packages/libssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libssh/libssh-0.8.3-fixes-the-oss-fuzz-bug.patch
dogsheng 143d5bab4e Package init
2019-12-25 15:55:06 +08:00

59 lines
1.8 KiB
Diff
Raw Blame History

From 6ae097069ad8e4658f14870c4d23409b88139810 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 10 Dec 2019 18:09:51 +0800
Subject: [PATCH] backport-fixes-the-oss-fuzz-bug
---
src/buffer.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/src/buffer.c b/src/buffer.c
index da6e587..08529ee 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -1112,6 +1112,7 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
goto cleanup;
}
+ rc = SSH_ERROR;
switch (*p) {
case 'b':
o.byte = va_arg(ap, uint8_t *);
@@ -1121,20 +1122,26 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
case 'w':
o.word = va_arg(ap, uint16_t *);
rlen = ssh_buffer_get_data(buffer, o.word, sizeof(uint16_t));
- *o.word = ntohs(*o.word);
- rc = rlen==2 ? SSH_OK : SSH_ERROR;
+ if (rlen == 2) {
+ *o.word = ntohs(*o.word);
+ rc = SSH_OK;
+ }
break;
case 'd':
o.dword = va_arg(ap, uint32_t *);
rlen = ssh_buffer_get_u32(buffer, o.dword);
- *o.dword = ntohl(*o.dword);
- rc = rlen==4 ? SSH_OK : SSH_ERROR;
+ if (rlen == 4) {
+ *o.dword = ntohl(*o.dword);
+ rc = SSH_OK;
+ }
break;
case 'q':
o.qword = va_arg(ap, uint64_t*);
rlen = ssh_buffer_get_u64(buffer, o.qword);
- *o.qword = ntohll(*o.qword);
- rc = rlen==8 ? SSH_OK : SSH_ERROR;
+ if (rlen == 8) {
+ *o.qword = ntohll(*o.qword);
+ rc = SSH_OK;
+ }
break;
case 'S':
o.string = va_arg(ap, ssh_string *);
--
2.19.1
Reference in New Issue View Git Blame Copy Permalink