Someone complained that their keyboard-interactive password prompt was being

truncated - it was from OpenSSH on HP/UX and had all sorts of stuff in it
("last successful login" etc).

Bodged it by bumping up the space allocated in the fixed array for a password
prompt. Also added an indication that the prompt is being truncated, as
required by draft-ietf-secsh-auth-kbdinteract-06.

(NB that before this checkin, there was a more-or-less harmless buffer overread
where if we ever received a keyboard-interactive prompt with echo=1, we'd
probably spew goo on the terminal; fixed now.)

[originally from svn r4476]

ssh.c

@@ -4610,7 +4610,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 	int num_prompts, curr_prompt, echo;
 	char username[100];
 	int got_username;
-	char pwprompt[200];
+	char pwprompt[512];
 	char password[100];
 	void *publickey_blob;
 	int publickey_bloblen;
@@ -5189,9 +5189,16 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 
 		    ssh_pkt_getstring(ssh, &prompt, &prompt_len);
 		    if (prompt_len > 0) {
-			strncpy(s->pwprompt, prompt, sizeof(s->pwprompt));
+			static const char trunc[] = "<prompt truncated>: ";
-			s->pwprompt[prompt_len < sizeof(s->pwprompt) ?
+			static const int prlen = sizeof(s->pwprompt) -
-				    prompt_len : sizeof(s->pwprompt)-1] = '\0';
+						 lenof(trunc);
+			if (prompt_len > prlen) {
+			    memcpy(s->pwprompt, prompt, prlen);
+			    strcpy(s->pwprompt + prlen, trunc);
+			} else {
+			    memcpy(s->pwprompt, prompt, prompt_len);
+			    s->pwprompt[prompt_len] = '\0';
+			}
 		    } else {
 			strcpy(s->pwprompt,
 			       "<server failed to send prompt>: ");