diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2015-01-14 11:16:59 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2015-01-14 15:20:49 +0100 |
commit | af0dd3fb0208bf7bded0533020682c65b94544eb (patch) | |
tree | 1079d05ac9c069da12528e4ba7fb097f365b42c4 /src/sftp.c | |
parent | ce02f6576aaa29ca6c1ccae010a0c2d4e37f26b2 (diff) | |
download | libssh-af0dd3fb0208bf7bded0533020682c65b94544eb.tar.gz libssh-af0dd3fb0208bf7bded0533020682c65b94544eb.tar.xz libssh-af0dd3fb0208bf7bded0533020682c65b94544eb.zip |
sftp: Fix a possible integer overflow.
CID: #1238630
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
Diffstat (limited to 'src/sftp.c')
-rw-r--r-- | src/sftp.c | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -340,7 +340,6 @@ sftp_packet sftp_packet_read(sftp_session sftp) { return NULL; } - size = ntohl(size); r=ssh_channel_read(sftp->channel, buffer, 1, 0); if (r <= 0) { /* TODO: check if there are cases where an error needs to be set here */ @@ -350,7 +349,12 @@ sftp_packet sftp_packet_read(sftp_session sftp) { } ssh_buffer_add_data(packet->payload, buffer, r); buffer_get_u8(packet->payload, &packet->type); - size=size-1; + + size = ntohl(size); + if (size == 0) { + return packet; + } + size--; while (size>0){ r=ssh_channel_read(sftp->channel,buffer, sizeof(buffer)>size ? size:sizeof(buffer),0); |