Package: rssh / 2.3.4-5+deb9u4

0003-Fix-buffer-allocation-buffer-for-fail-message.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
From: Russ Allbery <rra@debian.org>
Date: Sat, 7 Dec 2013 18:32:55 -0800
Subject: Fix buffer allocation buffer for fail message

The failure log message when the user isn't permitted to run the
command they're attempting includes a summary of the commands the
user is allowed to run.  The allocation for that string was not
reserving space for the nul byte at the end of the string, causing
a one-byte overwrite past the end of the string.
---
 util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util.c b/util.c
index 3affc0a..ef1a5d8 100644
--- a/util.c
+++ b/util.c
@@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv )
 	/* create msg indicating what is allowed */
 	if ( !size ) cmd = "This user is locked out.";
 	else {
-		size += 18;
+		size += 18 + 1;
 		if ( !(cmd = (char *)malloc(size)) ){
 			log_msg("fatal error: out of mem allocating log msg");
 			exit(1);