From dc199ed03a2d0a39691d466a8c7d58f301605f9f Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Fri, 26 Dec 2014 11:21:10 +0100 Subject: [PATCH] packet.c: i < 256 was always true and i would overflow to 0 Visualize that the 0-termination is intentional, because the array is later passed to strlen within _libssh2_packet_askv. --- src/packet.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/packet.c b/src/packet.c index 8143993..5f1feb8 100644 --- a/src/packet.c +++ b/src/packet.c @@ -1161,9 +1161,10 @@ _libssh2_packet_burn(LIBSSH2_SESSION * session, int ret; if (*state == libssh2_NB_state_idle) { - for(i = 1; i < 256; i++) { + for(i = 1; i < 255; i++) { all_packets[i - 1] = i; } + all_packets[254] = 0; if (_libssh2_packet_askv(session, all_packets, &data, &data_len, 0, NULL, 0) == 0) {