aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cynapses.org>2010-09-29 11:35:08 +0200
committerAndreas Schneider <asn@cynapses.org>2010-09-29 11:35:53 +0200
commit93f79c62efd961054d14bb70d419946d95818671 (patch)
tree6ca413d75331b33043f4290111e2fd46dcc1f86e
parent31fdb4ecf6ea577c5a8dc17e888f091337163258 (diff)
downloadlibssh-93f79c62efd961054d14bb70d419946d95818671.tar.gz
libssh-93f79c62efd961054d14bb70d419946d95818671.tar.xz
libssh-93f79c62efd961054d14bb70d419946d95818671.zip
misc: Fixed a possible data overread and crash bug.
(backported from commit 30e22fed6e6bdab222977a2e385defed1f2d0d62)
-rw-r--r--libssh/client.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/libssh/client.c b/libssh/client.c
index c248083f..12ebf598 100644
--- a/libssh/client.c
+++ b/libssh/client.c
@@ -110,13 +110,15 @@ static int ssh_analyze_banner(ssh_session session, int *ssh1, int *ssh2) {
const char *banner = session->serverbanner;
const char *openssh;
- ssh_log(session, SSH_LOG_RARE, "Analyzing banner: %s", banner);
-
- if (strncmp(banner, "SSH-", 4) != 0) {
+ if (banner == NULL ||
+ strlen(banner) <= 4 ||
+ strncmp(banner, "SSH-", 4) != 0) {
ssh_set_error(session, SSH_FATAL, "Protocol mismatch: %s", banner);
return -1;
}
+ ssh_log(session, SSH_LOG_RARE, "Analyzing banner: %s", banner);
+
/*
* Typical banners e.g. are:
* SSH-1.5-blah