Someone complained that their keyboard-interactive password prompt was being

truncated - it was from OpenSSH on HP/UX and had all sorts of stuff in it ("last successful login" etc). Bodged it by bumping up the space allocated in the fixed array for a password prompt. Also added an indication that the prompt is being truncated, as required by draft-ietf-secsh-auth-kbdinteract-06. (NB that before this checkin, there was a more-or-less harmless buffer overread where if we ever received a keyboard-interactive prompt with echo=1, we'd probably spew goo on the terminal; fixed now.) [originally from svn r4476]
2025-05-28 23:34:49 -05:00 · 2004-08-17 14:08:05 +00:00 · 2004-08-17 14:08:05 +00:00 · 1af5523edc
commit 1af5523edc
parent e8b2b6a5dc
1 changed files with 11 additions and 4 deletions
--- a/ssh.c
+++ b/ssh.c
@ -4610,7 +4610,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 	int num_prompts, curr_prompt, echo;
 	char username[100];
 	int got_username;
-	char pwprompt[200];
+	char pwprompt[512];
 	char password[100];
 	void *publickey_blob;
 	int publickey_bloblen;
@ -5189,9 +5189,16 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)

 		    ssh_pkt_getstring(ssh, &prompt, &prompt_len);
 		    if (prompt_len > 0) {
-			strncpy(s->pwprompt, prompt, sizeof(s->pwprompt));
-			s->pwprompt[prompt_len < sizeof(s->pwprompt) ?
-				    prompt_len : sizeof(s->pwprompt)-1] = '\0';
+			static const char trunc[] = "<prompt truncated>: ";
+			static const int prlen = sizeof(s->pwprompt) -
+						 lenof(trunc);
+			if (prompt_len > prlen) {
+			    memcpy(s->pwprompt, prompt, prlen);
+			    strcpy(s->pwprompt + prlen, trunc);
+			} else {
+			    memcpy(s->pwprompt, prompt, prompt_len);
+			    s->pwprompt[prompt_len] = '\0';
+			}
 		    } else {
 			strcpy(s->pwprompt,
 			       "<server failed to send prompt>: ");