Small bug in mux_master_read_cb()
Damien Miller
djm at mindrot.org
Thu Jun 17 17:07:38 EST 2010
applied, thanks.
On Wed, 16 Jun 2010, Howard Chu wrote:
> I'm looking at the code from CVS as of May 21. The statement to allocate the
> mux state is allocating the size of a pointer, instead of the size of the
> struct being pointed to. The bug is benign in the original code because the
> struct has only an int element inside it, but it would corrupt memory if the
> struct were to be extended.
>
> Simple fix here:
>
> diff --git a/mux.c b/mux.c
> index 3f5babc..f151021 100644
> --- a/mux.c
> +++ b/mux.c
> @@ -931,7 +976,7 @@ mux_master_read_cb(Channel *c)
>
> /* Setup ctx and */
> if (c->mux_ctx == NULL) {
> - state = xcalloc(1, sizeof(state));
> + state = xcalloc(1, sizeof(*state));
> c->mux_ctx = state;
> channel_register_cleanup(c->self,
> mux_master_control_cleanup_cb, 0);
>
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list