Limit the number of PAM environment variables.

xcalloc has its own limits, but these are specific to PAM.  From
Coverity CID 405198, ok djm@

diff --git a/monitor.c b/monitor.c
index f856c8738c3a3d6cba36cf86cfc20b58b1155c41..fda4a3660be77d09dddb3f4725fa7c34c7134959 100644 (file)
--- a/monitor.c
+++ b/monitor.c
@@ -1097,6 +1097,10 @@ mm_answer_pam_respond(struct ssh *ssh, int sock, struct sshbuf *m)
        sshpam_authok = NULL;
        if ((r = sshbuf_get_u32(m, &num)) != 0)
                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+       if (num > PAM_MAX_NUM_MSG) {
+               fatal_f("Too many PAM messages, got %u, expected <= %u",
+                   num, (unsigned)PAM_MAX_NUM_MSG);
+       }
        if (num > 0) {
                resp = xcalloc(num, sizeof(char *));
                for (i = 0; i < num; ++i) {