From 17751bcab25681d341442fdc2386a30a6bea345e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 12 Feb 2010 07:35:08 +1100 Subject: - djm@cvs.openbsd.org 2010/02/02 22:49:34 [bufaux.c] make buffer_get_string_ret() really non-fatal in all cases (it was using buffer_get_int(), which could fatal() on buffer empty); ok markus dtucker --- ChangeLog | 8 ++++++++ bufaux.c | 7 +++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2c71e6c89..2c815a3ab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20100212 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/02/02 22:49:34 + [bufaux.c] + make buffer_get_string_ret() really non-fatal in all cases (it was + using buffer_get_int(), which could fatal() on buffer empty); + ok markus dtucker + 20100210 - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for getseuserbyname; patch from calebcase AT gmail.com via diff --git a/bufaux.c b/bufaux.c index e17f001e1..4ef19c454 100644 --- a/bufaux.c +++ b/bufaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.c,v 1.47 2010/01/12 01:36:08 djm Exp $ */ +/* $OpenBSD: bufaux.c,v 1.48 2010/02/02 22:49:34 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -166,7 +166,10 @@ buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) u_int len; /* Get the length. */ - len = buffer_get_int(buffer); + if (buffer_get_int_ret(&len, buffer) != 0) { + error("buffer_get_string_ret: cannot extract length"); + return (NULL); + } if (len > 256 * 1024) { error("buffer_get_string_ret: bad string length %u", len); return (NULL); -- cgit v1.2.3