From 309102547208281215e6799336b42d355cdd7c5d Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Wed, 15 Apr 2015 16:25:29 +0200
Subject: [PATCH] buffers: Fix a possible null pointer dereference

This is an addition to CVE-2015-3146 to fix the null pointer
dereference. The patch is not required to fix the CVE but prevents
issues in future.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/buffer.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/buffer.c b/src/buffer.c
index cb4b661d..2e8649fc 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -224,6 +224,10 @@ int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint
 {
   buffer_verify(buffer);
 
+  if (data == NULL) {
+      return -1;
+  }
+
   if (buffer->used + len < len) {
     return -1;
   }
@@ -257,6 +261,10 @@ int buffer_add_ssh_string(struct ssh_buffer_struct *buffer,
     struct ssh_string_struct *string) {
   uint32_t len = 0;
 
+  if (string == NULL) {
+      return -1;
+  }
+
   len = ssh_string_len(string);
   if (ssh_buffer_add_data(buffer, string, len + sizeof(uint32_t)) < 0) {
     return -1;