lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-08 19:02:06 +03:00
Code Activity

packet: Fix a possible segfault.

Browse Source
This commit is contained in:
Andreas Schneider
2012-10-05 10:32:47 +02:00
parent 280ce3fe93
commit dc8103925c
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/packet.c
View File

@@ -128,13 +128,17 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
int current_macsize = session->current_crypto ? MACSIZE : 0; int current_macsize = session->current_crypto ? MACSIZE : 0;
unsigned char mac[30] = {0}; unsigned char mac[30] = {0};
char buffer[16] = {0}; char buffer[16] = {0};
void *packet=NULL; const void *packet = NULL;
int to_be_read; int to_be_read;
int rc; int rc;
uint32_t len, compsize, payloadsize; uint32_t len, compsize, payloadsize;
uint8_t padding; uint8_t padding;
size_t processed=0; /* number of byte processed from the callback */ size_t processed=0; /* number of byte processed from the callback */
if (data == NULL) {
goto error;
}
enter_function(); enter_function();
if (session->session_state == SSH_SESSION_STATE_ERROR) if (session->session_state == SSH_SESSION_STATE_ERROR)
goto error; goto error;
@@ -194,7 +198,7 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
return processed; return processed;
} }
packet = (unsigned char *)data + processed; packet = ((unsigned char *)data) + processed;
// ssh_socket_read(session->socket,packet,to_be_read-current_macsize); // ssh_socket_read(session->socket,packet,to_be_read-current_macsize);
if (buffer_add_data(session->in_buffer, packet, if (buffer_add_data(session->in_buffer, packet,
@@ -267,7 +271,7 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
/* Handle a potential packet left in socket buffer */ /* Handle a potential packet left in socket buffer */
ssh_log(session,SSH_LOG_PACKET,"Processing %" PRIdS " bytes left in socket buffer", ssh_log(session,SSH_LOG_PACKET,"Processing %" PRIdS " bytes left in socket buffer",
receivedlen-processed); receivedlen-processed);
rc = ssh_packet_socket_callback((char *)data + processed, rc = ssh_packet_socket_callback(((unsigned char *)data) + processed,
receivedlen - processed,user); receivedlen - processed,user);
processed += rc; processed += rc;
} }