diff options
author | Tilo Eckert <tilo.eckert@flam.de> | 2015-07-31 13:22:02 +0200 |
---|---|---|
committer | Aris Adamantiadis <aris@0xbadc0de.be> | 2015-08-01 10:52:57 +0300 |
commit | 672c3be9ed5f3c3fb4261ccb6ddfbfb6afde356b (patch) | |
tree | 75ac9313b5d58c63837b26f580c68601e9daa896 | |
parent | dc9c4d22ab25771cae66dc0f3f1662bfa4376cab (diff) | |
download | libssh-672c3be9ed5f3c3fb4261ccb6ddfbfb6afde356b.tar.gz libssh-672c3be9ed5f3c3fb4261ccb6ddfbfb6afde356b.tar.xz libssh-672c3be9ed5f3c3fb4261ccb6ddfbfb6afde356b.zip |
sftp: Fix incorrect handling of received length fields
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
-rw-r--r-- | src/sftp.c | 20 |
1 files changed, 13 insertions, 7 deletions
@@ -307,7 +307,7 @@ sftp_packet sftp_packet_read(sftp_session sftp) { sftp_packet packet = NULL; uint32_t tmp; size_t size; - int r; + int r, s; packet = malloc(sizeof(struct sftp_packet_struct)); if (packet == NULL) { @@ -322,12 +322,18 @@ sftp_packet sftp_packet_read(sftp_session sftp) { return NULL; } - r=ssh_channel_read(sftp->channel, buffer, 4, 0); - if (r < 0) { - ssh_buffer_free(packet->payload); - SAFE_FREE(packet); - return NULL; - } + r=0; + do { + // read from channel until 4 bytes have been read or an error occurs + s=ssh_channel_read(sftp->channel, buffer+r, 4-r, 0); + if (s < 0) { + ssh_buffer_free(packet->payload); + SAFE_FREE(packet); + return NULL; + } else { + r += s; + } + } while (r<4); ssh_buffer_add_data(packet->payload, buffer, r); if (buffer_get_u32(packet->payload, &tmp) != sizeof(uint32_t)) { ssh_set_error(sftp->session, SSH_FATAL, "Short sftp packet!"); |