lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-11-20 02:42:09 +03:00
Code Activity

Fixed possible crash when decoding invalid data

Browse Source 
When trying to decode invalid data, it frees the buffer but doesn't nil it so the caller gets a junk memory pointer which they could potentially double free.
This commit is contained in:
Will Cosgrove
2017-12-15 10:42:50 -08:00
committed by GitHub
parent 0ecc41f16c
commit bcd492163b
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/misc.c
View File

@@ -299,6 +299,7 @@ libssh2_base64_decode(LIBSSH2_SESSION *session, char **data,
/* Invalid -- We have a byte which belongs exclusively to a partial /* Invalid -- We have a byte which belongs exclusively to a partial
octet */ octet */
LIBSSH2_FREE(session, *data); LIBSSH2_FREE(session, *data);
*data = NULL;
return _libssh2_error(session, LIBSSH2_ERROR_INVAL, "Invalid base64"); return _libssh2_error(session, LIBSSH2_ERROR_INVAL, "Invalid base64");
} }