diff options
| author | Damien Miller <djm@mindrot.org> | 2006-04-23 12:06:49 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2006-04-23 12:06:49 +1000 |
| commit | b5ea7e7c037be2702fa1664b762aff2e019dcb0e (patch) | |
| tree | cbf2ef7cf131261a5862aec2f0c5ee09f544650d | |
| parent | 58ca98bfe12b65f4d445dc05b422f672c51caa4b (diff) | |
- djm@cvs.openbsd.org 2006/04/16 07:59:00
[atomicio.c]
reorder sanity test so that it cannot dereference past the end of the
iov array; well spotted canacar@!
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | atomicio.c | 4 |
2 files changed, 7 insertions, 3 deletions
@@ -37,6 +37,10 @@ commands, which would result in a separate tiny packet on the wire by using atomiciov(writev, ...) to write the length and the command in one pass; ok deraadt@ + - djm@cvs.openbsd.org 2006/04/16 07:59:00 + [atomicio.c] + reorder sanity test so that it cannot dereference past the end of the + iov array; well spotted canacar@! 20060421 - (djm) [Makefile.in configure.ac session.c sshpty.c] @@ -4548,4 +4552,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4309 2006/04/23 02:06:35 djm Exp $ +$Id: ChangeLog,v 1.4310 2006/04/23 02:06:49 djm Exp $ @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.c,v 1.18 2006/04/16 00:52:55 djm Exp $ */ +/* $OpenBSD: atomicio.c,v 1.19 2006/04/16 07:59:00 djm Exp $ */ /* * Copyright (c) 2006 Damien Miller. All rights reserved. * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. @@ -99,7 +99,7 @@ atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd, iovcnt--; } /* This shouldn't happen... */ - if (rem > iov[0].iov_len || (rem > 0 && iovcnt <= 0)) { + if (rem > 0 && (iovcnt <= 0 || rem > iov[0].iov_len)) { errno = EFAULT; return 0; } |