Displaying 1 result from an estimated 1 matches for "sshbuf_refs_max".
2024 Aug 13
1
[PATCH] harden parent-child check in sshbuf.c
...2024 16:52:58 -0000
@@ -55,6 +55,7 @@ sshbuf_check_sanity(const struct sshbuf
SSHBUF_TELL("sanity");
if (__predict_false(buf == NULL ||
(!buf->readonly && buf->d != buf->cd) ||
+ buf->parent == buf ||
buf->refcount < 1 || buf->refcount > SSHBUF_REFS_MAX ||
buf->cd == NULL ||
buf->max_size > SSHBUF_SIZE_MAX ||
@@ -130,7 +131,8 @@ sshbuf_set_parent(struct sshbuf *child,
if ((r = sshbuf_check_sanity(child)) != 0 ||
(r = sshbuf_check_sanity(parent)) != 0)
return r;
- if (child->parent != NULL && child->par...