From: Jacob Nevins Date: Tue, 17 Aug 2004 14:08:05 +0000 (+0000) Subject: Someone complained that their keyboard-interactive password prompt was being X-Git-Tag: 0.56~53 X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;ds=sidebyside;h=1af5523edcc4181b9d55da57922861a446cea567;p=PuTTY.git Someone complained that their keyboard-interactive password prompt was being truncated - it was from OpenSSH on HP/UX and had all sorts of stuff in it ("last successful login" etc). Bodged it by bumping up the space allocated in the fixed array for a password prompt. Also added an indication that the prompt is being truncated, as required by draft-ietf-secsh-auth-kbdinteract-06. (NB that before this checkin, there was a more-or-less harmless buffer overread where if we ever received a keyboard-interactive prompt with echo=1, we'd probably spew goo on the terminal; fixed now.) [originally from svn r4476] --- diff --git a/ssh.c b/ssh.c index 77bb4594..8ae552f3 100644 --- a/ssh.c +++ b/ssh.c @@ -4610,7 +4610,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) int num_prompts, curr_prompt, echo; char username[100]; int got_username; - char pwprompt[200]; + char pwprompt[512]; char password[100]; void *publickey_blob; int publickey_bloblen; @@ -5189,9 +5189,16 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) ssh_pkt_getstring(ssh, &prompt, &prompt_len); if (prompt_len > 0) { - strncpy(s->pwprompt, prompt, sizeof(s->pwprompt)); - s->pwprompt[prompt_len < sizeof(s->pwprompt) ? - prompt_len : sizeof(s->pwprompt)-1] = '\0'; + static const char trunc[] = ": "; + static const int prlen = sizeof(s->pwprompt) - + lenof(trunc); + if (prompt_len > prlen) { + memcpy(s->pwprompt, prompt, prlen); + strcpy(s->pwprompt + prlen, trunc); + } else { + memcpy(s->pwprompt, prompt, prompt_len); + s->pwprompt[prompt_len] = '\0'; + } } else { strcpy(s->pwprompt, ": ");