shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity

packet: Add a bound check for nr_extensions

Browse Source 
CID 1395335

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 461ebd1e2f)
This commit is contained in:
Andreas Schneider
2018-09-01 09:26:37 +02:00
parent 8e3af4d859
commit 219a311925
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/packet_cb.c
View File

@@ -291,7 +291,13 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info)
SSH_LOG(SSH_LOG_PACKET, "Failed to read number of extensions");
return SSH_PACKET_USED;
}
nr_extensions = ntohl(nr_extensions);
if (nr_extensions > 128) {
SSH_LOG(SSH_LOG_PACKET, "Invalid number of extensions");
return SSH_PACKET_USED;
}
SSH_LOG(SSH_LOG_PACKET, "Follows %u extensions", nr_extensions);
for (i = 0; i < nr_extensions; i++) {