diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2020-06-03 10:04:09 +0200 |
---|---|---|
committer | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2020-08-13 12:23:51 +0200 |
commit | 0a9268a60f2d3748ca69bde5651f20e72761058c (patch) | |
tree | b2aab7ca2fc8ad0ed71b5d48adb18bbad96a444e | |
parent | 04685a74df9ce1db1bc116a83a0da78b4f4fa1f8 (diff) | |
download | libssh-0a9268a60f2d3748ca69bde5651f20e72761058c.tar.gz libssh-0a9268a60f2d3748ca69bde5651f20e72761058c.tar.xz libssh-0a9268a60f2d3748ca69bde5651f20e72761058c.zip |
CVE-2020-16135: Add missing NULL check for ssh_buffer_new()stable-0.8
Add a missing NULL check for the pointer returned by ssh_buffer_new() in
sftpserver.c.
Thanks to Ramin Farajpour Cami for spotting this.
Fixes T232
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53)
-rw-r--r-- | src/sftpserver.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/sftpserver.c b/src/sftpserver.c index 1717aa41..1af8a0e7 100644 --- a/src/sftpserver.c +++ b/src/sftpserver.c @@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { /* take a copy of the whole packet */ msg->complete_message = ssh_buffer_new(); + if (msg->complete_message == NULL) { + ssh_set_error_oom(session); + sftp_client_message_free(msg); + return NULL; + } + ssh_buffer_add_data(msg->complete_message, ssh_buffer_get(payload), ssh_buffer_get_len(payload)); |