nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-02-03 21:52:24 +00:00
Code Issues Projects Releases Wiki Activity

In SSH2, if decrypting the packet length gave us a negative value,

Browse Source 
subsequent packet-receiver code would fail to notice anything was
wrong and segfault. Since this is clearly a silly packet length
anyway, we now explicitly reject it as a daft encryption error.

[originally from svn r1852]
This commit is contained in:
Simon Tatham 2002-08-18 09:10:17 +00:00
parent 61a7dd82ca
commit 67cb02d03d
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ssh.c
View File

@ -884,6 +884,15 @@ static int ssh2_rdpkt(unsigned char **data, int *datalen)
st->len = GET_32BIT(pktin.data); st->len = GET_32BIT(pktin.data);
st->pad = pktin.data[4]; st->pad = pktin.data[4];
/*
* _Completely_ silly lengths should be stomped on before they
* do us any more damage.
*/
if (st->len < 0 || st->pad < 0 || st->len + st->pad < 0) {
bombout(("Incoming packet was garbled on decryption"));
crReturn(0);
}
/* /*
* This enables us to deduce the payload length. * This enables us to deduce the payload length.
*/ */