generic-library/ssh2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Applied Francois Dupoux's extra checks for weird packet or padding length in

Browse Source 
incoming packets. We really need to bail out this way on weird input.
bug report #2814613
This commit is contained in:
Daniel Stenberg 2009-07-07 13:26:42 +02:00
parent bea1beb4fd
commit acbdbb8914
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/transport.c
View File

@ -431,7 +431,12 @@ _libssh2_transport_read(LIBSSH2_SESSION * session)
* and we can extract packet and padding length from it * and we can extract packet and padding length from it
*/ */
p->packet_length = _libssh2_ntohu32(block); p->packet_length = _libssh2_ntohu32(block);
if ((p->packet_length < 1) || (p->packet_length > PACKETBUFSIZE))
return PACKET_FAIL;
p->padding_length = block[4]; p->padding_length = block[4];
if (p->padding_length < 0)
return PACKET_FAIL;
/* total_num is the number of bytes following the initial /* total_num is the number of bytes following the initial
(5 bytes) packet length and padding length fields */ (5 bytes) packet length and padding length fields */