diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2018-09-08 09:12:27 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-09-17 10:48:49 +0200 |
commit | 12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175 (patch) | |
tree | bf4dc8293fd612bf904dde86b7e23b47a4dba956 /src/sftp.c | |
parent | 573eab0d51b4d298a2f4e4c17b00663afe1a2593 (diff) | |
download | libssh-12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175.tar.gz libssh-12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175.tar.xz libssh-12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175.zip |
sftp: Validate the packet handle before we allocate memory
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/sftp.c')
-rw-r--r-- | src/sftp.c | 25 |
1 files changed, 16 insertions, 9 deletions
@@ -474,6 +474,22 @@ static sftp_message sftp_get_message(sftp_packet packet) sftp_message msg = NULL; int rc; + switch(packet->type) { + case SSH_FXP_STATUS: + case SSH_FXP_HANDLE: + case SSH_FXP_DATA: + case SSH_FXP_ATTRS: + case SSH_FXP_NAME: + case SSH_FXP_EXTENDED_REPLY: + break; + default: + ssh_set_error(packet->sftp->session, + SSH_FATAL, + "Unknown packet type %d", + packet->type); + return NULL; + } + msg = sftp_message_new(sftp); if (msg == NULL) { return NULL; @@ -482,15 +498,6 @@ static sftp_message sftp_get_message(sftp_packet packet) msg->sftp = packet->sftp; msg->packet_type = packet->type; - if ((packet->type != SSH_FXP_STATUS) && (packet->type!=SSH_FXP_HANDLE) && - (packet->type != SSH_FXP_DATA) && (packet->type != SSH_FXP_ATTRS) && - (packet->type != SSH_FXP_NAME) && (packet->type != SSH_FXP_EXTENDED_REPLY)) { - ssh_set_error(packet->sftp->session, SSH_FATAL, - "Unknown packet type %d", packet->type); - sftp_message_free(msg); - return NULL; - } - rc = ssh_buffer_unpack(packet->payload, "d", &msg->id); if (rc != SSH_OK) { ssh_set_error(packet->sftp->session, SSH_FATAL, |