Bug 1615

Summary: the pathname length of home directory is limited to less than 256 chars
Product: Portable OpenSSH Reporter: jchadima
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: normal CC: dtucker
Priority: P2    
Version: 5.2p1   
Hardware: Other   
OS: Linux   
Attachments:
Description Flags
patch solving the problem
none
the patch version 2 none

Description jchadima 2009-06-30 22:10:04 AEST 
Created attachment 1656 [details]
patch solving the problem

on some obscure instalation the $HOME is enormly long.
Comment 1 Darren Tucker 2009-07-01 11:53:04 AEST 
Are you sure that's all that's needed?  That buf gets used with:

snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE);

which will also truncate.
Comment 2 jchadima 2009-07-02 00:33:18 AEST 
Created attachment 1657 [details]
the patch version 2

You are right. The patch#2 solves the whole problem.
Comment 3 Darren Tucker 2009-07-02 15:07:30 AEST 
We ended up with something similar but with some extra checks for snprintf return values:

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.c.diff?r1=text&tr1=1.325&r2=text&tr2=1.326

Thanks, this will be in the next release.
Comment 4 Damien Miller 2009-10-06 15:03:22 AEDT 
Mass move of RESOLVED bugs to CLOSED now that 5.3 is out.