From 30e22fed6e6bdab222977a2e385defed1f2d0d62 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cynapses.org>
Date: Wed, 29 Sep 2010 11:29:37 +0200
Subject: misc: Fixed a possible data overread and crash bug.

---
 src/misc.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/misc.c')

diff --git a/src/misc.c b/src/misc.c
index b19c6c9f..bed00419 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -699,13 +699,16 @@ int ssh_analyze_banner(ssh_session session, int *ssh1, int *ssh2) {
   const char *banner = session->clientbanner;
   const char *openssh;
 
-  ssh_log(session, SSH_LOG_RARE, "Analyzing banner: %s", banner);
 
-  if (strncmp(banner, "SSH-", 4) != 0) {
+  if (banner == NULL ||
+      strlen(banner) <= 4 ||
+      strncmp(banner, "SSH-", 4) != 0) {
     ssh_set_error(session, SSH_FATAL, "Protocol mismatch: %s", banner);
     return -1;
   }
 
+  ssh_log(session, SSH_LOG_RARE, "Analyzing banner: %s", banner);
+
   /*
    * Typical banners e.g. are:
    * SSH-1.5-blah
-- 
cgit v1.2.3