aboutsummaryrefslogtreecommitdiff
path: root/src/buffer.c
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2018-09-19 10:09:44 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-09-19 11:18:02 +0200
commit07f7fa7806e94ccaa271c185213afed80e13a77d (patch)
tree49272400b14e85cf271a5f9a21bb887903d2146e /src/buffer.c
parent5123f7955b67341e946987642354c0b123f5e1ff (diff)
downloadlibssh-07f7fa7806e94ccaa271c185213afed80e13a77d.tar.gz
libssh-07f7fa7806e94ccaa271c185213afed80e13a77d.tar.xz
libssh-07f7fa7806e94ccaa271c185213afed80e13a77d.zip
buffer: Fix invalid memory access in ssh_buffer_unpack()
Found by oss-fuzz. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/buffer.c')
-rw-r--r--src/buffer.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/buffer.c b/src/buffer.c
index 10f00841..952065f8 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -1239,29 +1239,29 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
for(p=format;p<last;++p){
switch(*p){
case 'b':
+ o.byte = va_arg(ap_copy, uint8_t *);
if (buffer->secure) {
- o.byte = va_arg(ap_copy, uint8_t *);
explicit_bzero(o.byte, sizeof(uint8_t));
break;
}
break;
case 'w':
+ o.word = va_arg(ap_copy, uint16_t *);
if (buffer->secure) {
- o.word = va_arg(ap_copy, uint16_t *);
explicit_bzero(o.word, sizeof(uint16_t));
break;
}
break;
case 'd':
+ o.dword = va_arg(ap_copy, uint32_t *);
if (buffer->secure) {
- o.dword = va_arg(ap_copy, uint32_t *);
explicit_bzero(o.dword, sizeof(uint32_t));
break;
}
break;
case 'q':
+ o.qword = va_arg(ap_copy, uint64_t *);
if (buffer->secure) {
- o.qword = va_arg(ap_copy, uint64_t *);
explicit_bzero(o.qword, sizeof(uint64_t));
break;
}