socket: Fix potential buffer overrun
If nread is < 0 and no exception callback is set, the following code block would cause a buffer overrun. Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Tilo Eckert
Andreas Schneider
родитель
c47cdc0f97
Коммит
0b9e07fbdc
12
src/socket.c
12
src/socket.c
@ -270,12 +270,8 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p,
|
|||||||
s->callbacks->exception(SSH_SOCKET_EXCEPTION_ERROR,
|
s->callbacks->exception(SSH_SOCKET_EXCEPTION_ERROR,
|
||||||
s->last_errno,
|
s->last_errno,
|
||||||
s->callbacks->userdata);
|
s->callbacks->userdata);
|
||||||
|
|
||||||
/* p may have been freed, so don't use it
|
|
||||||
* anymore in this function */
|
|
||||||
p = NULL;
|
|
||||||
return -2;
|
|
||||||
}
|
}
|
||||||
|
return -2;
|
||||||
}
|
}
|
||||||
if (nread == 0) {
|
if (nread == 0) {
|
||||||
if (p != NULL) {
|
if (p != NULL) {
|
||||||
@ -288,12 +284,8 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p,
|
|||||||
s->callbacks->exception(SSH_SOCKET_EXCEPTION_EOF,
|
s->callbacks->exception(SSH_SOCKET_EXCEPTION_EOF,
|
||||||
0,
|
0,
|
||||||
s->callbacks->userdata);
|
s->callbacks->userdata);
|
||||||
|
|
||||||
/* p may have been freed, so don't use it
|
|
||||||
* anymore in this function */
|
|
||||||
p = NULL;
|
|
||||||
return -2;
|
|
||||||
}
|
}
|
||||||
|
return -2;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (s->session->socket_counter != NULL) {
|
if (s->session->socket_counter != NULL) {
|
||||||
|
|||||||
Загрузка…
x
Ссылка в новой задаче
Block a user