lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-08 19:02:06 +03:00
Code Activity

pki: Fix integer overflow in ssh_pki_import_privkey_file().

Browse Source 
If the file size is ULONG_MAX, the call to malloc() may allocate a
small buffer, leading to a memory corruption.
This commit is contained in:
Xi Wang
2011-11-25 23:01:18 -05:00
committed by Andreas Schneider
parent d404ad7152
commit cab00c3bfc
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/pki.c
View File

@@ -457,6 +457,7 @@ int ssh_pki_import_privkey_file(const char *filename,
filename, strerror(errno)); filename, strerror(errno));
return SSH_ERROR; return SSH_ERROR;
} }
key_buf[size] = 0;
key = pki_private_key_from_base64(key_buf, passphrase, auth_fn, auth_data); key = pki_private_key_from_base64(key_buf, passphrase, auth_fn, auth_data);
SAFE_FREE(key_buf); SAFE_FREE(key_buf);
@@ -815,6 +816,10 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
return SSH_ERROR; return SSH_ERROR;
} }
if (sb.st_size + 1 < sb.st_size) {
return SSH_ERROR;
}
file = fopen(filename, "r"); file = fopen(filename, "r");
if (file == NULL) { if (file == NULL) {
ssh_pki_log("Error opening %s: %s", ssh_pki_log("Error opening %s: %s",