From owner-cvs-src@FreeBSD.ORG  Sat Oct  4 08:50:46 2008
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E7C1B106568D
	for <cvs-src@freebsd.org>; Sat,  4 Oct 2008 08:50:46 +0000 (UTC)
	(envelope-from bf2006a@yahoo.com)
Received: from web39104.mail.mud.yahoo.com (web39104.mail.mud.yahoo.com
	[209.191.87.32]) by mx1.freebsd.org (Postfix) with SMTP id AE5BF8FC14
	for <cvs-src@freebsd.org>; Sat,  4 Oct 2008 08:50:46 +0000 (UTC)
	(envelope-from bf2006a@yahoo.com)
Received: (qmail 51477 invoked by uid 60001); 4 Oct 2008 08:50:46 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Message-ID;
	b=3NSZpBbeSMB3Vx7PLxxWm018yskoGoZ7hBlkOG6Is1lUqx5Go3y6Lmdgct5esmkhVZgCR/IvLMQKsoVJcO2lAhFWh4YsdEx4zomkAbU3wfEgGljvkWSXFHwlsafnXHaOrXp/MPYZuoCsNG9Bjo6yZ4D946tsFmcq+IjpyJSc+5A=;
X-YMail-OSG: uN1Eo9wVM1nX6yBeWRbJoywX316wXSN.FWeeIrjGNWzkqZImY14PSg4eROFmvtRE5vn5FAWDpqZ7jZocL27sJeY25drdvkOUJ6hEj8KkfcBAy7KSp.Woo1jJi_DGJ_551SdI9l6q7_vspRU.gTtMX8v.nBg-
Received: from [66.230.230.230] by web39104.mail.mud.yahoo.com via HTTP;
	Sat, 04 Oct 2008 01:50:45 PDT
X-Mailer: YahooMailWebService/0.7.218.2
Date: Sat, 4 Oct 2008 01:50:45 -0700 (PDT)
From: bf <bf2006a@yahoo.com>
To: cvs-src@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <983704.51422.qm@web39104.mail.mud.yahoo.com>
Subject: cvs commit: src/crypto/openssh sshconnect2.c 
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: bf2006a@yahoo.com
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Oct 2008 08:50:47 -0000

Re: SVN rev 183568 on 2008-10-03 10:40:26Z by des

For what it's worth, from OpenBSD CVS (I don't know whether the "as is
fairly typical" below is griping about lack of feedback from downstream in
general, or whether des@ in particular is acquiring a reputation as the
"John Bolton of software maintainers" in certain quarters ;)  ):

"deraadt@src / 2008-10-03 23:56:28 UTC

openbsd/OpenBSD: src/usr.bin/ssh sshconnect2.c

Repair strnvis() buffersize of 4*n+1, with termination gauranteed[sic] by
the function. spotted by des at freebsd, who commited an incorrect fix to
the freebsd tree and (as is fairly typical) did not report the problem to
us.  But this fix is correct.

ok djm

Files rc/usr.bin/ssh/sshconnect2.c"

with the diff (

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshconnect2.c.diff?r1=1.167&r2=1.168

):

===================================================================
RCS file: /usr/OpenBSD/cvs/src/usr.bin/ssh/sshconnect2.c,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -r1.167 -r1.168
--- src/usr.bin/ssh/sshconnect2.c       2008/07/31 14:48:28     1.167
+++ src/usr.bin/ssh/sshconnect2.c       2008/10/03 23:56:28     1.168
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.167 2008/07/31 14:48:28 markus Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.168 2008/10/03 23:56:28 deraadt Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -380,8 +380,8 @@
        if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
                if (len > 65536)
                        len = 65536;
-               msg = xmalloc(len * 4); /* max expansion from strnvis() */
-               strnvis(msg, raw, len * 4, VIS_SAFE|VIS_OCTAL);
+               msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
+               strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL);
                fprintf(stderr, "%s", msg);
                xfree(msg);
        }