Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: OPENBSD_5_0_BASE
Revision 1.75 / (download) - annotate - [select for diffs], Tue Aug 31 09:58:37 2010 UTC (13 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.74: +3 -3 lines
Diff to previous 1.74 (colored)
Add buffer_get_cstring() and related functions that verify that the string extracted from the buffer contains no embedded \0 characters* This prevents random (possibly malicious) crap from being appended to strings where it would not be noticed if the string is used with a string(3) function. Use the new API in a few sensitive places. * actually, we allow a single one at the end of the string for now because we don't know how many deployed implementations get this wrong, but don't count on this to remain indefinitely.