diff options
| author | Dominik George <nik@naturalnet.de> | 2017-12-20 19:48:52 +0100 |
|---|---|---|
| committer | metalefty <meta@vmeta.jp> | 2017-12-21 14:07:51 +0900 |
| commit | 3244cb59d526b310005b9983d5c1ba1ca387384f (patch) | |
| tree | 3e1e196441069e6421368bb4b9b71e60ec4d6403 | |
| parent | 84c160725a671a4eaf546e557ed5f5716becbdb0 (diff) | |
| download | xrdp-proprietary-3244cb59d526b310005b9983d5c1ba1ca387384f.tar.gz xrdp-proprietary-3244cb59d526b310005b9983d5c1ba1ca387384f.zip | |
Fix memory corruption introduced by CVE-2017-16927 fix.
| -rw-r--r-- | sesman/libscp/libscp_v0.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c index 56934078..61bf4fda 100644 --- a/sesman/libscp/libscp_v0.c +++ b/sesman/libscp/libscp_v0.c @@ -226,7 +226,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) /* reading username */ in_uint16_be(c->in_s, sz); - buf = g_new0(char, sz); + buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; if (0 != scp_session_set_username(session, buf)) @@ -240,7 +240,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) /* reading password */ in_uint16_be(c->in_s, sz); - buf = g_new0(char, sz); + buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; if (0 != scp_session_set_password(session, buf)) @@ -276,7 +276,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) if (sz > 0) { - buf = g_new0(char, sz); + buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; scp_session_set_domain(session, buf); @@ -291,7 +291,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) if (sz > 0) { - buf = g_new0(char, sz); + buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; scp_session_set_program(session, buf); @@ -306,7 +306,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) if (sz > 0) { - buf = g_new0(char, sz); + buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; scp_session_set_directory(session, buf); @@ -321,7 +321,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) if (sz > 0) { - buf = g_new0(char, sz); + buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; scp_session_set_client_ip(session, buf); @@ -344,7 +344,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) scp_session_set_type(session, SCP_GW_AUTHENTICATION); /* reading username */ in_uint16_be(c->in_s, sz); - buf = g_new0(char, sz); + buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; @@ -360,7 +360,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) /* reading password */ in_uint16_be(c->in_s, sz); - buf = g_new0(char, sz); + buf = g_new0(char, sz + 1); in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; |