packet: Do not segfault if we don't have packet_second_block

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-04 20:30:38 +09:00 · 2018-09-26 11:28:53 +02:00
parent a190ff9302
commit 8a3ea3bdd5
1 changed files with 32 additions and 22 deletions
--- a/src/packet.c
+++ b/src/packet.c
@@ -1065,32 +1065,42 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
            if (cleartext_packet == NULL) {
                goto error;
            }
-            if (session->current_crypto) {
-                /*
-                 * Decrypt the rest of the packet (lenfield_blocksize bytes already
-                 * have been decrypted)
-                 */
-                if (packet_remaining > 0) {
-                    rc = ssh_packet_decrypt(session,
-                                            cleartext_packet,
-                                            (uint8_t *)data,
-                                            lenfield_blocksize,
-                                            processed - lenfield_blocksize);
+
+            if (packet_second_block != NULL) {
+                if (session->current_crypto != NULL) {
+                    /*
+                     * Decrypt the rest of the packet (lenfield_blocksize bytes
+                     * already have been decrypted)
+                     */
+                    if (packet_remaining > 0) {
+                        rc = ssh_packet_decrypt(session,
+                                                cleartext_packet,
+                                                (uint8_t *)data,
+                                                lenfield_blocksize,
+                                                processed - lenfield_blocksize);
+                        if (rc < 0) {
+                            ssh_set_error(session,
+                                          SSH_FATAL,
+                                          "Decryption error");
+                            goto error;
+                        }
+                    }
+                    mac = packet_second_block + packet_remaining;
+
+                    rc = ssh_packet_hmac_verify(session,
+                                                session->in_buffer,
+                                                mac,
+                                                session->current_crypto->in_hmac);
                    if (rc < 0) {
-                        ssh_set_error(session, SSH_FATAL, "Decryption error");
+                        ssh_set_error(session, SSH_FATAL, "HMAC error");
                        goto error;
                    }
+                    processed += current_macsize;
+                } else {
+                    memcpy(cleartext_packet,
+                           packet_second_block,
+                           packet_remaining);
                }
-                mac = packet_second_block + packet_remaining;
-
-                rc = ssh_packet_hmac_verify(session, session->in_buffer, mac, session->current_crypto->in_hmac);
-                if (rc < 0) {
-                    ssh_set_error(session, SSH_FATAL, "HMAC error");
-                    goto error;
-                }
-                processed += current_macsize;
-            } else {
-                memcpy(cleartext_packet, packet_second_block, packet_remaining);
            }

            /* skip the size field which has been processed before */