[PATCH] Fix buffer overrun
Damien Miller
djm at mindrot.org
Fri Jun 26 11:44:55 AEST 2015
On Thu, 25 Jun 2015, Salvador Fandino wrote:
> And now the proper fix (hopefully)!
Good catch, I think it should return failure in this case though. An
escape at the end of the line is bad syntax.
diff --git a/readconf.c b/readconf.c
index 0d41d78..06d600c 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1913,7 +1913,8 @@ parse_fwd_field(char **p, struct fwdarg *fwd)
switch (*cp) {
case '\\':
memmove(cp, cp + 1, strlen(cp + 1) + 1);
- cp++;
+ if (*cp == '\0')
+ return -1;
break;
case '/':
ispath = 1;
More information about the openssh-unix-dev
mailing list