From: tobhe@openbsd.org <tobhe@openbsd.org>
Date: Mon, 13 Nov 2023 09:18:19 +0000 (+0000)
Subject: upstream: Make sure sftp_get_limits() only returns 0 if 'limits'
X-Git-Tag: V_9_6_P1~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=676377ce67807a24e08a54cd60ec832946cc6cae;p=thirdparty%2Fopenssh-portable.git

upstream: Make sure sftp_get_limits() only returns 0 if 'limits'

was initialized. This fixes a potential uninitialized use of 'limits' in
sftp_init() if sftp_get_limits() returned early because of an unexpected
message type.

ok djm@

OpenBSD-Commit-ID: 1c177d7c3becc1d71bc8763eecf61873a1d3884c
---

diff --git a/sftp-client.c b/sftp-client.c
index 2598029f7..5cc8bb539 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.c,v 1.174 2023/09/08 06:10:02 djm Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.175 2023/11/13 09:18:19 tobhe Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -656,7 +656,7 @@ sftp_get_limits(struct sftp_conn *conn, struct sftp_limits *limits)
 		/* Disable the limits extension */
 		conn->exts &= ~SFTP_EXT_LIMITS;
 		sshbuf_free(msg);
-		return 0;
+		return -1;
 	}
 
 	memset(limits, 0, sizeof(*limits));