[src/netbsd-1-5]: src/crypto/dist/ssh Apply patch (requested by he):

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/e74ac3cd6e03
branches:  netbsd-1-5
changeset: 493168:e74ac3cd6e03
user:      he <he%NetBSD.org@localhost>
date:      Wed Jun 26 19:30:59 2002 +0000

description:
Apply patch (requested by he):
  Pull in a point patch for the preauth security vulnerability,
  taken from http://www.openssh.com/txt/preauth.adv.

diffstat:

 crypto/dist/ssh/auth2-chall.c |  4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diffs (18 lines):

diff -r d0963112682d -r e74ac3cd6e03 crypto/dist/ssh/auth2-chall.c
--- a/crypto/dist/ssh/auth2-chall.c     Wed Jun 26 17:44:52 2002 +0000
+++ b/crypto/dist/ssh/auth2-chall.c     Wed Jun 26 19:30:59 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: auth2-chall.c,v 1.1.1.1.2.3 2001/12/10 23:52:45 he Exp $       */
+/*     $NetBSD: auth2-chall.c,v 1.1.1.1.2.4 2002/06/26 19:30:59 he Exp $       */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2001 Per Allansson.  All rights reserved.
@@ -244,6 +244,8 @@
 
        authctxt->postponed = 0;        /* reset */
        nresp = packet_get_int();
+       if (nresp > 100)
+               fatal("input_userauth_info_response: nresp too big %u", nresp);
        if (nresp > 0) {
                response = xmalloc(nresp * sizeof(char*));
                for (i = 0; i < nresp; i++)