• Damien Miller's avatar
    - djm@cvs.openbsd.org 2010/08/31 09:58:37 · da108ece
    Damien Miller authored
         [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
         [packet.h ssh-dss.c ssh-rsa.c]
         Add buffer_get_cstring() and related functions that verify that the
         string extracted from the buffer contains no embedded \0 characters*
         This prevents random (possibly malicious) crap from being appended to
         strings where it would not be noticed if the string is used with
         a string(3) function.
    
         Use the new API in a few sensitive places.
    
         * actually, we allow a single one at the end of the string for now because
         we don't know how many deployed implementations get this wrong, but don't
         count on this to remain indefinitely.
    da108ece
auth2.c 9.97 KB