nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Code Issues Projects Releases Wiki Activity

In get_ssh_string, don't get confused by lengths >= 0x80000000.

Browse Source 
"confused" meaning "reading off the end of the input".

Bug found with the help of afl-fuzz.
This commit is contained in:
Ben Harris 2015-10-10 22:59:38 +01:00
parent 7707aa24d6
commit c0e19ca19d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
misc.c
View File

@ -1064,7 +1064,7 @@ int match_ssh_id(int stringlen, const void *string, const char *id)
void *get_ssh_string(int *datalen, const void **data, int *stringlen) void *get_ssh_string(int *datalen, const void **data, int *stringlen)
{ {
void *ret; void *ret;
int len; unsigned int len;
if (*datalen < 4) if (*datalen < 4)
return NULL; return NULL;