Overview

File 0003-CVE-2012-4562-Fix-a-possible-infinite-loop-in-buffer.patch of Package libssh

From 1699adfa036ffc66c62fdbb784610445cbebfc6e Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 12 Oct 2012 11:35:20 +0200
Subject: [PATCH 03/13] CVE-2012-4562: Fix a possible infinite loop in
 buffer_reinit().

If needed is bigger than the highest power of two or a which fits in an
integer we will loop forever.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/buffer.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

--- libssh-0.3.4/libssh/buffer.c.orig	2012-12-19 17:22:37.461200274 +0100
+++ libssh-0.3.4/libssh/buffer.c	2012-12-19 17:23:41.783367554 +0100
@@ -71,11 +71,14 @@
 }
 
 static int realloc_buffer(struct buffer_struct *buffer, int needed) {
-  int smallest = 1;
-  char *new = NULL;
+  size_t smallest = 1;
+  char *new;
   /* Find the smallest power of two which is greater or equal to needed */
   while(smallest <= needed) {
-    smallest <<= 1;
+      if (smallest == 0) {
+          return -1;
+      }
+      smallest <<= 1;
   }
   needed = smallest;
   new = realloc(buffer->data, needed);
openSUSE Build Service is sponsored by
Places