[openssh-commits] [openssh] 05/09: upstream: Extend sshbuf validation
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Aug 15 12:21:05 AEST 2024
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 56ce0aa3c6cf28d9fcbce3207457abeac91b5050
Author: tobias at openbsd.org <tobias at openbsd.org>
AuthorDate: Wed Aug 14 15:40:30 2024 +0000
upstream: Extend sshbuf validation
Multiple sshbuf structs can be linked through a parent/child relationship.
Make sure that a single sshbuf cannot be its own parent. If this would ever
happen, it would result in reference counting issues.
This is a cheap way of testing this with very little overhead. It does not
detect A->B->A linkages though for performance reason and the fact that it
takes a programming error for this to occur anyway.
Authored with Benny Baumann (BenBE at geshi dot org).
ok djm@
OpenBSD-Commit-ID: fb3fa9ee2cad3c7e842ebadfd7f5db220c4aaf16
---
sshbuf.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sshbuf.c b/sshbuf.c
index 690dce6f..0ae3095d 100644
--- a/sshbuf.c
+++ b/sshbuf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshbuf.c,v 1.21 2024/08/14 15:37:11 tobias Exp $ */
+/* $OpenBSD: sshbuf.c,v 1.22 2024/08/14 15:40:30 tobias Exp $ */
/*
* Copyright (c) 2011 Damien Miller
*
@@ -57,6 +57,7 @@ sshbuf_check_sanity(const struct sshbuf *buf)
SSHBUF_TELL("sanity");
if (__predict_false(buf == NULL ||
(!buf->readonly && buf->d != buf->cd) ||
+ buf->parent == buf ||
buf->refcount < 1 || buf->refcount > SSHBUF_REFS_MAX ||
buf->cd == NULL ||
buf->max_size > SSHBUF_SIZE_MAX ||
@@ -132,7 +133,8 @@ sshbuf_set_parent(struct sshbuf *child, struct sshbuf *parent)
if ((r = sshbuf_check_sanity(child)) != 0 ||
(r = sshbuf_check_sanity(parent)) != 0)
return r;
- if (child->parent != NULL && child->parent != parent)
+ if ((child->parent != NULL && child->parent != parent) ||
+ child == parent)
return SSH_ERR_INTERNAL_ERROR;
child->parent = parent;
child->parent->refcount++;
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list