From 0e4e214ce1271af1ed26f8f38ed123bd34193d40 Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 6 Dec 2017 05:06:21 +0000 Subject: [PATCH] don't accept junk after "yes" or "no" responses to hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@ --- usr.bin/ssh/sshconnect.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index cc5c3246ef0..4359ed36109 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.288 2017/11/25 06:46:22 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.289 2017/12/06 05:06:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -619,11 +619,12 @@ confirm(const char *prompt) return 0; for (msg = prompt;;msg = again) { p = read_passphrase(msg, RP_ECHO); - if (p == NULL || - (p[0] == '\0') || (p[0] == '\n') || - strncasecmp(p, "no", 2) == 0) + if (p == NULL) + return 0; + p[strcspn(p, "\n")] = '\0'; + if (p[0] == '\0' || strcasecmp(p, "no") == 0) ret = 0; - if (p && strncasecmp(p, "yes", 3) == 0) + else if (strcasecmp(p, "yes") == 0) ret = 1; free(p); if (ret != -1) -- 2.20.1