mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 09:12:24 +00:00
Make the sanity-checks on the size of incoming packets much stricter. We now
enforce the following: * Packet must have at least one byte of payload and four bytes of padding. * Total packet length must not exceed 35000 bytes compressed. * Total packet length including length field must be a multiple of cipher block size (or eight bytes). The feebleness of our old checks was noticed by Ben Rudiak-Gould. [originally from svn r5981]
This commit is contained in:
parent
93712a3ee1
commit
4ad47722e8
3
ssh.c
3
ssh.c
@ -1267,7 +1267,8 @@ static struct Packet *ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
|
||||
* _Completely_ silly lengths should be stomped on before they
|
||||
* do us any more damage.
|
||||
*/
|
||||
if (st->len < 0 || st->pad < 0 || st->len + st->pad < 0) {
|
||||
if (st->len < 0 || st->len > 35000 || st->pad < 4 ||
|
||||
st->len - st->pad < 1 || (st->len + 4) % st->cipherblk != 0) {
|
||||
bombout(("Incoming packet was garbled on decryption"));
|
||||
ssh_free_packet(st->pktin);
|
||||
crStop(NULL);
|
||||
|
Loading…
Reference in New Issue
Block a user