >= SYSLOG_LEVEL_INFO) { 423 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
424 if (len > 65536) 424 if (len > 65536)
425 len = 65536; 425 len = 65536;
426 msg = xmalloc(len * 4); /* max expansion from strnvis() */ 426 msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
427 strvisx(msg, raw, len * 4, VIS_SAFE|VIS_OCTAL); 427 strvisx(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL);
428 fprintf(stderr, "%s", msg); 428 fprintf(stderr, "%s", msg);
429 xfree(msg); 429 xfree(msg);
430 } 430 }
431 xfree(raw); 431 xfree(raw);
432 xfree(lang); 432 xfree(lang);
433} 433}
434 434
435void 435void
436input_userauth_success(int type, u_int32_t seq, void *ctxt) 436input_userauth_success(int type, u_int32_t seq, void *ctxt)
437{ 437{
438 Authctxt *authctxt = ctxt; 438 Authctxt *authctxt = ctxt;
439 if (authctxt == NULL) 439 if (authctxt == NULL)
440 fatal("input_userauth_success: no authentication context"); 440 fatal("input_userauth_success: no authentication context");