From 4b9916136dd8a5189856556fbdf21dc3b0f08a27 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 4 May 2015 16:46:21 +0200
Subject: [PATCH] sftp: Add bound check for size

CID: #1238630

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/sftp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/sftp.c b/src/sftp.c
index bd4a4b5b..09bc630c 100644
--- a/src/sftp.c
+++ b/src/sftp.c
@@ -33,6 +33,7 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <limits.h>
 
 #ifndef _WIN32
 #include <netinet/in.h>
@@ -353,7 +354,7 @@ sftp_packet sftp_packet_read(sftp_session sftp) {
   buffer_get_u8(packet->payload, &packet->type);
 
   size = ntohl(size);
-  if (size == 0) {
+  if (size == 0 || size > UINT_MAX) {
     return packet;
   }
   size--;