openssh unix dev - Mar 2000 - Few question...

Hello

I have few questions about openssh...

1/ there is probably bug in auth-password.c in auth_password function

	if (pw->pw_uid == 0 && options.permit_root_login == 2)
		return 0;
	if (*password == '\0' && options.permit_empty_passwd == 0)
		return 0;
	/* deny if no user. */
	if (pw == NULL)	<----------- this should be first checked ....
		return 0;

2/ do I have to always read whole packed ? In example: I send packet with
int and string
as a data. Can I forget about reading string when I don't need it or there
is a possibility
of memory fragmentation ?


-
Waldemar Thiel (wth at id.pl)

On Mon, Mar 27, 2000 at 06:52:35PM +0200, Waldemar Thiel
wrote:
> 1/ there is probably bug in auth-password.c in auth_password function
> 
> 	if (pw->pw_uid == 0 && options.permit_root_login == 2)
> 		return 0;
> 	if (*password == '\0' && options.permit_empty_passwd == 0)
> 		return 0;
> 	/* deny if no user. */
> 	if (pw == NULL)	<----------- this should be first checked ....
> 		return 0;
this has been fixed in December. are you using a recent version?
> 2/ do I have to always read whole packed ? In example: I send packet with
> int and string
> as a data. Can I forget about reading string when I don't need it or
there
> is a possibility
> of memory fragmentation ?
i assume you are talking about packet_get_int() and packet_get_string():
no, you don't need to add matching packet_get_string() calls on the
receving side. the next packet_read() discards the current packet.
note that you need to xfree() the string returned by packet_get_string().

-markus

PS: are you extending the protocol?