From d0fdd6818c1633656fd47ee1de9438130eb9eb03 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 1 Dec 2010 12:02:14 +1100 Subject: - djm@cvs.openbsd.org 2010/11/23 23:57:24 [clientloop.c] avoid NULL deref on receiving a channel request on an unknown or invalid channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ --- ChangeLog | 4 ++++ clientloop.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index de1fb753d..39d88701a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,10 @@ [auth.c] use strict_modes already passed as function argument over referencing global options.strict_modes + - djm@cvs.openbsd.org 2010/11/23 23:57:24 + [clientloop.c] + avoid NULL deref on receiving a channel request on an unknown or invalid + channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and diff --git a/clientloop.c b/clientloop.c index 076386cc2..91eea8562 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.225 2010/11/21 01:01:13 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.226 2010/11/23 23:57:24 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1933,7 +1933,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); } - if (reply) { + if (reply && c != NULL) { packet_start(success ? SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); packet_put_int(c->remote_id); -- cgit v1.2.3