From 7079cf06c8b814fb28d002247bcb22c478bc11a0 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Sun, 3 Jun 2018 07:08:47 +0100
Subject: [PATCH] Outgoing packet logging: log the right amount of data.

I must have introduced this bug yesterday when I rewrote the packet
censoring functions using BinarySource. The base pointer passed to
log_packet was pointing at the right place, but the accompanying
length was the gross rather than net one, as it were - it counted the
extra header data we're about to insert at the _start_ of the packet,
so log_packet() was trying to print that many extra bytes at the _end_
and overrunning its buffer.
---
 ssh.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ssh.c b/ssh.c
index 547ffb5b..77d3f582 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1492,8 +1492,7 @@ static void ssh1_log_outgoing_packet(Ssh ssh, const struct Packet *pkt)
 
     log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[12],
                ssh1_pkt_type(pkt->data[12]),
-               pkt->body, pkt->length,
-               nblanks, blanks, NULL, 0, NULL);
+               src->data, src->len, nblanks, blanks, NULL, 0, NULL);
 }
 
 /*
@@ -1742,7 +1741,7 @@ static void ssh2_log_outgoing_packet(Ssh ssh, const struct Packet *pkt)
 
     log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[5],
                ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx, pkt->data[5]),
-               pkt->body, pkt->length, nblanks, blanks,
+               src->data, src->len, nblanks, blanks,
                &ssh->v2_outgoing_sequence,
                pkt->downstream_id, pkt->additional_log_text);
 }