From 6789170799e6f6bf7bad96b4341017b7a931fa88 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 2 Feb 2015 16:54:22 +0100
Subject: buffer: Abort if the canary is not intact in ssh_buffer_unpack()

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
---
 src/buffer.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/buffer.c')

diff --git a/src/buffer.c b/src/buffer.c
index 5eb3bb56..6bf268a4 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -787,10 +787,10 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
     }
 
     if (rc != SSH_ERROR){
-        /* verify that the last hidden argument is correct */
-        o.dword = va_arg(ap, uint32_t);
-        if (o.dword != SSH_BUFFER_PACK_END){
-            rc = SSH_ERROR;
+        /* Check if our canary is intact, if not somthing really bad happened */
+        uint32_t canary = va_arg(ap, uint32_t);
+        if (canary != SSH_BUFFER_PACK_END) {
+            abort();
         }
     }
     return rc;
-- 
cgit v1.2.3