Overview

File get-data-overflow.patch of Package libssh

--- libssh-0.2.orig/libssh/buffer.c	2006-12-29 10:03:59.000000000 -0500
+++ libssh-0.2/libssh/buffer.c	2009-09-21 12:59:57.000000000 -0400
@@ -199,8 +199,13 @@
 }
 
 int buffer_get_data(BUFFER *buffer, void *data, int len){
-    if(buffer->pos+len>buffer->used)
-        return 0;  /*no enough data in buffer */
+    /*
+     * Check for a integer overflow first, then check if not enough data is in
+     * the buffer.
+     */
+    if (buffer->pos + len < len || buffer->pos + len > buffer->used) {
+        return 0;
+    }
     memcpy(data,buffer->data+buffer->pos,len);
     buffer->pos+=len;
     return len;   /* no yet support for partial reads (is it really needed ?? ) */
openSUSE Build Service is sponsored by
Places