diff options
author | Andreas Schneider <asn@cynapses.org> | 2010-09-29 11:35:08 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cynapses.org> | 2010-09-29 11:35:53 +0200 |
commit | 93f79c62efd961054d14bb70d419946d95818671 (patch) | |
tree | 6ca413d75331b33043f4290111e2fd46dcc1f86e | |
parent | 31fdb4ecf6ea577c5a8dc17e888f091337163258 (diff) | |
download | libssh-93f79c62efd961054d14bb70d419946d95818671.tar.gz libssh-93f79c62efd961054d14bb70d419946d95818671.tar.xz libssh-93f79c62efd961054d14bb70d419946d95818671.zip |
misc: Fixed a possible data overread and crash bug.
(backported from commit 30e22fed6e6bdab222977a2e385defed1f2d0d62)
-rw-r--r-- | libssh/client.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/libssh/client.c b/libssh/client.c index c248083f..12ebf598 100644 --- a/libssh/client.c +++ b/libssh/client.c @@ -110,13 +110,15 @@ static int ssh_analyze_banner(ssh_session session, int *ssh1, int *ssh2) { const char *banner = session->serverbanner; const char *openssh; - ssh_log(session, SSH_LOG_RARE, "Analyzing banner: %s", banner); - - if (strncmp(banner, "SSH-", 4) != 0) { + if (banner == NULL || + strlen(banner) <= 4 || + strncmp(banner, "SSH-", 4) != 0) { ssh_set_error(session, SSH_FATAL, "Protocol mismatch: %s", banner); return -1; } + ssh_log(session, SSH_LOG_RARE, "Analyzing banner: %s", banner); + /* * Typical banners e.g. are: * SSH-1.5-blah |