upstream: Fix overflow check in sshbuf_dup_string. It's already

author dtucker@openbsd.org <dtucker@openbsd.org>

Mon, 16 Jun 2025 09:02:19 +0000 (09:02 +0000)

committer Darren Tucker <dtucker@dtucker.net>

Mon, 16 Jun 2025 10:03:34 +0000 (20:03 +1000)
author dtucker@openbsd.org <dtucker@openbsd.org>
Mon, 16 Jun 2025 09:02:19 +0000 (09:02 +0000)
committer Darren Tucker <dtucker@dtucker.net>
Mon, 16 Jun 2025 10:03:34 +0000 (20:03 +1000)
diff --git a/sshbuf-misc.c b/sshbuf-misc.c

index adbf9903b4d89875c3801304409d5fd89e2d5e13..201279faf0f22005ba7d105f23af2db5c2943b70 100644 (file)
--- a/sshbuf-misc.c
+++ b/sshbuf-misc.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sshbuf-misc.c,v 1.19 2025/05/21 06:43:48 djm Exp $    */
+/*     $OpenBSD: sshbuf-misc.c,v 1.20 2025/06/16 09:02:19 dtucker Exp $        */
  /*
   * Copyright (c) 2011 Damien Miller
   *
@@ -254,7 +254,7 @@ sshbuf_dup_string(struct sshbuf *buf)
         size_t l = sshbuf_len(buf);
         char *r;
  
-       if (s == NULL || l > SIZE_MAX)
+       if (s == NULL || l >= SIZE_MAX)
                 return NULL;
         /* accept a nul only as the last character in the buffer */
         if (l > 0 && (p = memchr(s, '\0', l)) != NULL) {
author	dtucker@openbsd.org <dtucker@openbsd.org>
	Mon, 16 Jun 2025 09:02:19 +0000 (09:02 +0000)
committer	Darren Tucker <dtucker@dtucker.net>
	Mon, 16 Jun 2025 10:03:34 +0000 (20:03 +1000)