aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2012-10-05 10:32:47 +0200
committerAndreas Schneider <asn@cryptomilk.org>2012-10-05 11:12:13 +0200
commitdc8103925c2efc8bc321c092c8eb8d453081c69d (patch)
tree782d92d9b219c52a2452f7fe2ac471afb811c14d
parent280ce3fe937c96899732814928c8ecfa9f9ae431 (diff)
downloadlibssh-dc8103925c2efc8bc321c092c8eb8d453081c69d.tar.gz
libssh-dc8103925c2efc8bc321c092c8eb8d453081c69d.tar.xz
libssh-dc8103925c2efc8bc321c092c8eb8d453081c69d.zip
packet: Fix a possible segfault.
-rw-r--r--src/packet.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/packet.c b/src/packet.c
index 6f27d424..5e744189 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -128,13 +128,17 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
int current_macsize = session->current_crypto ? MACSIZE : 0;
unsigned char mac[30] = {0};
char buffer[16] = {0};
- void *packet=NULL;
+ const void *packet = NULL;
int to_be_read;
int rc;
uint32_t len, compsize, payloadsize;
uint8_t padding;
size_t processed=0; /* number of byte processed from the callback */
+ if (data == NULL) {
+ goto error;
+ }
+
enter_function();
if (session->session_state == SSH_SESSION_STATE_ERROR)
goto error;
@@ -194,7 +198,7 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
return processed;
}
- packet = (unsigned char *)data + processed;
+ packet = ((unsigned char *)data) + processed;
// ssh_socket_read(session->socket,packet,to_be_read-current_macsize);
if (buffer_add_data(session->in_buffer, packet,
@@ -267,7 +271,7 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
/* Handle a potential packet left in socket buffer */
ssh_log(session,SSH_LOG_PACKET,"Processing %" PRIdS " bytes left in socket buffer",
receivedlen-processed);
- rc = ssh_packet_socket_callback((char *)data + processed,
+ rc = ssh_packet_socket_callback(((unsigned char *)data) + processed,
receivedlen - processed,user);
processed += rc;
}