diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2015-04-15 16:25:29 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2015-04-23 10:33:52 +0200 |
commit | 309102547208281215e6799336b42d355cdd7c5d (patch) | |
tree | 28854d8f4564bccb61e3d6eaca8c51c15faeda28 | |
parent | bf0c7ae0aeb0ebe661d11ea6785fff2cbf4f3dbe (diff) | |
download | libssh-309102547208281215e6799336b42d355cdd7c5d.tar.gz libssh-309102547208281215e6799336b42d355cdd7c5d.tar.xz libssh-309102547208281215e6799336b42d355cdd7c5d.zip |
buffers: Fix a possible null pointer dereference
This is an addition to CVE-2015-3146 to fix the null pointer
dereference. The patch is not required to fix the CVE but prevents
issues in future.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | src/buffer.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/buffer.c b/src/buffer.c index cb4b661d..2e8649fc 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -224,6 +224,10 @@ int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint { buffer_verify(buffer); + if (data == NULL) { + return -1; + } + if (buffer->used + len < len) { return -1; } @@ -257,6 +261,10 @@ int buffer_add_ssh_string(struct ssh_buffer_struct *buffer, struct ssh_string_struct *string) { uint32_t len = 0; + if (string == NULL) { + return -1; + } + len = ssh_string_len(string); if (ssh_buffer_add_data(buffer, string, len + sizeof(uint32_t)) < 0) { return -1; |