misc: fix error-checking in ssh_analyze_banner

Fix error-checking for `strtoul` in `ssh_analyze_banner`, and enable some tests which demonstrate the fix before-and-after. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
author: Jon Simons <jon@jonsimons.org> 2017-07-11 19:23:39 -0400
committer: Andreas Schneider <asn@cryptomilk.org> 2017-07-13 19:35:34 +0200
commit: a89a67e0085acd19219d80805770149eb7282615 (patch)
tree: 5d89d08182fd42a035a526168f1d90ffc477e8b5 /src
parent: a97db12f4f6926a57479bfc67bec63cfe9f1d695 (diff)
download: libssh-a89a67e0085acd19219d80805770149eb7282615.tar.gz
libssh-a89a67e0085acd19219d80805770149eb7282615.tar.xz
libssh-a89a67e0085acd19219d80805770149eb7282615.zip
1 files changed, 18 insertions, 7 deletions
diff --git a/src/misc.c b/src/misc.c
index 25663822..21276c68 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -35,6 +35,7 @@
 
 #endif /* _WIN32 */
 
+#include <errno.h>
 #include <limits.h>
 #include <stdio.h>
 #include <string.h>
@@ -845,7 +846,9 @@ int ssh_analyze_banner(ssh_session session, int server, int *ssh1, int *ssh2) {
 
     openssh = strstr(banner, "OpenSSH");
     if (openssh != NULL) {
-        unsigned int major, minor;
+        char *tmp = NULL;
+        unsigned long int major = 0UL;
+        unsigned long int minor = 0UL;
 
         /*
          * The banner is typical:
@@ -853,25 +856,33 @@ int ssh_analyze_banner(ssh_session session, int server, int *ssh1, int *ssh2) {
          * 012345678901234567890
          */
         if (strlen(openssh) > 9) {
-            major = strtoul(openssh + 8, (char **) NULL, 10);
-            if (major < 1 || major > 100) {
+            major = strtoul(openssh + 8, &tmp, 10);
+            if ((tmp == (openssh + 8)) ||
+                ((errno == ERANGE) && (major == ULONG_MAX)) ||
+                ((errno != 0) && (major == 0)) ||
+                ((major < 1) || (major > 100))) {
                 ssh_set_error(session,
                               SSH_FATAL,
                               "Invalid major version number: %s",
                               banner);
                 return -1;
             }
-            minor = strtoul(openssh + 10, (char **) NULL, 10);
-            if (minor > 100) {
+
+            minor = strtoul(openssh + 10, &tmp, 10);
+            if ((tmp == (openssh + 10)) ||
+                ((errno == ERANGE) && (major == ULONG_MAX)) ||
+                ((errno != 0) && (major == 0)) ||
+                (minor > 100)) {
                 ssh_set_error(session,
                               SSH_FATAL,
                               "Invalid minor version number: %s",
                               banner);
                 return -1;
             }
-            session->openssh = SSH_VERSION_INT(major, minor, 0);
+            session->openssh = SSH_VERSION_INT(((int) major), ((int) minor), 0);
+
             SSH_LOG(SSH_LOG_RARE,
-                    "We are talking to an OpenSSH client version: %d.%d (%x)",
+                    "We are talking to an OpenSSH client version: %lu.%lu (%x)",
                     major, minor, session->openssh);
         }
     }
author	Jon Simons <jon@jonsimons.org>	2017-07-11 19:23:39 -0400
committer	Andreas Schneider <asn@cryptomilk.org>	2017-07-13 19:35:34 +0200
commit	a89a67e0085acd19219d80805770149eb7282615 (patch)
tree	5d89d08182fd42a035a526168f1d90ffc477e8b5 /src
parent	a97db12f4f6926a57479bfc67bec63cfe9f1d695 (diff)
download	libssh-a89a67e0085acd19219d80805770149eb7282615.tar.gz libssh-a89a67e0085acd19219d80805770149eb7282615.tar.xz libssh-a89a67e0085acd19219d80805770149eb7282615.zip