From 894bbf3137425409e297e5695dd6070166f98d3b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 5 Oct 2012 11:37:09 +0200
Subject: CVE-2012-4560: Fix a write one past the end of the 'u' buffer.

---
 src/misc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/misc.c b/src/misc.c
index 64d9e0c..c2876bd 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -659,7 +659,7 @@ char *ssh_path_expand_tilde(const char *d) {
         size_t s = p - d;
         char u[128];
 
-        if (s > sizeof(u)) {
+        if (s >= sizeof(u)) {
             return NULL;
         }
         memcpy(u, d, s);
-- 
cgit