New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix memory corruption introduced by CVE-2017-16927 fix. #979

Merged
merged 1 commit into from Dec 21, 2017

Conversation

Projects
None yet
3 participants
@Natureshadow
Contributor

Natureshadow commented Dec 20, 2017

No description provided.

@speidy

This comment has been minimized.

Contributor

speidy commented Dec 20, 2017

wow, good catch.
Thanks.

@speidy

speidy approved these changes Dec 20, 2017

@@ -226,7 +226,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
/* reading username */
in_uint16_be(c->in_s, sz);
buf = g_new0(char, sz);
buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';

This comment has been minimized.

@speidy

speidy Dec 20, 2017

Contributor

I think this is redundant now. we can leave it for the sake of readability

@metalefty metalefty added this to the v0.9.5 milestone Dec 21, 2017

@metalefty

This comment has been minimized.

Member

metalefty commented Dec 21, 2017

Good catch. Let's ship it to v0.9.5.

@metalefty metalefty merged commit 3244cb5 into neutrinolabs:devel Dec 21, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment