lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

buffers: Fix a possible null pointer dereference

Browse Source 
This is an addition to CVE-2015-3146 to fix the null pointer
dereference. The patch is not required to fix the CVE but prevents
issues in future.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Aris Adamantiadis
2015-04-15 16:25:29 +02:00
committed by Andreas Schneider
parent bf0c7ae0ae
commit 3091025472
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/buffer.c
View File

@@ -224,6 +224,10 @@ int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint
{ {
buffer_verify(buffer); buffer_verify(buffer);
if (data == NULL) {
return -1;
}
if (buffer->used + len < len) { if (buffer->used + len < len) {
return -1; return -1;
} }
@@ -257,6 +261,10 @@ int buffer_add_ssh_string(struct ssh_buffer_struct *buffer,
struct ssh_string_struct *string) { struct ssh_string_struct *string) {
uint32_t len = 0; uint32_t len = 0;
if (string == NULL) {
return -1;
}
len = ssh_string_len(string); len = ssh_string_len(string);
if (ssh_buffer_add_data(buffer, string, len + sizeof(uint32_t)) < 0) { if (ssh_buffer_add_data(buffer, string, len + sizeof(uint32_t)) < 0) {
return -1; return -1;