Overview

File 0009-CVE-2012-4559-Make-sure-we-don-t-free-name-and-longn.patch of Package libssh

Subject: [PATCH 09/13] CVE-2012-4559: Make sure we don't free name and
 longname twice on error.
--- libssh-0.3.4/libssh/sftp.c.orig	2012-12-19 17:31:47.494894578 +0100
+++ libssh-0.3.4/libssh/sftp.c	2012-12-19 17:37:57.723436239 +0100
@@ -950,19 +950,27 @@
   /* This isn't really a loop, but it is like a try..catch.. */
   do {
     if (expectname) {
-      if ((name = buffer_get_ssh_string(buf)) == NULL ||
-          (attr->name = string_to_char(name)) == NULL) {
-        break;
+      name = buffer_get_ssh_string(buf);
+      if (name == NULL) {
+          break;
       }
+      attr->name = string_to_char(name);
       string_free(name);
+      if (attr->name == NULL) {
+          break;
+      }
 
       ssh_log(sftp->session, SSH_LOG_RARE, "Name: %s", attr->name);
 
-      if ((longname=buffer_get_ssh_string(buf)) == NULL ||
-          (attr->longname=string_to_char(longname)) == NULL) {
-        break;
+      longname = buffer_get_ssh_string(buf);
+      if (longname == NULL) {
+          break;
       }
+      attr->longname = string_to_char(longname);
       string_free(longname);
+      if (attr->longname == NULL) {
+        break;
+      }
     }
 
     if (buffer_get_u32(buf, &flags) != sizeof(u32)) {
openSUSE Build Service is sponsored by
Places