From 286a706394bccaabf47b2cf8b722df1fc28e3f08 Mon Sep 17 00:00:00 2001
From: Xiang Xiao <xiaoxiang@xiaomi.com>
Date: Thu, 13 May 2021 11:50:37 +0800
Subject: [PATCH] scp: Avoid allocate 8KB stack buffer in ssh_scp_deny_request

since ssh_scp_deny_request is seldom called, let's
utilize malloc to reserve the precise size memory.

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Change-Id: I8e7a6d3153cff7691329b9487cd534a7f2887a35
---
 src/scp.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/scp.c b/src/scp.c
index 946966ea..2e4b8620 100644
--- a/src/scp.c
+++ b/src/scp.c
@@ -881,7 +881,8 @@ error:
  */
 int ssh_scp_deny_request(ssh_scp scp, const char *reason)
 {
-    char buffer[MAX_BUF_SIZE] = {0};
+    char *buffer = NULL;
+    size_t len;
     int rc;
 
     if (scp == NULL) {
@@ -894,8 +895,15 @@ int ssh_scp_deny_request(ssh_scp scp, const char *reason)
         return SSH_ERROR;
     }
 
-    snprintf(buffer, sizeof(buffer), "%c%s\n", 2, reason);
-    rc = ssh_channel_write(scp->channel, buffer, strlen(buffer));
+    len = strlen(reason) + 3;
+    buffer = malloc(len);
+    if (buffer == NULL) {
+        return SSH_ERROR;
+    }
+
+    snprintf(buffer, len, "%c%s\n", 2, reason);
+    rc = ssh_channel_write(scp->channel, buffer, len - 1);
+    free(buffer);
     if (rc == SSH_ERROR) {
         return SSH_ERROR;
     }