aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2011-09-14 17:28:41 +0300
committerAris Adamantiadis <aris@0xbadc0de.be>2011-09-14 17:28:41 +0300
commit0fa88fdcfec1ee4cfc8f9d1708803521d546c574 (patch)
treebae312e5a4e5d24790caf567a3fc29d5c4a8ac51 /src
parent49ae226b909361848d4ae1bea4e75d553e76a885 (diff)
downloadlibssh-0fa88fdcfec1ee4cfc8f9d1708803521d546c574.tar.gz
libssh-0fa88fdcfec1ee4cfc8f9d1708803521d546c574.tar.xz
libssh-0fa88fdcfec1ee4cfc8f9d1708803521d546c574.zip
Auth: fix possible off-by-one
No security impact, only triggable by specific API call
Diffstat (limited to 'src')
-rw-r--r--src/auth.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/auth.c b/src/auth.c
index 7238e9ab..0e018730 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -2004,7 +2004,7 @@ const char *ssh_userauth_kbdint_getanswer(ssh_session session, unsigned int i) {
|| session->kbdint->answers == NULL) {
return NULL;
}
- if (i > session->kbdint->nanswers) {
+ if (i >= session->kbdint->nanswers) {
return NULL;
}
@@ -2031,7 +2031,7 @@ int ssh_userauth_kbdint_setanswer(ssh_session session, unsigned int i,
if (session == NULL)
return -1;
if (answer == NULL || session->kbdint == NULL ||
- i > session->kbdint->nprompts) {
+ i >= session->kbdint->nprompts) {
ssh_set_error_invalid(session, __FUNCTION__);
return -1;
}