[openssh-commits] [openssh] 03/05: upstream: Fix overflow check in sshbuf_dup_string. It's already

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Jun 16 20:07:14 AEST 2025


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit df3f903d616763a105570610a616dacf0f83438e
Author: dtucker at openbsd.org <dtucker at openbsd.org>
AuthorDate: Mon Jun 16 09:02:19 2025 +0000

    upstream: Fix overflow check in sshbuf_dup_string. It's already
    
    constrained by SSHBUF_SIZE_MAX, but still worth fixing the check.  Patch from
    afonot via github PR#573, with & ok djm@
    
    OpenBSD-Commit-ID: 438888498e66472fc6a48133196d6538d27bff18
---
 sshbuf-misc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sshbuf-misc.c b/sshbuf-misc.c
index adbf9903b..201279faf 100644
--- a/sshbuf-misc.c
+++ b/sshbuf-misc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf-misc.c,v 1.19 2025/05/21 06:43:48 djm Exp $	*/
+/*	$OpenBSD: sshbuf-misc.c,v 1.20 2025/06/16 09:02:19 dtucker Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -254,7 +254,7 @@ sshbuf_dup_string(struct sshbuf *buf)
 	size_t l = sshbuf_len(buf);
 	char *r;
 
-	if (s == NULL || l > SIZE_MAX)
+	if (s == NULL || l >= SIZE_MAX)
 		return NULL;
 	/* accept a nul only as the last character in the buffer */
 	if (l > 0 && (p = memchr(s, '\0', l)) != NULL) {

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list