New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix memory corruption introduced by CVE-2017-16927 fix. #979

merged 1 commit into from Dec 21, 2017


None yet
3 participants

Natureshadow commented Dec 20, 2017

No description provided.


This comment has been minimized.


speidy commented Dec 20, 2017

wow, good catch.


speidy approved these changes Dec 20, 2017

@@ -226,7 +226,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
/* reading username */
in_uint16_be(c->in_s, sz);
buf = g_new0(char, sz);
buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';

This comment has been minimized.


speidy Dec 20, 2017


I think this is redundant now. we can leave it for the sake of readability

@metalefty metalefty added this to the v0.9.5 milestone Dec 21, 2017


This comment has been minimized.


metalefty commented Dec 21, 2017

Good catch. Let's ship it to v0.9.5.

@metalefty metalefty merged commit 3244cb5 into neutrinolabs:devel Dec 21, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment