- updated

author Tomek Orzechowski <orzech@pld-linux.org>

Wed, 17 Sep 2003 07:51:40 +0000 (07:51 +0000)

committer cvs2git <feedback@pld-linux.org>

Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
author Tomek Orzechowski <orzech@pld-linux.org>
Wed, 17 Sep 2003 07:51:40 +0000 (07:51 +0000)
committer cvs2git <feedback@pld-linux.org>
Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
diff --git a/openssh-buffer_c_overflow.patch b/openssh-buffer_c_overflow.patch

index 85de86c4a7b5dcce6e6b2bd741ea717bf78ad899..c5249deefd172b46446ba8d7a3a4212c4c4eb435 100644 (file)
--- a/openssh-buffer_c_overflow.patch
+++ b/openssh-buffer_c_overflow.patch
@@ -1,24 +1,70 @@
---- openssh-3.2.3p1/buffer.c~  Tue Sep 16 16:18:17 2003
-+++ openssh-3.2.3p1/buffer.c   Tue Sep 16 16:26:59 2003
-@@ -69,6 +69,7 @@
+--- openssh-3.2.3p1/buffer.c   26 Jun 2002 08:54:18 -0000      1.16
++++ openssh-3.2.3p1/buffer.c   16 Sep 2003 21:02:39 -0000      1.18
+@@ -23,8 +23,11 @@
+ void
+ buffer_init(Buffer *buffer)
+ {
+-      buffer->alloc = 4096;
+-      buffer->buf = xmalloc(buffer->alloc);
++      const u_int len = 4096;
++
++      buffer->alloc = 0;
++      buffer->buf = xmalloc(len);
++      buffer->alloc = len;
+       buffer->offset = 0;
+       buffer->end = 0;
+ }
+@@ -34,8 +37,10 @@
+ void
+ buffer_free(Buffer *buffer)
+ {
+-      memset(buffer->buf, 0, buffer->alloc);
+-      xfree(buffer->buf);
++      if (buffer->alloc > 0) {
++              memset(buffer->buf, 0, buffer->alloc);
++              xfree(buffer->buf);
++      }
+ }
+ 
+ /*
+@@ -69,6 +74,7 @@
   void *
   buffer_append_space(Buffer *buffer, u_int len)
   {
  +      u_int newlen;
         void *p;
   
-       /* If the buffer is empty, start using it from the beginning. */
-@@ -95,8 +96,11 @@
+       if (len > 0x100000)
+@@ -95,8 +101,13 @@
                 goto restart;
         }
         /* Increase the size of the buffer and retry. */
  -      buffer->alloc += len + 32768;
  -      buffer->buf = xrealloc(buffer->buf, buffer->alloc);
++
  +      newlen = buffer->alloc + len + 32768;
  +      if (newlen > 0xa00000)
-+              fatal("buffer_append_space: alloc %u not supported", newlen);
++              fatal("buffer_append_space: alloc %u not supported",
++                  newlen);
  +      buffer->buf = xrealloc(buffer->buf, newlen);
  +      buffer->alloc = newlen;
         goto restart;
         /* NOTREACHED */
   }
+--- openssh-3.2.3p1/channels.c 29 Aug 2003 10:04:36 -0000      1.194
++++ openssh-3.2.3p1/channels.c 16 Sep 2003 21:02:40 -0000      1.195
+@@ -233,9 +233,13 @@
+       if (found == -1) {
+               /* There are no free slots.  Take last+1 slot and expand the array.  */
+               found = channels_alloc;
++              if (channels_alloc > 10000)
++                      fatal("channel_new: internal error: channels_alloc %d "
++                          "too big.", channels_alloc);
++              channels = xrealloc(channels,
++                  (channels_alloc + 10) * sizeof(Channel *));
+               channels_alloc += 10;
+               debug2("channel: expanding %d", channels_alloc);
+-              channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
+               for (i = found; i < channels_alloc; i++)
+                       channels[i] = NULL;
+       }
author	Tomek Orzechowski <orzech@pld-linux.org>
	Wed, 17 Sep 2003 07:51:40 +0000 (07:51 +0000)
committer	cvs2git <feedback@pld-linux.org>
	Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)