aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2018-09-07 21:45:35 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-09-17 10:48:49 +0200
commit38781f69b0cf49a8fd9263bd3f36bc8cb494724a (patch)
tree27862f9864176d558e7a66aa9d4ffd1f5e4c8479
parentdc4faf9952ef4359267e2ed42017c16bf1fb9a1c (diff)
downloadlibssh-38781f69b0cf49a8fd9263bd3f36bc8cb494724a.tar.gz
libssh-38781f69b0cf49a8fd9263bd3f36bc8cb494724a.tar.xz
libssh-38781f69b0cf49a8fd9263bd3f36bc8cb494724a.zip
sftp: Limit packet size to 256 MB
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--src/sftp.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/sftp.c b/src/sftp.c
index 27c227e4..a733935b 100644
--- a/src/sftp.c
+++ b/src/sftp.c
@@ -50,6 +50,9 @@
#ifdef WITH_SFTP
+/* Buffer size maximum is 256M */
+#define SFTP_PACKET_SIZE_MAX 0x10000000
+
struct sftp_ext_struct {
unsigned int count;
char **name;
@@ -356,7 +359,7 @@ sftp_packet sftp_packet_read(sftp_session sftp)
} while (r < 4);
size = sftp_get_u32(buffer);
- if (size == 0 || size > UINT32_MAX) {
+ if (size == 0 || size > SFTP_PACKET_SIZE_MAX) {
ssh_set_error(sftp->session, SSH_FATAL, "Invalid sftp packet size!");
goto error;
}
@@ -384,12 +387,11 @@ sftp_packet sftp_packet_read(sftp_session sftp)
ssh_set_error_oom(sftp->session);
goto error;
}
- while (size > 0 && size < UINT_MAX) {
+ while (size > 0 && size < SFTP_PACKET_SIZE_MAX) {
r = ssh_channel_read(sftp->channel,
buffer,
sizeof(buffer) > size ? size : sizeof(buffer),
0);
-
if (r < 0) {
/* TODO: check if there are cases where an error needs to be set here */
goto error;