lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-08-07 08:02:56 +03:00
Code Activity

A broken decrypt (or false packet) could cause an unreasonably large

Browse Source 
block of memory to be allocated leading to indeterminate results.

SSH-TRANS only requires implementations to handle about about 32k
compressed length per packet.  Allow 40k to be safe, but no more.
This commit is contained in:
Sara Golemon
2004-12-18 07:14:51 +00:00
parent 912e9ca713
commit 66f913e53a
2 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
include/libssh2.h
View File

@@ -117,10 +117,13 @@
#define LIBSSH2_SOCKET_POLL_MAXLOOPS 120
/* Maximum size to allow a payload to compress to, plays it safe by falling short of spec limits */
#define LIBSSH2_PACKET_MAXCOMP 32000
#define LIBSSH2_PACKET_MAXCOMP 32000
/* Maximum size to allow a payload to deccompress to, plays it safe by allowing more than spec requires */
#define LIBSSH2_PACKET_MAXDECOMP 40000
#define LIBSSH2_PACKET_MAXDECOMP 40000
/* Maximum size for an inbound compressed payload, plays it safe by overshooting spec limits */
#define LIBSSH2_PACKET_MAXPAYLOAD 40000
/* Malloc callbacks */
#define LIBSSH2_ALLOC_FUNC(name) void *name(size_t count, void **abstract)