diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2012-10-05 10:32:47 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2012-10-05 11:12:13 +0200 |
commit | dc8103925c2efc8bc321c092c8eb8d453081c69d (patch) | |
tree | 782d92d9b219c52a2452f7fe2ac471afb811c14d | |
parent | 280ce3fe937c96899732814928c8ecfa9f9ae431 (diff) | |
download | libssh-dc8103925c2efc8bc321c092c8eb8d453081c69d.tar.gz libssh-dc8103925c2efc8bc321c092c8eb8d453081c69d.tar.xz libssh-dc8103925c2efc8bc321c092c8eb8d453081c69d.zip |
packet: Fix a possible segfault.
-rw-r--r-- | src/packet.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/packet.c b/src/packet.c index 6f27d424..5e744189 100644 --- a/src/packet.c +++ b/src/packet.c @@ -128,13 +128,17 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user) int current_macsize = session->current_crypto ? MACSIZE : 0; unsigned char mac[30] = {0}; char buffer[16] = {0}; - void *packet=NULL; + const void *packet = NULL; int to_be_read; int rc; uint32_t len, compsize, payloadsize; uint8_t padding; size_t processed=0; /* number of byte processed from the callback */ + if (data == NULL) { + goto error; + } + enter_function(); if (session->session_state == SSH_SESSION_STATE_ERROR) goto error; @@ -194,7 +198,7 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user) return processed; } - packet = (unsigned char *)data + processed; + packet = ((unsigned char *)data) + processed; // ssh_socket_read(session->socket,packet,to_be_read-current_macsize); if (buffer_add_data(session->in_buffer, packet, @@ -267,7 +271,7 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user) /* Handle a potential packet left in socket buffer */ ssh_log(session,SSH_LOG_PACKET,"Processing %" PRIdS " bytes left in socket buffer", receivedlen-processed); - rc = ssh_packet_socket_callback((char *)data + processed, + rc = ssh_packet_socket_callback(((unsigned char *)data) + processed, receivedlen - processed,user); processed += rc; } |