diff options
author | dtucker <dtucker> | 2009-06-21 07:50:15 +0000 |
---|---|---|
committer | dtucker <dtucker> | 2009-06-21 07:50:15 +0000 |
commit | 0ce10f3a9abaf26938bd13e98fe99fb16fb9a66b (patch) | |
tree | cbea06d2763e4fdeb1baa3c87c783dc578729a00 | |
parent | f2bf717b077f22ceaf1facf9cc75d4c83718b253 (diff) | |
download | openssh-0ce10f3a9abaf26938bd13e98fe99fb16fb9a66b.tar.gz |
- tobias@cvs.openbsd.org 2009/03/23 19:38:04
[ssh-agent.c]
My previous commit didn't fix the problem at all, so stick at my first
version of the fix presented to dtucker.
Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de).
ok dtucker
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | ssh-agent.c | 7 |
2 files changed, 10 insertions, 3 deletions
@@ -16,6 +16,12 @@ Fixed a possible out-of-bounds memory access if the environment variable SHELL is shorter than 3 characters. with input by and ok dtucker + - tobias@cvs.openbsd.org 2009/03/23 19:38:04 + [ssh-agent.c] + My previous commit didn't fix the problem at all, so stick at my first + version of the fix presented to dtucker. + Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de). + ok dtucker 20090616 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t diff --git a/ssh-agent.c b/ssh-agent.c index 1a54a278..f77dea3a 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.160 2009/03/23 08:31:19 tobias Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.161 2009/03/23 19:38:04 tobias Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1061,6 +1061,7 @@ main(int ac, char **av) pid_t pid; char pidstrbuf[1 + 3 * sizeof pid]; struct timeval *tvp = NULL; + size_t len; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -1121,8 +1122,8 @@ main(int ac, char **av) if (ac == 0 && !c_flag && !s_flag) { shell = getenv("SHELL"); - if (shell != NULL && - strncmp(shell + MAX(strlen(shell) - 3, 0), "csh", 3) == 0) + if (shell != NULL && (len = strlen(shell)) > 2 && + strncmp(shell + len - 3, "csh", 3) == 0) c_flag = 1; } if (k_flag) { |