diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2018-09-01 09:26:37 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-09-01 09:40:44 +0200 |
commit | 461ebd1e2fa7649397348321dc3d702a7d49e18d (patch) | |
tree | 47379531cc271c2127defbb14759a55137656b26 /src/packet_cb.c | |
parent | be147e897d4a5d0147308722214e7ade20bb67f6 (diff) | |
download | libssh-461ebd1e2fa7649397348321dc3d702a7d49e18d.tar.gz libssh-461ebd1e2fa7649397348321dc3d702a7d49e18d.tar.xz libssh-461ebd1e2fa7649397348321dc3d702a7d49e18d.zip |
packet: Add a bound check for nr_extensions
CID 1395335
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/packet_cb.c')
-rw-r--r-- | src/packet_cb.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/packet_cb.c b/src/packet_cb.c index c3a1997f..6dfcbcab 100644 --- a/src/packet_cb.c +++ b/src/packet_cb.c @@ -291,7 +291,13 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info) SSH_LOG(SSH_LOG_PACKET, "Failed to read number of extensions"); return SSH_PACKET_USED; } + nr_extensions = ntohl(nr_extensions); + if (nr_extensions > 128) { + SSH_LOG(SSH_LOG_PACKET, "Invalid number of extensions"); + return SSH_PACKET_USED; + } + SSH_LOG(SSH_LOG_PACKET, "Follows %u extensions", nr_extensions); for (i = 0; i < nr_extensions; i++) { |