aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2012-10-08 21:50:08 +0200
committerAndreas Schneider <asn@cryptomilk.org>2012-10-12 14:45:54 +0200
commitb1287cd946b40fd5b668378c5d7b4cc17dbc699d (patch)
tree2f6736c3e0bbfe21987e96ff017844fe2447828d /src
parenta660177a6e24527b97172d242a6e40f9c41fb6c1 (diff)
downloadlibssh-b1287cd946b40fd5b668378c5d7b4cc17dbc699d.tar.gz
libssh-b1287cd946b40fd5b668378c5d7b4cc17dbc699d.tar.xz
libssh-b1287cd946b40fd5b668378c5d7b4cc17dbc699d.zip
server: Use strncat instead of strcat.
This is just hardening the code. Found by Coverity.
Diffstat (limited to 'src')
-rw-r--r--src/server.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/src/server.c b/src/server.c
index 511d95b9..8db21b43 100644
--- a/src/server.c
+++ b/src/server.c
@@ -580,16 +580,24 @@ static int ssh_message_auth_reply_default(ssh_message msg,int partial) {
session->auth_methods = SSH_AUTH_METHOD_PUBLICKEY | SSH_AUTH_METHOD_PASSWORD;
}
if (session->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
- strcat(methods_c, "publickey,");
+ strncat(methods_c, "publickey,",
+ sizeof(methods_c) - strlen(methods_c) - 1);
}
if (session->auth_methods & SSH_AUTH_METHOD_INTERACTIVE) {
- strcat(methods_c, "keyboard-interactive,");
+ strncat(methods_c, "keyboard-interactive,",
+ sizeof(methods_c) - strlen(methods_c) - 1);
}
if (session->auth_methods & SSH_AUTH_METHOD_PASSWORD) {
- strcat(methods_c, "password,");
+ strncat(methods_c, "password,",
+ sizeof(methods_c) - strlen(methods_c) - 1);
}
if (session->auth_methods & SSH_AUTH_METHOD_HOSTBASED) {
- strcat(methods_c, "hostbased,");
+ strncat(methods_c, "hostbased,",
+ sizeof(methods_c) - strlen(methods_c) - 1);
+ }
+
+ if (methods_c[0] == '\0' || strlen(methods_c) != ',') {
+ return SSH_ERROR;
}
/* Strip the comma. */