lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

CVE-2012-4562: Fix possible integer overflows.

Browse Source
This commit is contained in:
Xi Wang
2011-11-25 23:02:57 -05:00
committed by Andreas Schneider
parent efaebad323
commit 5ffb8c7cde
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/string.c
View File

@@ -22,6 +22,7 @@
*/
#include <errno.h>
#include <limits.h>
#include <stdlib.h>
#include <string.h>
@@ -52,6 +53,10 @@
struct ssh_string_struct *ssh_string_new(size_t size) {
struct ssh_string_struct *str = NULL;
if (size > UINT_MAX - sizeof(struct ssh_string_struct)) {
return NULL;
}
str = malloc(sizeof(struct ssh_string_struct) + size);
if (str == NULL) {
return NULL;
@@ -169,11 +174,18 @@ char *ssh_string_to_char(struct ssh_string_struct *s) {
len = ssh_string_len(s) + 1;
new = malloc(len);
len = ssh_string_len(s);
if (len + 1 < len) {
return NULL;
}
new = malloc(len + 1);
if (new == NULL) {
return NULL;
}
memcpy(new, s->data, len - 1);
new[len - 1] = '\0';
memcpy(new, s->data, len);
new[len] = '\0';
return new;
}