mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 09:58:01 +00:00
Remove the length limit on protocol version strings. (In principle, I
could have got away with upping it to 256, but I didn't want a repeat of the chaos when some server accidentally breaks that limit too...) [originally from svn r1019]
This commit is contained in:
parent
0cda163a2d
commit
4d881300c8
27
ssh.c
27
ssh.c
@ -1156,10 +1156,11 @@ static void ssh_detect_bugs(char *vstring) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int do_ssh_init(unsigned char c) {
|
static int do_ssh_init(unsigned char c) {
|
||||||
static char *vsp;
|
static char vslen;
|
||||||
static char version[10];
|
static char version[10];
|
||||||
static char vstring[80];
|
static char *vstring;
|
||||||
static char vlog[sizeof(vstring)+20];
|
static int vstrsize;
|
||||||
|
static char *vlog;
|
||||||
static int i;
|
static int i;
|
||||||
|
|
||||||
crBegin;
|
crBegin;
|
||||||
@ -1179,13 +1180,18 @@ static int do_ssh_init(unsigned char c) {
|
|||||||
crReturn(1); /* get another character */
|
crReturn(1); /* get another character */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
vstring = smalloc(16);
|
||||||
|
vstrsize = 16;
|
||||||
strcpy(vstring, "SSH-");
|
strcpy(vstring, "SSH-");
|
||||||
vsp = vstring+4;
|
vslen = 4;
|
||||||
i = 0;
|
i = 0;
|
||||||
while (1) {
|
while (1) {
|
||||||
crReturn(1); /* get another char */
|
crReturn(1); /* get another char */
|
||||||
if (vsp < vstring+sizeof(vstring)-1)
|
if (vslen >= vstrsize-1) {
|
||||||
*vsp++ = c;
|
vstrsize += 16;
|
||||||
|
vstring = srealloc(vstring, vstrsize);
|
||||||
|
}
|
||||||
|
vstring[vslen++] = c;
|
||||||
if (i >= 0) {
|
if (i >= 0) {
|
||||||
if (c == '-') {
|
if (c == '-') {
|
||||||
version[i] = '\0';
|
version[i] = '\0';
|
||||||
@ -1200,7 +1206,11 @@ static int do_ssh_init(unsigned char c) {
|
|||||||
ssh_agentfwd_enabled = FALSE;
|
ssh_agentfwd_enabled = FALSE;
|
||||||
rdpkt2_state.incoming_sequence = 0;
|
rdpkt2_state.incoming_sequence = 0;
|
||||||
|
|
||||||
*vsp = 0;
|
vstring[vslen] = 0;
|
||||||
|
if (vslen > 80)
|
||||||
|
vlog = smalloc(20 + vslen);
|
||||||
|
else
|
||||||
|
vlog = smalloc(100);
|
||||||
sprintf(vlog, "Server version: %s", vstring);
|
sprintf(vlog, "Server version: %s", vstring);
|
||||||
ssh_detect_bugs(vstring);
|
ssh_detect_bugs(vstring);
|
||||||
vlog[strcspn(vlog, "\r\n")] = '\0';
|
vlog[strcspn(vlog, "\r\n")] = '\0';
|
||||||
@ -1248,6 +1258,9 @@ static int do_ssh_init(unsigned char c) {
|
|||||||
}
|
}
|
||||||
ssh_state = SSH_STATE_BEFORE_SIZE;
|
ssh_state = SSH_STATE_BEFORE_SIZE;
|
||||||
|
|
||||||
|
sfree(vstring);
|
||||||
|
sfree(vlog);
|
||||||
|
|
||||||
crFinish(0);
|
crFinish(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user