lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-02 01:17:52 +03:00
Code Activity

auth1: Fix ssh_string usage.

Browse Source
This commit is contained in:
Andreas Schneider
2011-09-08 15:27:09 +02:00
parent 09da9418cc
commit 55c758d079
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/auth1.c
View File

@@ -162,19 +162,21 @@ int ssh_userauth1_password(ssh_session session, const char *username,
return SSH_AUTH_ERROR; return SSH_AUTH_ERROR;
} }
} else { } else {
char buf[128] = {0};
/* fill the password string from random things. the strcpy /* fill the password string from random things. the strcpy
* ensure there is at least a nul byte after the password. * ensure there is at least a nul byte after the password.
* most implementation won't see the garbage at end. * most implementation won't see the garbage at end.
* why garbage ? because nul bytes will be compressed by * why garbage ? because nul bytes will be compressed by
* gzip and disclose password len. * gzip and disclose password len.
*/ */
pwd = ssh_string_new(128); pwd = ssh_string_new(sizeof(buf));
if (pwd == NULL) { if (pwd == NULL) {
leave_function(); leave_function();
return SSH_AUTH_ERROR; return SSH_AUTH_ERROR;
} }
ssh_get_random( pwd->string, 128, 0); ssh_get_random(buf, sizeof(buf), 0);
strcpy((char *) pwd->string, password); strcpy(buf, password);
ssh_string_fill(pwd, buf, sizeof(buf));
} }
if (buffer_add_u8(session->out_buffer, SSH_CMSG_AUTH_PASSWORD) < 0) { if (buffer_add_u8(session->out_buffer, SSH_CMSG_AUTH_PASSWORD) < 0) {