Re: [PATCH] Fix buffer overrun

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On Thu, 25 Jun 2015, Salvador Fandino wrote:

> And now the proper fix (hopefully)!

Good catch, I think it should return failure in this case though. An
escape at the end of the line is bad syntax.

diff --git a/readconf.c b/readconf.c
index 0d41d78..06d600c 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1913,7 +1913,8 @@ parse_fwd_field(char **p, struct fwdarg *fwd)
 		switch (*cp) {
 		case '\\':
 			memmove(cp, cp + 1, strlen(cp + 1) + 1);
-			cp++;
+			if (*cp == '\0')
+				return -1;
 			break;
 		case '/':
 			ispath = 1;
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux