ref: f4905dbfaac0bd930634eec8df3920ed53c1bd02
parent: b0134a4b24585b911c8bd34db1a1dd7f37d12331
author: cinap_lenrek <cinap_lenrek@gmx.de>
date: Tue Dec 4 05:52:42 EST 2012
devssl: handle bad secretin/secretout ctl arguments (import from sources)
--- a/sys/src/9/port/devssl.c
+++ b/sys/src/9/port/devssl.c
@@ -1186,6 +1186,10 @@
m = (strlen(p)*3)/2;
x = smalloc(m);
t = dec64(x, m, p, strlen(p));
+ if(t <= 0){+ free(x);
+ error(Ebadarg);
+ }
setsecret(&s->in, x, t);
free(x);
} else if(strcmp(buf, "secretout") == 0 && p != 0) {@@ -1192,6 +1196,10 @@
m = (strlen(p)*3)/2 + 1;
x = smalloc(m);
t = dec64(x, m, p, strlen(p));
+ if(t <= 0){+ free(x);
+ error(Ebadarg);
+ }
setsecret(&s->out, x, t);
free(x);
} else
--
⑨