Mercurial > dropbear
diff svr-authpubkey.c @ 1630:9579377b5f8b
use strlcpy & strlcat (#74)
* refactor checkpubkeyperms() with safe BSD functions
fix gcc8 warnings
```
svr-authpubkey.c: In function 'checkpubkeyperms':
svr-authpubkey.c:427:2: warning: 'strncat' specified bound 5 equals source length [-Wstringop-overflow=]
strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
svr-authpubkey.c:433:2: warning: 'strncat' specified bound 16 equals source length [-Wstringop-overflow=]
strncat(filename, "/authorized_keys", 16);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
see https://www.sudo.ws/todd/papers/strlcpy.html
* restore strlcpy in xstrdup
see original https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/xmalloc.c?rev=1.16
author | François Perrad <francois.perrad@gadz.org> |
---|---|
date | Wed, 20 Mar 2019 15:09:19 +0100 |
parents | 1fbe598a14fb |
children | 592a18dac250 |
line wrap: on
line diff
--- a/svr-authpubkey.c Wed Mar 20 15:03:40 2019 +0100 +++ b/svr-authpubkey.c Wed Mar 20 15:09:19 2019 +0100 @@ -424,8 +424,9 @@ /* allocate max required pathname storage, * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ - filename = m_malloc(len + 22); - strncpy(filename, ses.authstate.pw_dir, len+1); + len += 22; + filename = m_malloc(len); + strlcpy(filename, ses.authstate.pw_dir, len); /* check ~ */ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { @@ -433,13 +434,13 @@ } /* check ~/.ssh */ - strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ + strlcat(filename, "/.ssh", len); if (checkfileperm(filename) != DROPBEAR_SUCCESS) { goto out; } /* now check ~/.ssh/authorized_keys */ - strncat(filename, "/authorized_keys", 16); + strlcat(filename, "/authorized_keys", len); if (checkfileperm(filename) != DROPBEAR_SUCCESS) { goto out; }