nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Code Issues Projects Releases Wiki Activity

Fix too-short buffer in SSH-1 key exchange.

Browse Source 
If _both_ the host key and the server key were less than 32 bytes
long, then less than 32 bytes would be allocated for the buffer
s->rsabuf, into which the 32-byte session id is then copied.
This commit is contained in:
Simon Tatham 2019-06-28 19:24:55 +01:00
parent 0315370926
commit c191ff129c
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ssh1login.c
View File

@ -217,8 +217,11 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
return; return;
} }
s->len = (s->hostkey.bytes > s->servkey.bytes ? s->len = 32;
s->hostkey.bytes : s->servkey.bytes); if (s->len < s->hostkey.bytes)
s->len = s->hostkey.bytes;
if (s->len < s->servkey.bytes)
s->len = s->servkey.bytes;
s->rsabuf = snewn(s->len, unsigned char); s->rsabuf = snewn(s->len, unsigned char);