- tobias@cvs.openbsd.org 2009/03/23 19:38:04

     [ssh-agent.c]
     My previous commit didn't fix the problem at all, so stick at my first
     version of the fix presented to dtucker.
     Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de).
     ok dtucker

2 files changed, 10 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index c851e8f7..0371cfc4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,12 @@
      Fixed a possible out-of-bounds memory access if the environment variable
      SHELL is shorter than 3 characters.
      with input by and ok dtucker
+   - tobias@cvs.openbsd.org 2009/03/23 19:38:04
+     [ssh-agent.c]
+     My previous commit didn't fix the problem at all, so stick at my first
+     version of the fix presented to dtucker.
+     Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de).
+     ok dtucker
 
 20090616
  - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t
diff --git a/ssh-agent.c b/ssh-agent.c
index 1a54a278..f77dea3a 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.160 2009/03/23 08:31:19 tobias Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.161 2009/03/23 19:38:04 tobias Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1061,6 +1061,7 @@ main(int ac, char **av)
 	pid_t pid;
 	char pidstrbuf[1 + 3 * sizeof pid];
 	struct timeval *tvp = NULL;
+	size_t len;
 
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
@@ -1121,8 +1122,8 @@ main(int ac, char **av)
 
 	if (ac == 0 && !c_flag && !s_flag) {
 		shell = getenv("SHELL");
-		if (shell != NULL &&
-		    strncmp(shell + MAX(strlen(shell) - 3, 0), "csh", 3) == 0)
+		if (shell != NULL && (len = strlen(shell)) > 2 &&
+		    strncmp(shell + len - 3, "csh", 3) == 0)
 			c_flag = 1;
 	}
 	if (k_flag) {