diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2018-09-07 21:45:35 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-09-17 10:48:49 +0200 |
commit | 38781f69b0cf49a8fd9263bd3f36bc8cb494724a (patch) | |
tree | 27862f9864176d558e7a66aa9d4ffd1f5e4c8479 | |
parent | dc4faf9952ef4359267e2ed42017c16bf1fb9a1c (diff) | |
download | libssh-38781f69b0cf49a8fd9263bd3f36bc8cb494724a.tar.gz libssh-38781f69b0cf49a8fd9263bd3f36bc8cb494724a.tar.xz libssh-38781f69b0cf49a8fd9263bd3f36bc8cb494724a.zip |
sftp: Limit packet size to 256 MB
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | src/sftp.c | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -50,6 +50,9 @@ #ifdef WITH_SFTP +/* Buffer size maximum is 256M */ +#define SFTP_PACKET_SIZE_MAX 0x10000000 + struct sftp_ext_struct { unsigned int count; char **name; @@ -356,7 +359,7 @@ sftp_packet sftp_packet_read(sftp_session sftp) } while (r < 4); size = sftp_get_u32(buffer); - if (size == 0 || size > UINT32_MAX) { + if (size == 0 || size > SFTP_PACKET_SIZE_MAX) { ssh_set_error(sftp->session, SSH_FATAL, "Invalid sftp packet size!"); goto error; } @@ -384,12 +387,11 @@ sftp_packet sftp_packet_read(sftp_session sftp) ssh_set_error_oom(sftp->session); goto error; } - while (size > 0 && size < UINT_MAX) { + while (size > 0 && size < SFTP_PACKET_SIZE_MAX) { r = ssh_channel_read(sftp->channel, buffer, sizeof(buffer) > size ? size : sizeof(buffer), 0); - if (r < 0) { /* TODO: check if there are cases where an error needs to be set here */ goto error; |