diff --git a/ChangeLog b/ChangeLog index cd1c913f3..e9ac1c55b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - deraadt@cvs.openbsd.org 2006/11/14 19:41:04 [ssh-keygen.c] use argc and argv not some made up short form + - ray@cvs.openbsd.org 2006/11/23 01:35:11 + [misc.c sftp.c] + Don't access buf[strlen(buf) - 1] for zero-length strings. + ``ok by me'' djm@. 20061205 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would @@ -2623,4 +2627,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4592 2007/01/05 05:22:57 djm Exp $ +$Id: ChangeLog,v 1.4593 2007/01/05 05:24:47 djm Exp $ diff --git a/misc.c b/misc.c index 78bca2fae..625a34368 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.64 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: misc.c,v 1.65 2006/11/23 01:35:11 ray Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -616,6 +616,8 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, u_long *lineno) { while (fgets(buf, bufsz, f) != NULL) { + if (buf[0] == '\0') + continue; (*lineno)++; if (buf[strlen(buf) - 1] == '\n' || feof(f)) { return 0; diff --git a/sftp.c b/sftp.c index a39c782f7..990b0cbbd 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.93 2006/09/30 17:48:22 ray Exp $ */ +/* $OpenBSD: sftp.c,v 1.94 2006/11/23 01:35:11 ray Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -298,11 +298,11 @@ static char * path_append(char *p1, char *p2) { char *ret; - int len = strlen(p1) + strlen(p2) + 2; + size_t len = strlen(p1) + strlen(p2) + 2; ret = xmalloc(len); strlcpy(ret, p1, len); - if (p1[strlen(p1) - 1] != '/') + if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/') strlcat(ret, "/", len); strlcat(ret, p2, len);