- tobias@cvs.openbsd.org 2009/03/23 08:31:19

     [ssh-agent.c]
     Fixed a possible out-of-bounds memory access if the environment variable
     SHELL is shorter than 3 characters.
     with input by and ok dtucker

2 files changed, 7 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index c46c88ebf..c851e8f77 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,11 @@
      fixes documentation/6102, submitted by Peter J. Philipp
      alternative fix proposed by djm
      ok markus
+   - tobias@cvs.openbsd.org 2009/03/23 08:31:19
+     [ssh-agent.c]
+     Fixed a possible out-of-bounds memory access if the environment variable
+     SHELL is shorter than 3 characters.
+     with input by and ok dtucker
 
 20090616
  - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t
diff --git a/ssh-agent.c b/ssh-agent.c
index 9123cfe6b..1a54a2784 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.159 2008/06/28 14:05:15 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.160 2009/03/23 08:31:19 tobias Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1122,7 +1122,7 @@ main(int ac, char **av)
         if (ac == 0 && !c_flag && !s_flag) {
                 shell = getenv("SHELL");
                 if (shell != NULL &&
-                    strncmp(shell + strlen(shell) - 3, "csh", 3) == 0)
+                    strncmp(shell + MAX(strlen(shell) - 3, 0), "csh", 3) == 0)
                         c_flag = 1;
         }
         if (k_flag) {