Along the lines of the previous patch, here's one for auth2-pam.c.
The same applies, if you won't accept > 100 responses, you should never
send that many. Besides that, I've removed a bit of what is now obsolete
code.
There are two other bugs here which I haven't fixed.
1) if all the messages are just informational
(PAM_TEXT_INFO or PAM_ERROR_MSG), then the user doesn't see them.
2) information messages are not presented to the client in the correct order.
The fix for those two is simply to get rid of the loop in
do_pam_conversation_kbd_int() which checks the prompt style
(and just set context_pam2.num_expected = num_msg directly).
--- auth2-pam.c.orig Wed Jun 26 19:55:34 2002
+++ auth2-pam.c Wed Jun 26 20:00:24 2002
@@ -19,7 +19,7 @@
void input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt);
struct {
- int finished, num_received, num_expected;
+ int finished, num_expected;
int *prompts;
struct pam_response *responses;
} context_pam2 = {0, 0, 0, NULL};
@@ -55,8 +55,10 @@
int i, j, done;
char *text;
+ if (num_msg > 100)
+ fatal("%s: too many messages", __func__);
+
context_pam2.finished = 0;
- context_pam2.num_received = 0;
context_pam2.num_expected = 0;
context_pam2.prompts = xmalloc(sizeof(int) * num_msg);
context_pam2.responses = xmalloc(sizeof(struct pam_response) * num_msg);
@@ -120,11 +122,8 @@
debug("extra packet during conversation");
}
- if(context_pam2.num_received == context_pam2.num_expected) {
- *resp = context_pam2.responses;
- return PAM_SUCCESS;
- } else
- return PAM_CONV_ERR;
+ *resp = context_pam2.responses;
+ return PAM_SUCCESS;
}
void
@@ -156,7 +155,6 @@
context_pam2.responses[j].resp_retcode = PAM_SUCCESS;
context_pam2.responses[j].resp = xstrdup(resp);
xfree(resp);
- context_pam2.num_received++;
}
context_pam2.finished = 1;
/fc