diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2015-03-30 00:00:30 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2015-03-30 00:00:30 +0000 |
| commit | 4392e2a55833513f38b85468a05916efa559ae56 (patch) | |
| tree | 0c27e80e9af6b276cb2fb00ca503455f4dd3be66 /usr.bin | |
| parent | e81fd182a63222fbf34d9195cc5570cfac4ba469 (diff) | |
fix uninitialised memory read when parsing a config file consisting
of a single nul byte. Found by hanno AT hboeck.de using AFL;
ok dtucker
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/readconf.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index c24a369765b..0b314dd1079 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.232 2015/02/16 22:13:32 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.233 2015/03/30 00:00:29 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -751,7 +751,9 @@ process_config_line(Options *options, struct passwd *pw, const char *host, } /* Strip trailing whitespace */ - for (len = strlen(line) - 1; len > 0; len--) { + if ((len = strlen(line)) == 0) + return 0; + for (len--; len > 0; len--) { if (strchr(WHITESPACE, line[len]) == NULL) break; line[len] = '\0'; |