lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-30 13:01:23 +03:00
Code Activity

CVE-2012-4560: Fix a write one past the end of 'buf'.

Browse Source
This commit is contained in:
Andreas Schneider
2012-10-05 11:39:47 +02:00
parent 894bbf3137
commit bd3acae4f3
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/misc.c
View File

@@ -723,7 +723,8 @@ char *ssh_path_expand_escape(ssh_session session, const char *s) {
if (*p != '%') { if (*p != '%') {
buf[i] = *p; buf[i] = *p;
i++; i++;
if (i > MAX_BUF_SIZE) { if (i >= MAX_BUF_SIZE) {
free(r);
return NULL; return NULL;
} }
buf[i] = '\0'; buf[i] = '\0';
@@ -775,7 +776,7 @@ char *ssh_path_expand_escape(ssh_session session, const char *s) {
} }
i += strlen(x); i += strlen(x);
if (i > MAX_BUF_SIZE) { if (i >= MAX_BUF_SIZE) {
ssh_set_error(session, SSH_FATAL, ssh_set_error(session, SSH_FATAL,
"String too long"); "String too long");
free(x); free(x);