diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2018-09-19 10:09:44 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-09-19 11:18:02 +0200 |
commit | 07f7fa7806e94ccaa271c185213afed80e13a77d (patch) | |
tree | 49272400b14e85cf271a5f9a21bb887903d2146e /src/buffer.c | |
parent | 5123f7955b67341e946987642354c0b123f5e1ff (diff) | |
download | libssh-07f7fa7806e94ccaa271c185213afed80e13a77d.tar.gz libssh-07f7fa7806e94ccaa271c185213afed80e13a77d.tar.xz libssh-07f7fa7806e94ccaa271c185213afed80e13a77d.zip |
buffer: Fix invalid memory access in ssh_buffer_unpack()
Found by oss-fuzz.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/buffer.c')
-rw-r--r-- | src/buffer.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/buffer.c b/src/buffer.c index 10f00841..952065f8 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -1239,29 +1239,29 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer, for(p=format;p<last;++p){ switch(*p){ case 'b': + o.byte = va_arg(ap_copy, uint8_t *); if (buffer->secure) { - o.byte = va_arg(ap_copy, uint8_t *); explicit_bzero(o.byte, sizeof(uint8_t)); break; } break; case 'w': + o.word = va_arg(ap_copy, uint16_t *); if (buffer->secure) { - o.word = va_arg(ap_copy, uint16_t *); explicit_bzero(o.word, sizeof(uint16_t)); break; } break; case 'd': + o.dword = va_arg(ap_copy, uint32_t *); if (buffer->secure) { - o.dword = va_arg(ap_copy, uint32_t *); explicit_bzero(o.dword, sizeof(uint32_t)); break; } break; case 'q': + o.qword = va_arg(ap_copy, uint64_t *); if (buffer->secure) { - o.qword = va_arg(ap_copy, uint64_t *); explicit_bzero(o.qword, sizeof(uint64_t)); break; } |