aboutsummaryrefslogtreecommitdiff
path: root/src/gssapi.c
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2019-10-28 13:59:52 +0100
committerAndreas Schneider <asn@cryptomilk.org>2019-12-09 16:08:03 +0100
commit33cca875c2c0aef8be780e6917e53819419be81d (patch)
tree50b4dc49858fee4aa58d09022b408409077c1762 /src/gssapi.c
parentb55d7f3b73fd303e089162b7ce1eda888777eba3 (diff)
downloadlibssh-33cca875c2c0aef8be780e6917e53819419be81d.tar.gz
libssh-33cca875c2c0aef8be780e6917e53819419be81d.tar.xz
libssh-33cca875c2c0aef8be780e6917e53819419be81d.zip
SSH-01-006: Add missing NULL check in ssh_gssapi_oid_from_string()
Fixes T193 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src/gssapi.c')
-rw-r--r--src/gssapi.c19
1 files changed, 13 insertions, 6 deletions
diff --git a/src/gssapi.c b/src/gssapi.c
index 9e2139fe..7260f5ec 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -750,7 +750,7 @@ int ssh_gssapi_auth_mic(ssh_session session){
}
n_oids = selected->count;
- SSH_LOG(SSH_LOG_PROTOCOL, "Sending %d oids", n_oids);
+ SSH_LOG(SSH_LOG_PROTOCOL, "Sending %zu oids", n_oids);
oids = calloc(n_oids, sizeof(ssh_string));
if (oids == NULL) {
@@ -763,7 +763,7 @@ int ssh_gssapi_auth_mic(ssh_session session){
if (oids[i] == NULL) {
ssh_set_error_oom(session);
rc = SSH_ERROR;
- goto out:
+ goto out;
}
((unsigned char *)oids[i]->data)[0] = SSH_OID_TAG;
((unsigned char *)oids[i]->data)[1] = selected->elements[i].length;
@@ -785,13 +785,13 @@ out:
return SSH_AUTH_ERROR;
}
-static gss_OID ssh_gssapi_oid_from_string(ssh_string oid_s){
- gss_OID ret;
+static gss_OID ssh_gssapi_oid_from_string(ssh_string oid_s)
+{
+ gss_OID ret = NULL;
unsigned char *data = ssh_string_data(oid_s);
size_t len = ssh_string_len(oid_s);
- ret = malloc(sizeof(gss_OID_desc));
- if (ret == NULL) {
+ if (data == NULL) {
return NULL;
}
@@ -799,10 +799,17 @@ static gss_OID ssh_gssapi_oid_from_string(ssh_string oid_s){
SAFE_FREE(ret);
return NULL;
}
+
if (data[0] != SSH_OID_TAG || data[1] != len - 2) {
SAFE_FREE(ret);
return NULL;
}
+
+ ret = malloc(sizeof(gss_OID_desc));
+ if (ret == NULL) {
+ return NULL;
+ }
+
ret->elements = malloc(len - 2);
if (ret->elements == NULL) {
SAFE_FREE(ret);