Page MenuHomeFreeBSD
Files F137325424

D49832.id153664.diff
No OneTemporary
Actions

D49832.id153664.diff
View Options

diff --git a/contrib/telnet/libtelnet/sra.c b/contrib/telnet/libtelnet/sra.c
--- a/contrib/telnet/libtelnet/sra.c
+++ b/contrib/telnet/libtelnet/sra.c
@@ -241,9 +241,10 @@
void
sra_reply(Authenticator *ap, unsigned char *data, int cnt)
{
- char uprompt[256],tuser[256];
+ char uprompt[256 + 10]; /* +10 for "User (): " */
+ char tuser[256];
Session_Key skey;
- size_t i;
+ size_t i, len;
if (cnt-- < 1)
return;
@@ -266,8 +267,15 @@
/* encode user */
memset(tuser,0,sizeof(tuser));
- sprintf(uprompt,"User (%s): ",UserNameRequested);
- telnet_gets(uprompt,tuser,255,1);
+ len = snprintf(uprompt, sizeof(uprompt), "User (%s): ",
+ UserNameRequested);
+ if (len >= sizeof(uprompt)) {
+ if (auth_debug_mode) {
+ printf("SRA user name too long\r\n");
+ }
+ return;
+ }
+ telnet_gets(uprompt, tuser, sizeof(tuser) - 1, 1);
if (tuser[0] == '\n' || tuser[0] == '\r' )
strcpy(user,UserNameRequested);
else {

File Metadata

Mime Type
text/plain
Expires
Sun, Nov 23, 12:02 PM (35 m, 29 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
26013308
Default Alt Text
D49832.id153664.diff (950 B)

Event Timeline