mirror of
https://git.libssh.org/projects/libssh.git
synced 2025-11-27 13:21:11 +03:00
sftp: Fix a possible integer overflow.
CID: #1238630 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
This commit is contained in:
Andreas Schneider
@@ -340,7 +340,6 @@ sftp_packet sftp_packet_read(sftp_session sftp) {
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
size = ntohl(size);
|
|
||||||
r=ssh_channel_read(sftp->channel, buffer, 1, 0);
|
r=ssh_channel_read(sftp->channel, buffer, 1, 0);
|
||||||
if (r <= 0) {
|
if (r <= 0) {
|
||||||
/* TODO: check if there are cases where an error needs to be set here */
|
/* TODO: check if there are cases where an error needs to be set here */
|
||||||
@@ -350,7 +349,12 @@ sftp_packet sftp_packet_read(sftp_session sftp) {
|
|||||||
}
|
}
|
||||||
ssh_buffer_add_data(packet->payload, buffer, r);
|
ssh_buffer_add_data(packet->payload, buffer, r);
|
||||||
buffer_get_u8(packet->payload, &packet->type);
|
buffer_get_u8(packet->payload, &packet->type);
|
||||||
size=size-1;
|
|
||||||
|
size = ntohl(size);
|
||||||
|
if (size == 0) {
|
||||||
|
return packet;
|
||||||
|
}
|
||||||
|
size--;
|
||||||
while (size>0){
|
while (size>0){
|
||||||
r=ssh_channel_read(sftp->channel,buffer,
|
r=ssh_channel_read(sftp->channel,buffer,
|
||||||
sizeof(buffer)>size ? size:sizeof(buffer),0);
|
sizeof(buffer)>size ? size:sizeof(buffer),0);
|
||||||
|
|||||||
Reference in New Issue
Block a user