diff options
author | Tilo Eckert <tilo.eckert@flam.de> | 2018-11-15 10:37:20 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-11-20 08:46:44 +0100 |
commit | 709c48eab635cf653ad460a47e4027faf122d41e (patch) | |
tree | e659c7f294f68b68188f924f607725fb8a8166bc | |
parent | 3d56bdae372c54a22f39237b1fbe3466713aa3f4 (diff) | |
download | libssh-709c48eab635cf653ad460a47e4027faf122d41e.tar.gz libssh-709c48eab635cf653ad460a47e4027faf122d41e.tar.xz libssh-709c48eab635cf653ad460a47e4027faf122d41e.zip |
socket: Fix potential buffer overrun
If nread is < 0 and no exception callback is set,
the following code block would cause a buffer overrun.
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 0b9e07fbdc789b839f489ae52f1ddfeb07c12e9c)
-rw-r--r-- | src/socket.c | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/src/socket.c b/src/socket.c index 8c3e68ec..6012c46e 100644 --- a/src/socket.c +++ b/src/socket.c @@ -270,12 +270,8 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p, s->callbacks->exception(SSH_SOCKET_EXCEPTION_ERROR, s->last_errno, s->callbacks->userdata); - - /* p may have been freed, so don't use it - * anymore in this function */ - p = NULL; - return -2; } + return -2; } if (nread == 0) { if (p != NULL) { @@ -288,12 +284,8 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p, s->callbacks->exception(SSH_SOCKET_EXCEPTION_EOF, 0, s->callbacks->userdata); - - /* p may have been freed, so don't use it - * anymore in this function */ - p = NULL; - return -2; } + return -2; } if (s->session->socket_counter != NULL) { |