sftp: Validate the packet handle before we allocate memory

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
author: Andreas Schneider <asn@cryptomilk.org> 2018-09-08 09:12:27 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2018-09-17 10:48:49 +0200
commit: 12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175 (patch)
tree: bf4dc8293fd612bf904dde86b7e23b47a4dba956 /src/sftp.c
parent: 573eab0d51b4d298a2f4e4c17b00663afe1a2593 (diff)
download: libssh-12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175.tar.gz
libssh-12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175.tar.xz
libssh-12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175.zip
1 files changed, 16 insertions, 9 deletions
diff --git a/src/sftp.c b/src/sftp.c
index d5e4eb0b..53790491 100644
--- a/src/sftp.c
+++ b/src/sftp.c
@@ -474,6 +474,22 @@ static sftp_message sftp_get_message(sftp_packet packet)
     sftp_message msg = NULL;
     int rc;
 
+    switch(packet->type) {
+    case SSH_FXP_STATUS:
+    case SSH_FXP_HANDLE:
+    case SSH_FXP_DATA:
+    case SSH_FXP_ATTRS:
+    case SSH_FXP_NAME:
+    case SSH_FXP_EXTENDED_REPLY:
+        break;
+    default:
+        ssh_set_error(packet->sftp->session,
+                      SSH_FATAL,
+                      "Unknown packet type %d",
+                      packet->type);
+        return NULL;
+    }
+
     msg = sftp_message_new(sftp);
     if (msg == NULL) {
         return NULL;
@@ -482,15 +498,6 @@ static sftp_message sftp_get_message(sftp_packet packet)
     msg->sftp = packet->sftp;
     msg->packet_type = packet->type;
 
-    if ((packet->type != SSH_FXP_STATUS) && (packet->type!=SSH_FXP_HANDLE) &&
-        (packet->type != SSH_FXP_DATA) && (packet->type != SSH_FXP_ATTRS) &&
-        (packet->type != SSH_FXP_NAME) && (packet->type != SSH_FXP_EXTENDED_REPLY)) {
-        ssh_set_error(packet->sftp->session, SSH_FATAL,
-                "Unknown packet type %d", packet->type);
-        sftp_message_free(msg);
-        return NULL;
-    }
-
     rc = ssh_buffer_unpack(packet->payload, "d", &msg->id);
     if (rc != SSH_OK) {
         ssh_set_error(packet->sftp->session, SSH_FATAL,
author	Andreas Schneider <asn@cryptomilk.org>	2018-09-08 09:12:27 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2018-09-17 10:48:49 +0200
commit	12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175 (patch)
tree	bf4dc8293fd612bf904dde86b7e23b47a4dba956 /src/sftp.c
parent	573eab0d51b4d298a2f4e4c17b00663afe1a2593 (diff)
download	libssh-12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175.tar.gz libssh-12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175.tar.xz libssh-12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175.zip