aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTilo Eckert <tilo.eckert@flam.de>2018-11-15 10:37:20 +0100
committerAndreas Schneider <asn@cryptomilk.org>2018-11-20 08:46:44 +0100
commit709c48eab635cf653ad460a47e4027faf122d41e (patch)
treee659c7f294f68b68188f924f607725fb8a8166bc
parent3d56bdae372c54a22f39237b1fbe3466713aa3f4 (diff)
downloadlibssh-709c48eab635cf653ad460a47e4027faf122d41e.tar.gz
libssh-709c48eab635cf653ad460a47e4027faf122d41e.tar.xz
libssh-709c48eab635cf653ad460a47e4027faf122d41e.zip
socket: Fix potential buffer overrun
If nread is < 0 and no exception callback is set, the following code block would cause a buffer overrun. Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 0b9e07fbdc789b839f489ae52f1ddfeb07c12e9c)
Diffstat
-rw-r--r--src/socket.c12
1 files changed, 2 insertions, 10 deletions
diff --git a/src/socket.c b/src/socket.c
index 8c3e68ec..6012c46e 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -270,12 +270,8 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p,
s->callbacks->exception(SSH_SOCKET_EXCEPTION_ERROR,
s->last_errno,
s->callbacks->userdata);
-
- /* p may have been freed, so don't use it
- * anymore in this function */
- p = NULL;
- return -2;
}
+ return -2;
}
if (nread == 0) {
if (p != NULL) {
@@ -288,12 +284,8 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p,
s->callbacks->exception(SSH_SOCKET_EXCEPTION_EOF,
0,
s->callbacks->userdata);
-
- /* p may have been freed, so don't use it
- * anymore in this function */
- p = NULL;
- return -2;
}
+ return -2;
}
if (s->session->socket_counter != NULL) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 14:15:49 +0000