From 1493b4466fa394b321d196ad63dd6a4fa395d337 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 3 Jun 2020 10:04:09 +0200
Subject: [PATCH 1/4] sftpserver: Add missing NULL check for ssh_buffer_new()

Thanks to Ramin Farajpour Cami for spotting this.

Fixes T232

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/sftpserver.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/sftpserver.c b/src/sftpserver.c
index 5a2110e5..b639a2ce 100644
--- a/src/sftpserver.c
+++ b/src/sftpserver.c
@@ -67,6 +67,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
 
   /* take a copy of the whole packet */
   msg->complete_message = ssh_buffer_new();
+  if (msg->complete_message == NULL) {
+      ssh_set_error_oom(session);
+      sftp_client_message_free(msg);
+      return NULL;
+  }
+
   ssh_buffer_add_data(msg->complete_message,
                       ssh_buffer_get(payload),
                       ssh_buffer_get_len(payload));
-- 
GitLab


From dbfb7f44aa905a7103bdde9a198c1e9b0f480c2e Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 3 Jun 2020 10:05:51 +0200
Subject: [PATCH 2/4] sftpserver: Add missing return check for
 ssh_buffer_add_data()

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/sftpserver.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/sftpserver.c b/src/sftpserver.c
index b639a2ce..9117f155 100644
--- a/src/sftpserver.c
+++ b/src/sftpserver.c
@@ -73,9 +73,14 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
       return NULL;
   }
 
-  ssh_buffer_add_data(msg->complete_message,
-                      ssh_buffer_get(payload),
-                      ssh_buffer_get_len(payload));
+  rc = ssh_buffer_add_data(msg->complete_message,
+                           ssh_buffer_get(payload),
+                           ssh_buffer_get_len(payload));
+  if (rc < 0) {
+      ssh_set_error_oom(session);
+      sftp_client_message_free(msg);
+      return NULL;
+  }
 
   ssh_buffer_get_u32(payload, &msg->id);
 
-- 
GitLab


From 65ae496222018221080dd753a52f6d70bf3ca5f3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 3 Jun 2020 10:10:11 +0200
Subject: [PATCH 3/4] buffer: Reformat ssh_buffer_add_data()

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/buffer.c | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/src/buffer.c b/src/buffer.c
index a2e6246a..476bc135 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -299,28 +299,29 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
  */
 int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
 {
-  buffer_verify(buffer);
+    buffer_verify(buffer);
 
-  if (data == NULL) {
-      return -1;
-  }
+    if (data == NULL) {
+        return -1;
+    }
 
-  if (buffer->used + len < len) {
-    return -1;
-  }
+    if (buffer->used + len < len) {
+        return -1;
+    }
 
-  if (buffer->allocated < (buffer->used + len)) {
-    if(buffer->pos > 0)
-      buffer_shift(buffer);
-    if (realloc_buffer(buffer, buffer->used + len) < 0) {
-      return -1;
+    if (buffer->allocated < (buffer->used + len)) {
+        if (buffer->pos > 0) {
+            buffer_shift(buffer);
+        }
+        if (realloc_buffer(buffer, buffer->used + len) < 0) {
+            return -1;
+        }
     }
-  }
 
-  memcpy(buffer->data+buffer->used, data, len);
-  buffer->used+=len;
-  buffer_verify(buffer);
-  return 0;
+    memcpy(buffer->data + buffer->used, data, len);
+    buffer->used += len;
+    buffer_verify(buffer);
+    return 0;
 }
 
 /**
-- 
GitLab


From df0acab3a077bd8ae015e3e8b4c71ff31b5900fe Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 3 Jun 2020 10:11:21 +0200
Subject: [PATCH 4/4] buffer: Add NULL check for 'buffer' argument

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/buffer.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/buffer.c b/src/buffer.c
index 476bc135..ce12f491 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
  */
 int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
 {
+    if (buffer == NULL) {
+        return -1;
+    }
+
     buffer_verify(buffer);
 
     if (data == NULL) {
-- 
GitLab