From 12fc0ea1bf9f2e2c8dab6c6ff448c982c8d94175 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Sat, 8 Sep 2018 09:12:27 +0200
Subject: [PATCH] sftp: Validate the packet handle before we allocate memory

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/sftp.c | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/src/sftp.c b/src/sftp.c
index d5e4eb0b..53790491 100644
--- a/src/sftp.c
+++ b/src/sftp.c
@@ -474,6 +474,22 @@ static sftp_message sftp_get_message(sftp_packet packet)
     sftp_message msg = NULL;
     int rc;
 
+    switch(packet->type) {
+    case SSH_FXP_STATUS:
+    case SSH_FXP_HANDLE:
+    case SSH_FXP_DATA:
+    case SSH_FXP_ATTRS:
+    case SSH_FXP_NAME:
+    case SSH_FXP_EXTENDED_REPLY:
+        break;
+    default:
+        ssh_set_error(packet->sftp->session,
+                      SSH_FATAL,
+                      "Unknown packet type %d",
+                      packet->type);
+        return NULL;
+    }
+
     msg = sftp_message_new(sftp);
     if (msg == NULL) {
         return NULL;
@@ -482,15 +498,6 @@ static sftp_message sftp_get_message(sftp_packet packet)
     msg->sftp = packet->sftp;
     msg->packet_type = packet->type;
 
-    if ((packet->type != SSH_FXP_STATUS) && (packet->type!=SSH_FXP_HANDLE) &&
-        (packet->type != SSH_FXP_DATA) && (packet->type != SSH_FXP_ATTRS) &&
-        (packet->type != SSH_FXP_NAME) && (packet->type != SSH_FXP_EXTENDED_REPLY)) {
-        ssh_set_error(packet->sftp->session, SSH_FATAL,
-                "Unknown packet type %d", packet->type);
-        sftp_message_free(msg);
-        return NULL;
-    }
-
     rc = ssh_buffer_unpack(packet->payload, "d", &msg->id);
     if (rc != SSH_OK) {
         ssh_set_error(packet->sftp->session, SSH_FATAL,