diff options
author | Ondrej Holy <oholy@redhat.com> | 2016-04-13 09:23:05 +0200 |
---|---|---|
committer | Ondrej Holy <oholy@redhat.com> | 2016-04-13 10:14:28 +0200 |
commit | 4a156988465cb86ee40f0d4454f5c38f895b92f8 (patch) | |
tree | 68661b306b03434787bf0174d53b7b8436e0124b /daemon | |
parent | 442ccb08616dcfac4e5554ba9c43b50668192f3a (diff) | |
download | gvfs-4a156988465cb86ee40f0d4454f5c38f895b92f8.tar.gz |
sftp: Fix hostname and ip name parsing
The value returned from strchr is immediately incremented. So NULL
is incremented if char is not found, therefore consequent check is
always true and next strchr can cause a segfault.
https://bugzilla.gnome.org/show_bug.cgi?id=545445
Diffstat (limited to 'daemon')
-rw-r--r-- | daemon/gvfsbackendsftp.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/daemon/gvfsbackendsftp.c b/daemon/gvfsbackendsftp.c index 5f23d7f0..2788646b 100644 --- a/daemon/gvfsbackendsftp.c +++ b/daemon/gvfsbackendsftp.c @@ -854,9 +854,10 @@ get_hostname_and_ip_address (const gchar *buffer, * Warning: the ECDSA/RSA host key for 'hostname' differs from the key for the IP address '...' * First get the hostname. */ - startpos = strchr (buffer, '\'') + 1; + startpos = strchr (buffer, '\''); if (!startpos) return FALSE; + startpos++; endpos = strchr (startpos, '\''); if (!endpos) @@ -865,12 +866,13 @@ get_hostname_and_ip_address (const gchar *buffer, *hostname_out = g_strndup (startpos, endpos - startpos); /* Then get the ip address. */ - startpos = strchr (endpos + 1, '\'') + 1; + startpos = strchr (endpos + 1, '\''); if (!startpos) { g_free (hostname_out); return FALSE; } + startpos++; endpos = strchr (startpos, '\''); if (!endpos) |