Check for memory allocation errors.

git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@316 7dcaeef0-15fb-0310-b436-a5af3365683c
2025-11-30 13:01:23 +03:00 · 2009-04-01 10:23:52 +00:00
parent 186667724a
commit 10afd9818c
2 changed files with 27 additions and 9 deletions
--- a/libssh/crypt.c
+++ b/libssh/crypt.c
@@ -39,8 +39,12 @@

 u32 packet_decrypt_len(SSH_SESSION *session, char *crypted){
    u32 decrypted;
-    if(session->current_crypto)
-        packet_decrypt(session,crypted,session->current_crypto->in_cipher->blocksize);
+    if (session->current_crypto) {
+      if (packet_decrypt(session, crypted,
+            session->current_crypto->in_cipher->blocksize) < 0) {
+        return ntohl(0);
+      }
+    }
    memcpy(&decrypted,crypted,sizeof(decrypted));
    ssh_log(session, SSH_LOG_PACKET,
        "Packet size decrypted: %lu (0x%lx)",
@@ -52,6 +56,9 @@ u32 packet_decrypt_len(SSH_SESSION *session, char *crypted){
 int packet_decrypt(SSH_SESSION *session, void *data,u32 len){
    struct crypto_struct *crypto=session->current_crypto->in_cipher;
    char *out=malloc(len);
+    if (out == NULL) {
+      return -1;
+    }
    ssh_log(session,SSH_LOG_PACKET,"Decrypting %d bytes",len);
 #ifdef HAVE_LIBGCRYPT
    crypto->set_decrypt_key(crypto,session->current_crypto->decryptkey,session->current_crypto->decryptIV);
--- a/libssh/packet.c
+++ b/libssh/packet.c
@@ -111,8 +111,13 @@ static int packet_read2(SSH_SESSION *session){
            }
            if(session->current_crypto){
                /* decrypt the rest of the packet (blocksize bytes already have been decrypted */
-                packet_decrypt(session,buffer_get(session->in_buffer)+blocksize,
-                               buffer_get_len(session->in_buffer)-blocksize);
+                if (packet_decrypt(session,
+                      buffer_get(session->in_buffer) + blocksize,
+                      buffer_get_len(session->in_buffer) - blocksize) < 0) {
+                    ssh_set_error(session, SSH_FATAL, "Decrypt error");
+                    leave_function();
+                    return SSH_ERROR;
+                }
                ssh_socket_read(session->socket,mac,macsize);
                if(packet_hmac_verify(session,session->in_buffer,mac)){
                    ssh_set_error(session,SSH_FATAL,"HMAC error");
@@ -216,11 +221,17 @@ static int packet_read1(SSH_SESSION *session){
            ssh_print_hexa("read packet:",buffer_get(session->in_buffer),
                buffer_get_len(session->in_buffer));
 #endif
-            if(session->current_crypto){
-        /* we decrypt everything, missing the lenght part (which was previously
-         * read, unencrypted, and is not part of the buffer
+            if (session->current_crypto) {
+              /* we decrypt everything, missing the lenght part (which was
+               * previously read, unencrypted, and is not part of the buffer
               */
-                packet_decrypt(session,buffer_get(session->in_buffer),buffer_get_len(session->in_buffer));
+              if (packet_decrypt(session,
+                    buffer_get(session->in_buffer),
+                    buffer_get_len(session->in_buffer)) < 0) {
+                ssh_set_error(session, SSH_FATAL, "Packet decrypt error");
+                leave_function();
+                return SSH_ERROR;
+              }
            }
 #ifdef DEBUG_CRYPTO
            ssh_print_hexa("read packet decrypted:",