aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2015-01-14 11:16:59 +0100
committerAndreas Schneider <asn@cryptomilk.org>2015-01-14 15:20:49 +0100
commitaf0dd3fb0208bf7bded0533020682c65b94544eb (patch)
tree1079d05ac9c069da12528e4ba7fb097f365b42c4
parentce02f6576aaa29ca6c1ccae010a0c2d4e37f26b2 (diff)
downloadlibssh-af0dd3fb0208bf7bded0533020682c65b94544eb.tar.gz
libssh-af0dd3fb0208bf7bded0533020682c65b94544eb.tar.xz
libssh-af0dd3fb0208bf7bded0533020682c65b94544eb.zip
sftp: Fix a possible integer overflow.
CID: #1238630 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Aris Adamantiadis <aris@0xbadc0de.be>
-rw-r--r--src/sftp.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/sftp.c b/src/sftp.c
index f2832639..d64d0eeb 100644
--- a/src/sftp.c
+++ b/src/sftp.c
@@ -340,7 +340,6 @@ sftp_packet sftp_packet_read(sftp_session sftp) {
return NULL;
}
- size = ntohl(size);
r=ssh_channel_read(sftp->channel, buffer, 1, 0);
if (r <= 0) {
/* TODO: check if there are cases where an error needs to be set here */
@@ -350,7 +349,12 @@ sftp_packet sftp_packet_read(sftp_session sftp) {
}
ssh_buffer_add_data(packet->payload, buffer, r);
buffer_get_u8(packet->payload, &packet->type);
- size=size-1;
+
+ size = ntohl(size);
+ if (size == 0) {
+ return packet;
+ }
+ size--;
while (size>0){
r=ssh_channel_read(sftp->channel,buffer,
sizeof(buffer)>size ? size:sizeof(buffer),0);