shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 18:50:28 +09:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2012-4562: Fix possible integer overflow in ssh_get_hexa().

Browse Source 
No exploit known, but it is better to check the string length.
This commit is contained in:
Xi Wang
2011-11-25 23:02:06 -05:00
committed by Andreas Schneider
parent 2ee6282fdd
commit 8489521c0d
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/dh.c
View File

@@ -44,6 +44,7 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <limits.h>
#ifndef _WIN32 #ifndef _WIN32
#include <netinet/in.h> #include <netinet/in.h>
@@ -194,6 +195,9 @@ char *ssh_get_hexa(const unsigned char *what, size_t len) {
char *hexa = NULL; char *hexa = NULL;
size_t i; size_t i;
if (len > (UINT_MAX - 1) / 3)
return NULL;
hexa = malloc(len * 3 + 1); hexa = malloc(len * 3 + 1);
if (hexa == NULL) { if (hexa == NULL) {
return NULL; return NULL;