- tobias@cvs.openbsd.org 2009/03/23 19:38:04

[ssh-agent.c] My previous commit didn't fix the problem at all, so stick at my first version of the fix presented to dtucker. Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de). ok dtucker
2024-12-22 18:02:20 +00:00 · 2009-06-21 17:50:15 +10:00 · 2009-06-21 17:50:15 +10:00 · 9013323644
commit 9013323644
parent a0964504e1
2 changed files with 10 additions and 3 deletions
--- a/6
+++ b/6
@ -16,6 +16,12 @@
     Fixed a possible out-of-bounds memory access if the environment variable
     SHELL is shorter than 3 characters.
     with input by and ok dtucker
   - tobias@cvs.openbsd.org 2009/03/23 19:38:04
     [ssh-agent.c]
     My previous commit didn't fix the problem at all, so stick at my first
     version of the fix presented to dtucker.
     Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de).
     ok dtucker
 20090616
 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t
--- a/ssh-agent.c
+++ b/ssh-agent.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.160 2009/03/23 08:31:19 tobias Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.161 2009/03/23 19:38:04 tobias Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1061,6 +1061,7 @@ main(int ac, char **av)
 	pid_t pid;
 	char pidstrbuf[1 + 3 * sizeof pid];
 	struct timeval *tvp = NULL;
 	size_t len;
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
@ -1121,8 +1122,8 @@ main(int ac, char **av)
 	if (ac == 0 && !c_flag && !s_flag) {
 		shell = getenv("SHELL");
-		if (shell != NULL &&
+		if (shell != NULL && (len = strlen(shell)) > 2 &&
-		    strncmp(shell + MAX(strlen(shell) - 3, 0), "csh", 3) == 0)
+		    strncmp(shell + len - 3, "csh", 3) == 0)
 			c_flag = 1;
 	}
 	if (k_flag) {