sftp_read: return error if a too large package arrives

2012-11-06 22:29:32 +01:00 · 2012-11-06 22:29:32 +01:00 · 437a3b75ec
commit 437a3b75ec
parent a3ad635db4
1 changed files with 8 additions and 0 deletions
--- a/src/sftp.c
+++ b/src/sftp.c
@ -1488,6 +1488,14 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
                    return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,
                                          "SFTP Protocol badness");

+                if(rc32 > chunk->len) {
+                    /* A chunk larger than we requested was returned to us.
+                       This is a protocol violation and we don't know how to
+                       deal with it. Bail out! */
+                    return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,
+                                          "FXP_READ response too big");
+                }
+
                if(rc32 != chunk->len) {
                    /* a short read does not imply end of file, but we must
                       adjust the offset_sent since it was advanced with a