nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Fix too-short buffer in SSH-1 key exchange.

Browse Source 
If _both_ the host key and the server key were less than 32 bytes
long, then less than 32 bytes would be allocated for the buffer
s->rsabuf, into which the 32-byte session id is then copied.
This commit is contained in:
Simon Tatham 2019-06-28 19:24:55 +01:00
parent 0315370926
commit c191ff129c
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ssh1login.c
View File

@ -217,8 +217,11 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
return;
}
s->len = (s->hostkey.bytes > s->servkey.bytes ?
s->hostkey.bytes : s->servkey.bytes);
s->len = 32;
if (s->len < s->hostkey.bytes)
s->len = s->hostkey.bytes;
if (s->len < s->servkey.bytes)
s->len = s->servkey.bytes;
s->rsabuf = snewn(s->len, unsigned char);