summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2003-09-16 16:00:52 +1000
committerDamien Miller <djm@mindrot.org>2003-09-16 16:00:52 +1000
commit04a1d8d67df05ebd44aad49a2e28c2bd0184fec5 (patch)
treec4f6834ea3feb020d4dedf3071c19d48515c724f
parent5502e5895d0641991e2ff1f530221b928ca8edca (diff)
- (djm) Banish sprintf from auth-pam.c. Patch from bal
-rw-r--r--ChangeLog5
-rw-r--r--auth-pam.c20
2 files changed, 14 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index 808c5030..b5505da1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,8 +8,9 @@
[buffer.c]
do not expand buffer before attempting to reallocate it; markus ok
- (djm) Crank spec versions
- - (djm) Release 3.7p1
+ - (djm) Banish (safe) sprintf from auth-pam.c. Patch from bal
- (tim) [configure.ac] Fix portability issues.
+ - (djm) Release 3.7p1
20030914
- (dtucker) [Makefile regress/Makefile] Fix portability issues preventing
@@ -1106,4 +1107,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.2994.2.3 2003/09/16 05:48:15 tim Exp $
+$Id: ChangeLog,v 1.2994.2.4 2003/09/16 06:00:52 djm Exp $
diff --git a/auth-pam.c b/auth-pam.c
index 806c8086..754cbf6d 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -31,7 +31,7 @@
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h"
-RCSID("$Id: auth-pam.c,v 1.72 2003/09/13 12:12:11 dtucker Exp $");
+RCSID("$Id: auth-pam.c,v 1.72.2.1 2003/09/16 06:00:52 djm Exp $");
#ifdef USE_PAM
#include <security/pam_appl.h>
@@ -672,17 +672,19 @@ do_pam_chauthtok(void)
int
do_pam_putenv(char *name, char *value)
{
- char *compound;
int ret = 1;
-
#ifdef HAVE_PAM_PUTENV
- compound = xmalloc(strlen(name)+strlen(value)+2);
- if (compound) {
- sprintf(compound,"%s=%s",name,value);
- ret = pam_putenv(sshpam_handle,compound);
- xfree(compound);
- }
+ char *compound;
+ size_t len;
+
+ len = strlen(name) + strlen(value) + 2;
+ compound = xmalloc(len);
+
+ snprintf(compound, len, "%s=%s", name, value);
+ ret = pam_putenv(sshpam_handle, compound);
+ xfree(compound);
#endif
+
return (ret);
}