From a0964504e19598ca5a45dbf0ed0c677e4f24c132 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 21 Jun 2009 17:49:36 +1000 Subject: - tobias@cvs.openbsd.org 2009/03/23 08:31:19 [ssh-agent.c] Fixed a possible out-of-bounds memory access if the environment variable SHELL is shorter than 3 characters. with input by and ok dtucker --- ChangeLog | 5 +++++ ssh-agent.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index c46c88ebf..c851e8f77 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,11 @@ fixes documentation/6102, submitted by Peter J. Philipp alternative fix proposed by djm ok markus + - tobias@cvs.openbsd.org 2009/03/23 08:31:19 + [ssh-agent.c] + Fixed a possible out-of-bounds memory access if the environment variable + SHELL is shorter than 3 characters. + with input by and ok dtucker 20090616 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t diff --git a/ssh-agent.c b/ssh-agent.c index 9123cfe6b..1a54a2784 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.159 2008/06/28 14:05:15 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.160 2009/03/23 08:31:19 tobias Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1122,7 +1122,7 @@ main(int ac, char **av) if (ac == 0 && !c_flag && !s_flag) { shell = getenv("SHELL"); if (shell != NULL && - strncmp(shell + strlen(shell) - 3, "csh", 3) == 0) + strncmp(shell + MAX(strlen(shell) - 3, 0), "csh", 3) == 0) c_flag = 1; } if (k_flag) { -- cgit v1.2.3