aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2015-04-15 16:25:29 +0200
committerAndreas Schneider <asn@cryptomilk.org>2015-04-23 10:33:52 +0200
commit309102547208281215e6799336b42d355cdd7c5d (patch)
tree28854d8f4564bccb61e3d6eaca8c51c15faeda28
parentbf0c7ae0aeb0ebe661d11ea6785fff2cbf4f3dbe (diff)
downloadlibssh-309102547208281215e6799336b42d355cdd7c5d.tar.gz
libssh-309102547208281215e6799336b42d355cdd7c5d.tar.xz
libssh-309102547208281215e6799336b42d355cdd7c5d.zip
buffers: Fix a possible null pointer dereference
This is an addition to CVE-2015-3146 to fix the null pointer dereference. The patch is not required to fix the CVE but prevents issues in future. Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--src/buffer.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/buffer.c b/src/buffer.c
index cb4b661d..2e8649fc 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -224,6 +224,10 @@ int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint
{
buffer_verify(buffer);
+ if (data == NULL) {
+ return -1;
+ }
+
if (buffer->used + len < len) {
return -1;
}
@@ -257,6 +261,10 @@ int buffer_add_ssh_string(struct ssh_buffer_struct *buffer,
struct ssh_string_struct *string) {
uint32_t len = 0;
+ if (string == NULL) {
+ return -1;
+ }
+
len = ssh_string_len(string);
if (ssh_buffer_add_data(buffer, string, len + sizeof(uint32_t)) < 0) {
return -1;