- tobias@cvs.openbsd.org 2009/03/23 08:31:19

[ssh-agent.c] Fixed a possible out-of-bounds memory access if the environment variable SHELL is shorter than 3 characters. with input by and ok dtucker
2009-06-21 17:49:36 +10:00 · 2009-06-21 17:49:36 +10:00 · a0964504e1
parent 3a6a51f387
commit a0964504e1
2 changed files with 7 additions and 2 deletions
--- a/5
+++ b/5
@ -11,6 +11,11 @@
     fixes documentation/6102, submitted by Peter J. Philipp
     alternative fix proposed by djm
     ok markus
+   - tobias@cvs.openbsd.org 2009/03/23 08:31:19
+     [ssh-agent.c]
+     Fixed a possible out-of-bounds memory access if the environment variable
+     SHELL is shorter than 3 characters.
+     with input by and ok dtucker

 20090616
 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t
--- a/ssh-agent.c
+++ b/ssh-agent.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.159 2008/06/28 14:05:15 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.160 2009/03/23 08:31:19 tobias Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1122,7 +1122,7 @@ main(int ac, char **av)
 	if (ac == 0 && !c_flag && !s_flag) {
 		shell = getenv("SHELL");
 		if (shell != NULL &&
-		    strncmp(shell + strlen(shell) - 3, "csh", 3) == 0)
+		    strncmp(shell + MAX(strlen(shell) - 3, 0), "csh", 3) == 0)
 			c_flag = 1;
 	}
 	if (k_flag) {