blob: 066233fcae0916031200f0b8d9938f1555613001 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
CVE: CVE-2020-22218
Upstream-Status: Backport [ https://github.com/libssh2/libssh2/commit/642eec48ff3adfdb7a9e562b6d7fc865d1733f45 ]
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
From 642eec48ff3adfdb7a9e562b6d7fc865d1733f45 Mon Sep 17 00:00:00 2001
From: lutianxiong <lutianxiong@huawei.com>
Date: Fri, 29 May 2020 01:25:40 +0800
Subject: [PATCH] transport.c: fix use-of-uninitialized-value (#476)
file:transport.c
notes:
return error if malloc(0)
credit:
lutianxiong
---
src/transport.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/transport.c b/src/transport.c
index 96fca6b8cc..adf96c2437 100644
--- a/src/transport.c
+++ b/src/transport.c
@@ -472,7 +472,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
/* Get a packet handle put data into. We get one to
hold all data, including padding and MAC. */
p->payload = LIBSSH2_ALLOC(session, total_num);
- if(!p->payload) {
+ if(total_num == 0 || !p->payload) {
return LIBSSH2_ERROR_ALLOC;
}
p->total_num = total_num;
|
