nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00
Code Issues Projects Releases Wiki Activity

Fix a potential crash in ssh_setup_portfwd.

Browse Source 
If we search for a colon by computing ptr + host_strcspn(ptr,":"),
then the resulting pointer is always non-NULL, and the 'not found'
condition is not !p but !*p.

This typo could have caused PuTTY to overrun a string, but not in a
security-bug sense because any such string would have to have been
loaded from the configuration rather than received from a hostile
source.

[originally from svn r10123]
This commit is contained in:
Simon Tatham 2014-01-25 15:59:04 +00:00
parent 5a5ef64a30
commit ee83fb6fdb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssh.c
View File

@ -4955,7 +4955,7 @@ static void ssh_setup_portfwd(Ssh ssh, Conf *conf)
vp = val; vp = val;
vp2 = vp + host_strcspn(vp, ":"); vp2 = vp + host_strcspn(vp, ":");
host = dupprintf("%.*s", (int)(vp2 - vp), vp); host = dupprintf("%.*s", (int)(vp2 - vp), vp);
if (vp2) if (*vp2)
vp2++; vp2++;
dports = vp2; dports = vp2;
dport = atoi(dports); dport = atoi(dports);