aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTilo Eckert <tilo.eckert@flam.de>2015-07-31 13:22:02 +0200
committerAris Adamantiadis <aris@0xbadc0de.be>2015-08-01 10:52:48 +0300
commit30d4581be50583e6a38726a310ac491cc78f5e49 (patch)
tree2a248bf0238831789772d24c47bd41d0556d89e8
parent83387f957f598cba644b82654c2dc080d65b98fb (diff)
downloadlibssh-30d4581be50583e6a38726a310ac491cc78f5e49.tar.gz
libssh-30d4581be50583e6a38726a310ac491cc78f5e49.tar.xz
libssh-30d4581be50583e6a38726a310ac491cc78f5e49.zip
sftp: Fix incorrect handling of received length fields
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
-rw-r--r--src/sftp.c20
1 files changed, 13 insertions, 7 deletions
diff --git a/src/sftp.c b/src/sftp.c
index e925b526..6bcd8a69 100644
--- a/src/sftp.c
+++ b/src/sftp.c
@@ -315,7 +315,7 @@ sftp_packet sftp_packet_read(sftp_session sftp) {
sftp_packet packet = NULL;
uint32_t tmp;
size_t size;
- int r;
+ int r, s;
packet = malloc(sizeof(struct sftp_packet_struct));
if (packet == NULL) {
@@ -330,12 +330,18 @@ sftp_packet sftp_packet_read(sftp_session sftp) {
return NULL;
}
- r=ssh_channel_read(sftp->channel, buffer, 4, 0);
- if (r < 0) {
- ssh_buffer_free(packet->payload);
- SAFE_FREE(packet);
- return NULL;
- }
+ r=0;
+ do {
+ // read from channel until 4 bytes have been read or an error occurs
+ s=ssh_channel_read(sftp->channel, buffer+r, 4-r, 0);
+ if (s < 0) {
+ ssh_buffer_free(packet->payload);
+ SAFE_FREE(packet);
+ return NULL;
+ } else {
+ r += s;
+ }
+ } while (r<4);
ssh_buffer_add_data(packet->payload, buffer, r);
if (buffer_get_u32(packet->payload, &tmp) != sizeof(uint32_t)) {
ssh_set_error(sftp->session, SSH_FATAL, "Short sftp packet!");