nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Fix use-after-free in banner handling.

Browse Source 
When we fetch a chunk of data from the banner bufchain, we have to
read from it _before_ calling bufchain_consume.
This commit is contained in:
Simon Tatham 2019-11-02 08:23:58 +00:00
parent d1613e8147
commit 4adbd725ca
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssh2userauth.c
View File

@ -509,9 +509,9 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
while (bufchain_size(&s->banner) > 0) {
ptrlen data = bufchain_prefix(&s->banner);
seat_stderr_pl(s->ppl.seat, data);
bufchain_consume(&s->banner, data.len);
mid_line =
(((const char *)data.ptr)[data.len-1] != '\n');
bufchain_consume(&s->banner, data.len);
}
bufchain_clear(&s->banner);