misc: Fixed a possible data overread and crash bug.

author: Andreas Schneider <asn@cynapses.org> 2010-09-29 11:29:37 +0200
committer: Andreas Schneider <asn@cynapses.org> 2010-09-29 11:29:37 +0200
commit: 30e22fed6e6bdab222977a2e385defed1f2d0d62 (patch)
tree: dda0a2afb6f0cdbd7d457bff268ac8165b18d66d /src
parent: 8b719e51cf3e1b0ee7bee93a006bfa517fba4926 (diff)
download: libssh-30e22fed6e6bdab222977a2e385defed1f2d0d62.tar.gz
libssh-30e22fed6e6bdab222977a2e385defed1f2d0d62.tar.xz
libssh-30e22fed6e6bdab222977a2e385defed1f2d0d62.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/src/misc.c b/src/misc.c
index b19c6c9f..bed00419 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -699,13 +699,16 @@ int ssh_analyze_banner(ssh_session session, int *ssh1, int *ssh2) {
   const char *banner = session->clientbanner;
   const char *openssh;
 
-  ssh_log(session, SSH_LOG_RARE, "Analyzing banner: %s", banner);
 
-  if (strncmp(banner, "SSH-", 4) != 0) {
+  if (banner == NULL ||
+      strlen(banner) <= 4 ||
+      strncmp(banner, "SSH-", 4) != 0) {
     ssh_set_error(session, SSH_FATAL, "Protocol mismatch: %s", banner);
     return -1;
   }
 
+  ssh_log(session, SSH_LOG_RARE, "Analyzing banner: %s", banner);
+
   /*
    * Typical banners e.g. are:
    * SSH-1.5-blah
author	Andreas Schneider <asn@cynapses.org>	2010-09-29 11:29:37 +0200
committer	Andreas Schneider <asn@cynapses.org>	2010-09-29 11:29:37 +0200
commit	30e22fed6e6bdab222977a2e385defed1f2d0d62 (patch)
tree	dda0a2afb6f0cdbd7d457bff268ac8165b18d66d /src
parent	8b719e51cf3e1b0ee7bee93a006bfa517fba4926 (diff)
download	libssh-30e22fed6e6bdab222977a2e385defed1f2d0d62.tar.gz libssh-30e22fed6e6bdab222977a2e385defed1f2d0d62.tar.xz libssh-30e22fed6e6bdab222977a2e385defed1f2d0d62.zip