Overview

File 0006-CVE-2012-4560-Fix-a-write-one-past-the-end-of-buf.patch of Package libssh.openSUSE_12.1_Update

From 1caf97b289727ca5af00a4f8acc07d084889080f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 5 Oct 2012 11:39:47 +0200
Subject: [PATCH 06/11] CVE-2012-4560: Fix a write one past the end of 'buf'.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit aaffc79d585b3fc1a10525fd3d3b1a7e5e23286d)
---
 src/misc.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/misc.c b/src/misc.c
index 9dfe414..fe3eaa4 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -707,7 +707,8 @@ char *ssh_path_expand_escape(ssh_session session, const char *s) {
         if (*p != '%') {
             buf[i] = *p;
             i++;
-            if (i > MAX_BUF_SIZE) {
+            if (i >= MAX_BUF_SIZE) {
+                free(r);
                 return NULL;
             }
             buf[i] = '\0';
@@ -757,7 +758,7 @@ char *ssh_path_expand_escape(ssh_session session, const char *s) {
         }
 
         i += strlen(x);
-        if (i > MAX_BUF_SIZE) {
+        if (i >= MAX_BUF_SIZE) {
             ssh_set_error(session, SSH_FATAL,
                     "String too long");
             return NULL;
-- 
1.7.10.4
openSUSE Build Service is sponsored by
Places