[gvfs] sftp: Fix hostname and ip name parsing



commit 4a156988465cb86ee40f0d4454f5c38f895b92f8
Author: Ondrej Holy <oholy redhat com>
Date:   Wed Apr 13 09:23:05 2016 +0200

    sftp: Fix hostname and ip name parsing
    
    The value returned from strchr is immediately incremented. So NULL
    is incremented if char is not found, therefore consequent check is
    always true and next strchr can cause a segfault.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=545445

 daemon/gvfsbackendsftp.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)
---
diff --git a/daemon/gvfsbackendsftp.c b/daemon/gvfsbackendsftp.c
index 5f23d7f..2788646 100644
--- a/daemon/gvfsbackendsftp.c
+++ b/daemon/gvfsbackendsftp.c
@@ -854,9 +854,10 @@ get_hostname_and_ip_address (const gchar *buffer,
    * Warning: the ECDSA/RSA host key for 'hostname' differs from the key for the IP address '...'
    * First get the hostname.
    */
-  startpos = strchr (buffer, '\'') + 1;
+  startpos = strchr (buffer, '\'');
   if (!startpos)
     return FALSE;
+  startpos++;
 
   endpos = strchr (startpos, '\'');
   if (!endpos)
@@ -865,12 +866,13 @@ get_hostname_and_ip_address (const gchar *buffer,
   *hostname_out = g_strndup (startpos, endpos - startpos);
 
   /* Then get the ip address. */
-  startpos = strchr (endpos + 1, '\'') + 1;
+  startpos = strchr (endpos + 1, '\'');
   if (!startpos)
     {
       g_free (hostname_out);
       return FALSE;
     }
+  startpos++;
 
   endpos = strchr (startpos, '\'');
   if (!endpos)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]