[PATCH] openbsd-compat/port-tun.c: fix missing NULL check

Albert S. mail at quitesimple.org
Tue Jun 16 03:35:04 AEST 2015


Hello,

file openbsd-compat/port-tun.c, function sys_tun_outfilter().

This moves the "*dlen < sizeof(*af)" check inside the if-block above it,
thus avoiding a potential NULL dereference.

Found with clang's scan-build.

--- a/openbsd-compat/port-tun.c
+++ b/openbsd-compat/port-tun.c
@@ -260,10 +260,11 @@ sys_tun_outfilter(struct Channel *c, u_char
**data, u_int *dlen)
 	/* XXX new API is incompatible with this signature. */
 	if ((r = sshbuf_get_string(&c->output, data, &xxx_dlen)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	if (dlen != NULL)
+	if (dlen != NULL) {
 		*dlen = xxx_dlen;
-	if (*dlen < sizeof(*af))
-		return (NULL);
+		if (*dlen < sizeof(*af))
+			return (NULL);
+	}
 	buf = *data;

 #if defined(SSH_TUN_PREPEND_AF)

Best regards,
Albert


More information about the openssh-unix-dev mailing list