[openssh-commits] [openssh] 01/03: upstream: two defensive changes from Tobias Stoeckmann via GHPR287

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Apr 12 09:36:02 AEST 2022 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 4673fa8f2be983f2f88d5afd754adb1a2a39ec9e
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Apr 8 04:40:40 2022 +0000

    upstream: two defensive changes from Tobias Stoeckmann via GHPR287
    
    enforce stricter invarient for sshbuf_set_parent() - never allow
    a buffer to have a previously-set parent changed.
    
    In sshbuf_reset(), if the reallocation fails, then zero the entire
    buffer and not the (potentially smaller) default initial alloc size.
    
    OpenBSD-Commit-ID: 14583203aa5d50ad38d2e209ae10abaf8955e6a9
---
 sshbuf.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/sshbuf.c b/sshbuf.c
index 368ba798..840b899b 100644
--- a/sshbuf.c
+++ b/sshbuf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf.c,v 1.15 2020/02/26 13:40:09 jsg Exp $	*/
+/*	$OpenBSD: sshbuf.c,v 1.16 2022/04/08 04:40:40 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -109,6 +109,8 @@ sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent)
 	if ((r = sshbuf_check_sanity(child)) != 0 ||
 	    (r = sshbuf_check_sanity(parent)) != 0)
 		return r;
+	if (child->parent != NULL && child->parent != parent)
+		return SSH_ERR_INTERNAL_ERROR;
 	child->parent = parent;
 	child->parent->refcount++;
 	return 0;
@@ -177,7 +179,8 @@ sshbuf_reset(struct sshbuf *buf)
 		buf->off = buf->size;
 		return;
 	}
-	(void) sshbuf_check_sanity(buf);
+	if (sshbuf_check_sanity(buf) != 0)
+		return;
 	buf->off = buf->size = 0;
 	if (buf->alloc != SSHBUF_SIZE_INIT) {
 		if ((d = recallocarray(buf->d, buf->alloc, SSHBUF_SIZE_INIT,
@@ -186,7 +189,7 @@ sshbuf_reset(struct sshbuf *buf)
 			buf->alloc = SSHBUF_SIZE_INIT;
 		}
 	}
-	explicit_bzero(buf->d, SSHBUF_SIZE_INIT);
+	explicit_bzero(buf->d, buf->alloc);
 }
 
 size_t

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list