lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-11-03 22:13:11 +03:00
Code Activity

Applied Francois Dupoux's extra checks for weird packet or padding length in

Browse Source 
incoming packets. We really need to bail out this way on weird input.
bug report #2814613
This commit is contained in:
Daniel Stenberg
2009-07-07 13:26:42 +02:00
parent bea1beb4fd
commit acbdbb8914
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/transport.c
View File

@@ -431,7 +431,12 @@ _libssh2_transport_read(LIBSSH2_SESSION * session)
* and we can extract packet and padding length from it * and we can extract packet and padding length from it
*/ */
p->packet_length = _libssh2_ntohu32(block); p->packet_length = _libssh2_ntohu32(block);
if ((p->packet_length < 1) || (p->packet_length > PACKETBUFSIZE))
return PACKET_FAIL;
p->padding_length = block[4]; p->padding_length = block[4];
if (p->padding_length < 0)
return PACKET_FAIL;
/* total_num is the number of bytes following the initial /* total_num is the number of bytes following the initial
(5 bytes) packet length and padding length fields */ (5 bytes) packet length and padding length fields */