Small bug in mux_master_read_cb()
Howard Chu
hyc at symas.com
Thu Jun 17 10:01:00 EST 2010
I'm looking at the code from CVS as of May 21. The statement to allocate the
mux state is allocating the size of a pointer, instead of the size of the
struct being pointed to. The bug is benign in the original code because the
struct has only an int element inside it, but it would corrupt memory if the
struct were to be extended.
Simple fix here:
diff --git a/mux.c b/mux.c
index 3f5babc..f151021 100644
--- a/mux.c
+++ b/mux.c
@@ -931,7 +976,7 @@ mux_master_read_cb(Channel *c)
/* Setup ctx and */
if (c->mux_ctx == NULL) {
- state = xcalloc(1, sizeof(state));
+ state = xcalloc(1, sizeof(*state));
c->mux_ctx = state;
channel_register_cleanup(c->self,
mux_master_control_cleanup_cb, 0);
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the openssh-unix-dev
mailing list