sftp: Fix hostname and ip name parsing

The value returned from strchr is immediately incremented. So NULL is incremented if char is not found, therefore consequent check is always true and next strchr can cause a segfault. https://bugzilla.gnome.org/show_bug.cgi?id=545445
author: Ondrej Holy <oholy@redhat.com> 2016-04-13 09:23:05 +0200
committer: Ondrej Holy <oholy@redhat.com> 2016-04-13 10:14:28 +0200
commit: 4a156988465cb86ee40f0d4454f5c38f895b92f8 (patch)
tree: 68661b306b03434787bf0174d53b7b8436e0124b /daemon
parent: 442ccb08616dcfac4e5554ba9c43b50668192f3a (diff)
download: gvfs-4a156988465cb86ee40f0d4454f5c38f895b92f8.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/daemon/gvfsbackendsftp.c b/daemon/gvfsbackendsftp.c
index 5f23d7f0..2788646b 100644
--- a/daemon/gvfsbackendsftp.c
+++ b/daemon/gvfsbackendsftp.c
@@ -854,9 +854,10 @@ get_hostname_and_ip_address (const gchar *buffer,
    * Warning: the ECDSA/RSA host key for 'hostname' differs from the key for the IP address '...'
    * First get the hostname.
    */
-  startpos = strchr (buffer, '\'') + 1;
+  startpos = strchr (buffer, '\'');
   if (!startpos)
     return FALSE;
+  startpos++;
 
   endpos = strchr (startpos, '\'');
   if (!endpos)
@@ -865,12 +866,13 @@ get_hostname_and_ip_address (const gchar *buffer,
   *hostname_out = g_strndup (startpos, endpos - startpos);
 
   /* Then get the ip address. */
-  startpos = strchr (endpos + 1, '\'') + 1;
+  startpos = strchr (endpos + 1, '\'');
   if (!startpos)
     {
       g_free (hostname_out);
       return FALSE;
     }
+  startpos++;
 
   endpos = strchr (startpos, '\'');
   if (!endpos)
author	Ondrej Holy <oholy@redhat.com>	2016-04-13 09:23:05 +0200
committer	Ondrej Holy <oholy@redhat.com>	2016-04-13 10:14:28 +0200
commit	4a156988465cb86ee40f0d4454f5c38f895b92f8 (patch)
tree	68661b306b03434787bf0174d53b7b8436e0124b /daemon
parent	442ccb08616dcfac4e5554ba9c43b50668192f3a (diff)
download	gvfs-4a156988465cb86ee40f0d4454f5c38f895b92f8.tar.gz