From b1287cd946b40fd5b668378c5d7b4cc17dbc699d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 8 Oct 2012 21:50:08 +0200
Subject: server: Use strncat instead of strcat.

This is just hardening the code.

Found by Coverity.
---
 src/server.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/server.c b/src/server.c
index 511d95b9..8db21b43 100644
--- a/src/server.c
+++ b/src/server.c
@@ -580,16 +580,24 @@ static int ssh_message_auth_reply_default(ssh_message msg,int partial) {
     session->auth_methods = SSH_AUTH_METHOD_PUBLICKEY | SSH_AUTH_METHOD_PASSWORD;
   }
   if (session->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
-    strcat(methods_c, "publickey,");
+    strncat(methods_c, "publickey,",
+            sizeof(methods_c) - strlen(methods_c) - 1);
   }
   if (session->auth_methods & SSH_AUTH_METHOD_INTERACTIVE) {
-    strcat(methods_c, "keyboard-interactive,");
+    strncat(methods_c, "keyboard-interactive,",
+            sizeof(methods_c) - strlen(methods_c) - 1);
   }
   if (session->auth_methods & SSH_AUTH_METHOD_PASSWORD) {
-    strcat(methods_c, "password,");
+    strncat(methods_c, "password,",
+            sizeof(methods_c) - strlen(methods_c) - 1);
   }
   if (session->auth_methods & SSH_AUTH_METHOD_HOSTBASED) {
-    strcat(methods_c, "hostbased,");
+    strncat(methods_c, "hostbased,",
+            sizeof(methods_c) - strlen(methods_c) - 1);
+  }
+
+  if (methods_c[0] == '\0' || strlen(methods_c) != ',') {
+      return SSH_ERROR;
   }
 
   /* Strip the comma. */
-- 
cgit v1.2.3