nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-05-09 21:52:10 -05:00
Code Issues Projects Releases Wiki Activity

Robustness fixes for KEXINIT handling.

Browse Source 
[originally from svn r2197]
This commit is contained in:
Simon Tatham 2002-11-07 18:44:04 +00:00
parent 6f88743f23
commit 997c082c3b
1 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ssh.c
View File

@ -23,7 +23,7 @@
void logeventf(char *fmt, ...) void logeventf(char *fmt, ...)
{ {
va_list ap; va_list ap;
char stuff[200]; char stuff[512];
va_start(ap, fmt); va_start(ap, fmt);
vsprintf(stuff, fmt, ap); vsprintf(stuff, fmt, ap);
@ -1559,11 +1559,15 @@ static int ssh2_pkt_getbool(void)
} }
static void ssh2_pkt_getstring(char **p, int *length) static void ssh2_pkt_getstring(char **p, int *length)
{ {
int len;
*p = NULL; *p = NULL;
*length = 0; *length = 0;
if (pktin.length - pktin.savedpos < 4) if (pktin.length - pktin.savedpos < 4)
return; return;
*length = GET_32BIT(pktin.data + pktin.savedpos); len = GET_32BIT(pktin.data + pktin.savedpos);
if (len < 0)
return;
*length = len;
pktin.savedpos += 4; pktin.savedpos += 4;
if (pktin.length - pktin.savedpos < *length) if (pktin.length - pktin.savedpos < *length)
return; return;
@ -3517,7 +3521,10 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt)
*/ */
static int in_commasep_string(char *needle, char *haystack, int haylen) static int in_commasep_string(char *needle, char *haystack, int haylen)
{ {
int needlen = strlen(needle); int needlen;
if (!needle || !haystack)
return 0; /* protect against null pointers */
needlen = strlen(needle);
while (1) { while (1) {
/* /*
* Is it at the start of the string? * Is it at the start of the string?
@ -3745,7 +3752,8 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
if (!ispkt) if (!ispkt)
crWaitUntil(ispkt); crWaitUntil(ispkt);
sha_string(&exhash, pktin.data + 5, pktin.length - 5); if (pktin.length > 5)
sha_string(&exhash, pktin.data + 5, pktin.length - 5);
/* /*
* Now examine the other side's KEXINIT to see what we're up * Now examine the other side's KEXINIT to see what we're up
@ -3802,7 +3810,8 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
} }
} }
if (!cscipher_tobe) { if (!cscipher_tobe) {
bombout(("Couldn't agree a client-to-server cipher (available: %s)", str)); bombout(("Couldn't agree a client-to-server cipher (available: %.450s)",
str));
crReturn(0); crReturn(0);
} }
@ -3827,7 +3836,8 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
} }
} }
if (!sccipher_tobe) { if (!sccipher_tobe) {
bombout(("Couldn't agree a server-to-client cipher (available: %s)", str)); bombout(("Couldn't agree a server-to-client cipher (available: %.450s)",
str));
crReturn(0); crReturn(0);
} }