diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2018-09-26 11:28:53 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-10-24 09:48:35 +0200 |
commit | 8a3ea3bdd5181eb9e1c751d9c2961e73d716e140 (patch) | |
tree | 2ca01a689db878fdbf175185b2706b93717089ff /src | |
parent | a190ff93026a43fdf0b466aa98d3417291569c52 (diff) | |
download | libssh-8a3ea3bdd5181eb9e1c751d9c2961e73d716e140.tar.gz libssh-8a3ea3bdd5181eb9e1c751d9c2961e73d716e140.tar.xz libssh-8a3ea3bdd5181eb9e1c751d9c2961e73d716e140.zip |
packet: Do not segfault if we don't have packet_second_block
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/packet.c | 54 |
1 files changed, 32 insertions, 22 deletions
diff --git a/src/packet.c b/src/packet.c index 36c037eb..de0cc0a8 100644 --- a/src/packet.c +++ b/src/packet.c @@ -1065,32 +1065,42 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user) if (cleartext_packet == NULL) { goto error; } - if (session->current_crypto) { - /* - * Decrypt the rest of the packet (lenfield_blocksize bytes already - * have been decrypted) - */ - if (packet_remaining > 0) { - rc = ssh_packet_decrypt(session, - cleartext_packet, - (uint8_t *)data, - lenfield_blocksize, - processed - lenfield_blocksize); + + if (packet_second_block != NULL) { + if (session->current_crypto != NULL) { + /* + * Decrypt the rest of the packet (lenfield_blocksize bytes + * already have been decrypted) + */ + if (packet_remaining > 0) { + rc = ssh_packet_decrypt(session, + cleartext_packet, + (uint8_t *)data, + lenfield_blocksize, + processed - lenfield_blocksize); + if (rc < 0) { + ssh_set_error(session, + SSH_FATAL, + "Decryption error"); + goto error; + } + } + mac = packet_second_block + packet_remaining; + + rc = ssh_packet_hmac_verify(session, + session->in_buffer, + mac, + session->current_crypto->in_hmac); if (rc < 0) { - ssh_set_error(session, SSH_FATAL, "Decryption error"); + ssh_set_error(session, SSH_FATAL, "HMAC error"); goto error; } + processed += current_macsize; + } else { + memcpy(cleartext_packet, + packet_second_block, + packet_remaining); } - mac = packet_second_block + packet_remaining; - - rc = ssh_packet_hmac_verify(session, session->in_buffer, mac, session->current_crypto->in_hmac); - if (rc < 0) { - ssh_set_error(session, SSH_FATAL, "HMAC error"); - goto error; - } - processed += current_macsize; - } else { - memcpy(cleartext_packet, packet_second_block, packet_remaining); } /* skip the size field which has been processed before */ |