lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

CVE-2012-4562: Fix possible integer overflows.

Browse Source
This commit is contained in:
Xi Wang
2011-11-25 23:02:57 -05:00
committed by Andreas Schneider
parent efaebad323
commit 5ffb8c7cde
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/string.c
View File

@@ -22,6 +22,7 @@
*/ */
#include <errno.h> #include <errno.h>
#include <limits.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@@ -52,6 +53,10 @@
struct ssh_string_struct *ssh_string_new(size_t size) { struct ssh_string_struct *ssh_string_new(size_t size) {
struct ssh_string_struct *str = NULL; struct ssh_string_struct *str = NULL;
if (size > UINT_MAX - sizeof(struct ssh_string_struct)) {
return NULL;
}
str = malloc(sizeof(struct ssh_string_struct) + size); str = malloc(sizeof(struct ssh_string_struct) + size);
if (str == NULL) { if (str == NULL) {
return NULL; return NULL;
@@ -169,11 +174,18 @@ char *ssh_string_to_char(struct ssh_string_struct *s) {
len = ssh_string_len(s) + 1; len = ssh_string_len(s) + 1;
new = malloc(len); new = malloc(len);
len = ssh_string_len(s);
if (len + 1 < len) {
return NULL;
}
new = malloc(len + 1);
if (new == NULL) { if (new == NULL) {
return NULL; return NULL;
} }
memcpy(new, s->data, len - 1); memcpy(new, s->data, len);
new[len - 1] = '\0'; new[len] = '\0';
return new; return new;
} }