diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2025-10-06 12:29:14 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2025-10-06 12:29:14 +0000 |
| commit | 6409980cbba7323bd1c86249ed16f8bea9fa5490 (patch) | |
| tree | 3710eb5988e5c6b0dd82c46413e96bba7cd18544 /auth2-chall.c | |
| parent | 9792a032f0a99557271d6b7f7b0a955386c1fdbe (diff) | |
Diffstat (limited to 'auth2-chall.c')
| -rw-r--r-- | auth2-chall.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/auth2-chall.c b/auth2-chall.c index 021df8291736..a6d916598263 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.54 2020/10/18 11:32:01 djm Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.57 2025/10/02 08:38:43 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -154,7 +154,7 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) { size_t len; char *t; - int i; + size_t i; if (kbdintctxt->device) kbdint_reset_device(kbdintctxt); @@ -165,11 +165,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) if (len == 0) break; for (i = 0; devices[i]; i++) { + if (i >= sizeof(kbdintctxt->devices_done) * 8 || + i >= sizeof(devices) / sizeof(devices[0])) + fatal_f("internal error: too may devices"); if ((kbdintctxt->devices_done & (1 << i)) != 0 || !auth2_method_allowed(authctxt, "keyboard-interactive", devices[i]->name)) continue; - if (strncmp(kbdintctxt->devices, devices[i]->name, + if (strlen(devices[i]->name) == len && + memcmp(kbdintctxt->devices, devices[i]->name, len) == 0) { kbdintctxt->device = devices[i]; kbdintctxt->devices_done |= 1 << i; |