From 254a0f7132b001e6800f53f9927136acd628ff0b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Sun, 2 Sep 2018 14:00:58 +0200
Subject: [PATCH] buffer: Only allow to allocate a maximum of 256MB

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/buffer.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/buffer.c b/src/buffer.c
index 5f5dfb50..54c17ded 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -52,6 +52,9 @@ struct ssh_buffer_struct {
     uint8_t *data;
 };
 
+/* Buffer size maximum is 256M */
+#define BUFFER_SIZE_MAX 0x10000000
+
 /**
  * @defgroup libssh_buffer The SSH buffer functions.
  * @ingroup libssh
@@ -191,6 +194,10 @@ static int realloc_buffer(struct ssh_buffer_struct *buffer, size_t needed)
     }
     needed = smallest;
 
+    if (needed > BUFFER_SIZE_MAX) {
+        return -1;
+    }
+
     if (buffer->secure) {
         new = malloc(needed);
         if (new == NULL) {