upstream: fatal out if allocating banner string fails to avoid

potential null deref later in sscanf.  Spotted by Coverity, ok deraadt@

OpenBSD-Commit-ID: 74e8d228ac00552e96e9e968dfcccf8dd1f46ad5
This commit is contained in:
dtucker@openbsd.org 2023-02-28 21:31:50 +00:00 committed by Darren Tucker
parent 44ca56ba0b
commit 8ead62ed5e
No known key found for this signature in database
1 changed files with 2 additions and 2 deletions

4
kex.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.c,v 1.174 2023/02/17 04:22:50 dtucker Exp $ */ /* $OpenBSD: kex.c,v 1.175 2023/02/28 21:31:50 dtucker Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* *
@ -1345,7 +1345,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
} }
peer_version_string = sshbuf_dup_string(peer_version); peer_version_string = sshbuf_dup_string(peer_version);
if (peer_version_string == NULL) if (peer_version_string == NULL)
error_f("sshbuf_dup_string failed"); fatal_f("sshbuf_dup_string failed");
/* XXX must be same size for sscanf */ /* XXX must be same size for sscanf */
if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) { if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) {
error_f("calloc failed"); error_f("calloc failed");