nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Security improvement: check that string length field in

Browse Source 
SSH_SMSG_{STDOUT,STDERR}_DATA packets is consistent with length
field in packet header. (Helps prevent insertion attack.)

[originally from svn r496]
This commit is contained in:
Simon Tatham 2000-06-06 08:57:55 +00:00
parent e0fac426c5
commit 0793be4efe
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssh.c
View File

@ -665,7 +665,11 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
long len = 0;
for (i = 0; i < 4; i++)
len = (len << 8) + pktin.body[i];
c_write(pktin.body+4, len);
if (len+4 != pktin.length) {
logevent("Received data packet with bogus string length"
", ignoring");
} else
c_write(pktin.body+4, len);
} else if (pktin.type == SSH_MSG_DISCONNECT) {
ssh_state = SSH_STATE_CLOSED;
logevent("Received disconnect request");