shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 18:50:28 +09:00
Code Issues Packages Projects Releases Wiki Activity

buffers: Fix a possible null pointer dereference

Browse Source 
This is an addition to CVE-2015-3146 to fix the null pointer
dereference. The patch is not required to fix the CVE but prevents
issues in future.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 3091025472)
This commit is contained in:
Aris Adamantiadis
2015-04-15 16:25:29 +02:00
committed by Andreas Schneider
parent 94f6955fba
commit e9d16bd343
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/buffer.c
View File

@@ -188,6 +188,10 @@ int buffer_reinit(struct ssh_buffer_struct *buffer) {
int buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) { int buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) {
buffer_verify(buffer); buffer_verify(buffer);
if (data == NULL) {
return -1;
}
if (buffer->used + len < len) { if (buffer->used + len < len) {
return -1; return -1;
} }
@@ -221,6 +225,10 @@ int buffer_add_ssh_string(struct ssh_buffer_struct *buffer,
struct ssh_string_struct *string) { struct ssh_string_struct *string) {
uint32_t len = 0; uint32_t len = 0;
if (string == NULL) {
return -1;
}
len = ssh_string_len(string); len = ssh_string_len(string);
if (buffer_add_data(buffer, string, len + sizeof(uint32_t)) < 0) { if (buffer_add_data(buffer, string, len + sizeof(uint32_t)) < 0) {
return -1; return -1;