diff options
author | Jon Simons <jon@jonsimons.org> | 2017-07-11 19:23:39 -0400 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-07-13 19:35:34 +0200 |
commit | a89a67e0085acd19219d80805770149eb7282615 (patch) | |
tree | 5d89d08182fd42a035a526168f1d90ffc477e8b5 /src | |
parent | a97db12f4f6926a57479bfc67bec63cfe9f1d695 (diff) | |
download | libssh-a89a67e0085acd19219d80805770149eb7282615.tar.gz libssh-a89a67e0085acd19219d80805770149eb7282615.tar.xz libssh-a89a67e0085acd19219d80805770149eb7282615.zip |
misc: fix error-checking in ssh_analyze_banner
Fix error-checking for `strtoul` in `ssh_analyze_banner`, and
enable some tests which demonstrate the fix before-and-after.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/misc.c | 25 |
1 files changed, 18 insertions, 7 deletions
@@ -35,6 +35,7 @@ #endif /* _WIN32 */ +#include <errno.h> #include <limits.h> #include <stdio.h> #include <string.h> @@ -845,7 +846,9 @@ int ssh_analyze_banner(ssh_session session, int server, int *ssh1, int *ssh2) { openssh = strstr(banner, "OpenSSH"); if (openssh != NULL) { - unsigned int major, minor; + char *tmp = NULL; + unsigned long int major = 0UL; + unsigned long int minor = 0UL; /* * The banner is typical: @@ -853,25 +856,33 @@ int ssh_analyze_banner(ssh_session session, int server, int *ssh1, int *ssh2) { * 012345678901234567890 */ if (strlen(openssh) > 9) { - major = strtoul(openssh + 8, (char **) NULL, 10); - if (major < 1 || major > 100) { + major = strtoul(openssh + 8, &tmp, 10); + if ((tmp == (openssh + 8)) || + ((errno == ERANGE) && (major == ULONG_MAX)) || + ((errno != 0) && (major == 0)) || + ((major < 1) || (major > 100))) { ssh_set_error(session, SSH_FATAL, "Invalid major version number: %s", banner); return -1; } - minor = strtoul(openssh + 10, (char **) NULL, 10); - if (minor > 100) { + + minor = strtoul(openssh + 10, &tmp, 10); + if ((tmp == (openssh + 10)) || + ((errno == ERANGE) && (major == ULONG_MAX)) || + ((errno != 0) && (major == 0)) || + (minor > 100)) { ssh_set_error(session, SSH_FATAL, "Invalid minor version number: %s", banner); return -1; } - session->openssh = SSH_VERSION_INT(major, minor, 0); + session->openssh = SSH_VERSION_INT(((int) major), ((int) minor), 0); + SSH_LOG(SSH_LOG_RARE, - "We are talking to an OpenSSH client version: %d.%d (%x)", + "We are talking to an OpenSSH client version: %lu.%lu (%x)", major, minor, session->openssh); } } |