From 64fca8a7ed83c3315781a77aac1ea36d52ff0c7e Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 5 Oct 2012 11:37:09 +0200
Subject: CVE-2012-4560: Fix a write one past the end of the 'u' buffer.

---
 src/misc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/misc.c b/src/misc.c
index dd5298f8..62230354 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -655,7 +655,7 @@ char *ssh_path_expand_tilde(const char *d) {
         size_t s = p - d;
         char u[128];
 
-        if (s > sizeof(u)) {
+        if (s >= sizeof(u)) {
             return NULL;
         }
         memcpy(u, d, s);
-- 
cgit