nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-03 04:22:47 -05:00
Code Issues Projects Releases Wiki Activity

Fix a segfault (non-security-critical - null dereference for

Browse Source 
reading) in the zlib code when fed certain kinds of invalid data. As
a result, ssh.c now needs to be prepared for zlib_decompress_block
to return failure.

[originally from svn r3306]
This commit is contained in:
Simon Tatham
2003-06-26 13:41:30 +00:00
parent 5161740aab
commit d02ea52abc
2 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ssh.c
View File

@ -868,9 +868,12 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
if (ssh->v1_compressing) {
unsigned char *decompblk;
int decomplen;
zlib_decompress_block(ssh->sc_comp_ctx,
ssh->pktin.body - 1, ssh->pktin.length + 1,
&decompblk, &decomplen);
if (!zlib_decompress_block(ssh->sc_comp_ctx,
ssh->pktin.body - 1, ssh->pktin.length + 1,
&decompblk, &decomplen)) {
bombout(("Zlib decompression encountered invalid data"));
crStop(0);
}
if (ssh->pktin.maxlen < st->pad + decomplen) {
ssh->pktin.maxlen = st->pad + decomplen;