cvs commit: src/crypto/openssh sshconnect2.c

[bf]

Re: SVN rev 183568 on 2008-10-03 10:40:26Z by des

For what it's worth, from OpenBSD CVS (I don't know whether the "as is
fairly typical" below is griping about lack of feedback from downstream in
general, or whether des@ in particular is acquiring a reputation as the
"John Bolton of software maintainers" in certain quarters ;)  ):

"deraadt at src / 2008-10-03 23:56:28 UTC

openbsd/OpenBSD: src/usr.bin/ssh sshconnect2.c

Repair strnvis() buffersize of 4*n+1, with termination gauranteed[sic] by
the function. spotted by des at freebsd, who commited an incorrect fix to
the freebsd tree and (as is fairly typical) did not report the problem to
us.  But this fix is correct.

ok djm

Files rc/usr.bin/ssh/sshconnect2.c"

with the diff (

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshconnect2.c.diff?r1=1.167&r2=1.168

):

===================================================================
RCS file: /usr/OpenBSD/cvs/src/usr.bin/ssh/sshconnect2.c,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -r1.167 -r1.168
--- src/usr.bin/ssh/sshconnect2.c       2008/07/31 14:48:28     1.167
+++ src/usr.bin/ssh/sshconnect2.c       2008/10/03 23:56:28     1.168
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.167 2008/07/31 14:48:28 markus Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.168 2008/10/03 23:56:28 deraadt Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -380,8 +380,8 @@
        if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
                if (len > 65536)
                        len = 65536;
-               msg = xmalloc(len * 4); /* max expansion from strnvis() */
-               strnvis(msg, raw, len * 4, VIS_SAFE|VIS_OCTAL);
+               msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
+               strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL);
                fprintf(stderr, "%s", msg);
                xfree(msg);
        }