Bugzilla – Attachment 2628 Details for
Bug 2396
Out of bounds read when parsing EscapeChar configuration value
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
reorder EscapeChar tests to avoid 1-byte OOB read
bz2396.diff (text/plain), 769 bytes, created by
Damien Miller
on 2015-05-22 14:33:19 AEST
(
hide
)
Description:
reorder EscapeChar tests to avoid 1-byte OOB read
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2015-05-22 14:33:19 AEST
Size:
769 bytes
patch
obsolete
>diff --git a/readconf.c b/readconf.c >index d579072..c82fe29 100644 >--- a/readconf.c >+++ b/readconf.c >@@ -1224,13 +1224,13 @@ parse_int: > arg = strdelim(&s); > if (!arg || *arg == '\0') > fatal("%.200s line %d: Missing argument.", filename, linenum); >- if (arg[0] == '^' && arg[2] == 0 && >+ if (strcmp(arg, "none") == 0) >+ value = SSH_ESCAPECHAR_NONE; >+ else if (arg[1] == '\0') >+ value = (u_char) arg[0]; >+ else if (arg[0] == '^' && arg[2] == 0 && > (u_char) arg[1] >= 64 && (u_char) arg[1] < 128) > value = (u_char) arg[1] & 31; >- else if (strlen(arg) == 1) >- value = (u_char) arg[0]; >- else if (strcmp(arg, "none") == 0) >- value = SSH_ESCAPECHAR_NONE; > else { > fatal("%.200s line %d: Bad escape character.", > filename, linenum);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2628">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 2396
: 2628