Created attachment 3041 [details] Increase prompt buffer sizes to fit text sshconnect2.c: In function ‘userauth_passwd’: sshconnect2.c:909:42: warning: ‘%.128s’ directive output may be truncated writing up to 128 bytes into a region of size between 119 and 149 [-Wformat-truncation=] snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", ^~~~~~ In file included from /usr/include/stdio.h:938:0, from /usr/include/bsd/libutil.h:46, from includes.h:141, from sshconnect2.c:27: /usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 15 and 173 bytes into a destination of size 150 return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ __bos (__s), __fmt, __va_arg_pack ()); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sshconnect2.c: In function ‘input_userauth_passwd_changereq’: sshconnect2.c:960:19: warning: ‘%.128s’ directive output may be truncated writing up to 128 bytes into a region of size between 113 and 143 [-Wformat-truncation=] "Enter %.30s@%.128s's old password: ", ^~~~~~ In file included from /usr/include/stdio.h:938:0, from /usr/include/bsd/libutil.h:46, from includes.h:141, from sshconnect2.c:27: /usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 25 and 183 bytes into a destination of size 150 return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ __bos (__s), __fmt, __va_arg_pack ()); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sshconnect2.c:969:20: warning: ‘%.128s’ directive output may be truncated writing up to 128 bytes into a region of size between 113 and 143 [-Wformat-truncation=] "Enter %.30s@%.128s's new password: ", ^~~~~~ In file included from /usr/include/stdio.h:938:0, from /usr/include/bsd/libutil.h:46, from includes.h:141, from sshconnect2.c:27: /usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 25 and 183 bytes into a destination of size 150 return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ __bos (__s), __fmt, __va_arg_pack ()); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sshconnect2.c:977:21: warning: ‘%.128s’ directive output may be truncated writing up to 128 bytes into a region of size between 112 and 142 [-Wformat-truncation=] "Retype %.30s@%.128s's new password: ", ^~~~~~ In file included from /usr/include/stdio.h:938:0, from /usr/include/bsd/libutil.h:46, from includes.h:141, from sshconnect2.c:27: /usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 26 and 184 bytes into a destination of size 150 return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ __bos (__s), __fmt, __va_arg_pack ()); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The relevant buffers are just plain too small. Patch attached.
Looks reasonable, sending upstream (but with slightly larger buffers).
Committed upstream, it'll be synced into portable in due course. Thanks.
Close all resolved bugs after release of OpenSSH 7.7.