From a0964504e19598ca5a45dbf0ed0c677e4f24c132 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 21 Jun 2009 17:49:36 +1000 Subject: - tobias@cvs.openbsd.org 2009/03/23 08:31:19 [ssh-agent.c] Fixed a possible out-of-bounds memory access if the environment variable SHELL is shorter than 3 characters. with input by and ok dtucker --- ssh-agent.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ssh-agent.c') diff --git a/ssh-agent.c b/ssh-agent.c index 9123cfe6b..1a54a2784 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.159 2008/06/28 14:05:15 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.160 2009/03/23 08:31:19 tobias Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1122,7 +1122,7 @@ main(int ac, char **av) if (ac == 0 && !c_flag && !s_flag) { shell = getenv("SHELL"); if (shell != NULL && - strncmp(shell + strlen(shell) - 3, "csh", 3) == 0) + strncmp(shell + MAX(strlen(shell) - 3, 0), "csh", 3) == 0) c_flag = 1; } if (k_flag) { -- cgit v1.2.3 From 9013323644d2ecd77567543479bbab2c1150af6c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 21 Jun 2009 17:50:15 +1000 Subject: - tobias@cvs.openbsd.org 2009/03/23 19:38:04 [ssh-agent.c] My previous commit didn't fix the problem at all, so stick at my first version of the fix presented to dtucker. Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de). ok dtucker --- ChangeLog | 6 ++++++ ssh-agent.c | 7 ++++--- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'ssh-agent.c') diff --git a/ChangeLog b/ChangeLog index c851e8f77..0371cfc41 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,12 @@ Fixed a possible out-of-bounds memory access if the environment variable SHELL is shorter than 3 characters. with input by and ok dtucker + - tobias@cvs.openbsd.org 2009/03/23 19:38:04 + [ssh-agent.c] + My previous commit didn't fix the problem at all, so stick at my first + version of the fix presented to dtucker. + Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de). + ok dtucker 20090616 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t diff --git a/ssh-agent.c b/ssh-agent.c index 1a54a2784..f77dea3a6 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.160 2009/03/23 08:31:19 tobias Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.161 2009/03/23 19:38:04 tobias Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1061,6 +1061,7 @@ main(int ac, char **av) pid_t pid; char pidstrbuf[1 + 3 * sizeof pid]; struct timeval *tvp = NULL; + size_t len; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -1121,8 +1122,8 @@ main(int ac, char **av) if (ac == 0 && !c_flag && !s_flag) { shell = getenv("SHELL"); - if (shell != NULL && - strncmp(shell + MAX(strlen(shell) - 3, 0), "csh", 3) == 0) + if (shell != NULL && (len = strlen(shell)) > 2 && + strncmp(shell + len - 3, "csh", 3) == 0) c_flag = 1; } if (k_flag) { -- cgit v1.2.3