jh163888/xrdp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix memory corruption introduced by CVE-2017-16927 fix.

Browse Source
This commit is contained in:
Dominik George 2017-12-20 19:48:52 +01:00 committed by metalefty
parent 84c160725a
commit 3244cb59d5
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sesman/libscp/libscp_v0.c
View File

@ -226,7 +226,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
/* reading username */
in_uint16_be(c->in_s, sz);
buf = g_new0(char, sz);
buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
if (0 != scp_session_set_username(session, buf))
@ -240,7 +240,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
/* reading password */
in_uint16_be(c->in_s, sz);
buf = g_new0(char, sz);
buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
if (0 != scp_session_set_password(session, buf))
@ -276,7 +276,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
if (sz > 0)
{
buf = g_new0(char, sz);
buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
scp_session_set_domain(session, buf);
@ -291,7 +291,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
if (sz > 0)
{
buf = g_new0(char, sz);
buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
scp_session_set_program(session, buf);
@ -306,7 +306,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
if (sz > 0)
{
buf = g_new0(char, sz);
buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
scp_session_set_directory(session, buf);
@ -321,7 +321,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
if (sz > 0)
{
buf = g_new0(char, sz);
buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
scp_session_set_client_ip(session, buf);
@ -344,7 +344,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
scp_session_set_type(session, SCP_GW_AUTHENTICATION);
/* reading username */
in_uint16_be(c->in_s, sz);
buf = g_new0(char, sz);
buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
@ -360,7 +360,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
/* reading password */
in_uint16_be(c->in_s, sz);
buf = g_new0(char, sz);
buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';