shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 09:54:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

string: Don't allow to allocate strings bigger than 256M

Browse Source 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit f48dcb26e3)
This commit is contained in:
Andreas Schneider
2018-09-02 14:06:54 +02:00
parent e9613e6b52
commit 2efc1721d8
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/string.c
View File

@@ -34,6 +34,9 @@
#include "libssh/priv.h" #include "libssh/priv.h"
#include "libssh/string.h" #include "libssh/string.h"
/* String maximum size is 256M */
#define STRING_SIZE_MAX 0x10000000
/** /**
* @defgroup libssh_string The SSH string functions * @defgroup libssh_string The SSH string functions
* @ingroup libssh * @ingroup libssh
@@ -54,7 +57,8 @@ struct ssh_string_struct *ssh_string_new(size_t size)
{ {
struct ssh_string_struct *str = NULL; struct ssh_string_struct *str = NULL;
if (size > UINT_MAX - sizeof(struct ssh_string_struct)) { if (size > STRING_SIZE_MAX) {
errno = EINVAL;
return NULL; return NULL;
} }
@@ -137,7 +141,7 @@ size_t ssh_string_len(struct ssh_string_struct *s) {
} }
size = ntohl(s->size); size = ntohl(s->size);
if (size > 0 && size < UINT_MAX) { if (size > 0 && size <= STRING_SIZE_MAX) {
return size; return size;
} }