diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2012-10-08 21:50:08 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2012-10-12 14:45:54 +0200 |
commit | b1287cd946b40fd5b668378c5d7b4cc17dbc699d (patch) | |
tree | 2f6736c3e0bbfe21987e96ff017844fe2447828d /src/server.c | |
parent | a660177a6e24527b97172d242a6e40f9c41fb6c1 (diff) | |
download | libssh-b1287cd946b40fd5b668378c5d7b4cc17dbc699d.tar.gz libssh-b1287cd946b40fd5b668378c5d7b4cc17dbc699d.tar.xz libssh-b1287cd946b40fd5b668378c5d7b4cc17dbc699d.zip |
server: Use strncat instead of strcat.
This is just hardening the code.
Found by Coverity.
Diffstat (limited to 'src/server.c')
-rw-r--r-- | src/server.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/server.c b/src/server.c index 511d95b9..8db21b43 100644 --- a/src/server.c +++ b/src/server.c @@ -580,16 +580,24 @@ static int ssh_message_auth_reply_default(ssh_message msg,int partial) { session->auth_methods = SSH_AUTH_METHOD_PUBLICKEY | SSH_AUTH_METHOD_PASSWORD; } if (session->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) { - strcat(methods_c, "publickey,"); + strncat(methods_c, "publickey,", + sizeof(methods_c) - strlen(methods_c) - 1); } if (session->auth_methods & SSH_AUTH_METHOD_INTERACTIVE) { - strcat(methods_c, "keyboard-interactive,"); + strncat(methods_c, "keyboard-interactive,", + sizeof(methods_c) - strlen(methods_c) - 1); } if (session->auth_methods & SSH_AUTH_METHOD_PASSWORD) { - strcat(methods_c, "password,"); + strncat(methods_c, "password,", + sizeof(methods_c) - strlen(methods_c) - 1); } if (session->auth_methods & SSH_AUTH_METHOD_HOSTBASED) { - strcat(methods_c, "hostbased,"); + strncat(methods_c, "hostbased,", + sizeof(methods_c) - strlen(methods_c) - 1); + } + + if (methods_c[0] == '\0' || strlen(methods_c) != ',') { + return SSH_ERROR; } /* Strip the comma. */ |