ports/libssh2
ports/libssh2
1
1
Форкнуть 0
Код Релизы 1 Активность

/* RFC4253 section 6.1 Maximum Packet Length says:

Просмотр исходного кода 
*
 * "All implementations MUST be able to process packets with
 * uncompressed payload length of 32768 bytes or less and
 * total packet size of 35000 bytes or less (including length,
 * padding length, payload, padding, and MAC.)."
 */
Protect against an improper packet from producing unreasonable values.
Credit goes to Daniel Stenberg
Этот коммит содержится в:
James Housley 2006-11-10 13:47:13 +00:00
родитель 8069fa6f9a
Коммит 7063d24724
1 изменённых файлов: 33 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

33
src/packet.c
Просмотреть файл

@ -62,6 +62,15 @@
# endif # endif
#endif #endif
/* RFC4253 section 6.1 Maximum Packet Length says:
*
* "All implementations MUST be able to process packets with
* uncompressed payload length of 32768 bytes or less and
* total packet size of 35000 bytes or less (including length,
* padding length, payload, padding, and MAC.)."
*/
#define MAX_SSH_PACKET_LEN 35000
/* {{{ libssh2_packet_queue_listener /* {{{ libssh2_packet_queue_listener
* Queue a connection request for a listener * Queue a connection request for a listener
*/ */
@ -765,6 +774,18 @@ int libssh2_packet_read(LIBSSH2_SESSION *session, int should_block)
} }
packet_len = libssh2_ntohu32(block); packet_len = libssh2_ntohu32(block);
/* RFC4253 section 6.1 Maximum Packet Length says:
*
* "All implementations MUST be able to process packets with
* uncompressed payload length of 32768 bytes or less and
* total packet size of 35000 bytes or less (including length,
* padding length, payload, padding, and MAC.)."
*/
if(packet_len > MAX_SSH_PACKET_LEN) {
return -1;
}
padding_len = block[4]; padding_len = block[4];
#ifdef LIBSSH2_DEBUG_TRANSPORT #ifdef LIBSSH2_DEBUG_TRANSPORT
_libssh2_debug(session, LIBSSH2_DBG_TRANS, "Processing packet %lu bytes long (with %lu bytes padding)", packet_len, padding_len); _libssh2_debug(session, LIBSSH2_DBG_TRANS, "Processing packet %lu bytes long (with %lu bytes padding)", packet_len, padding_len);
@ -886,6 +907,18 @@ int libssh2_packet_read(LIBSSH2_SESSION *session, int should_block)
return -1; return -1;
} }
packet_length = libssh2_ntohu32(buf); packet_length = libssh2_ntohu32(buf);
/* RFC4253 section 6.1 Maximum Packet Length says:
*
* "All implementations MUST be able to process packets with
* uncompressed payload length of 32768 bytes or less and
* total packet size of 35000 bytes or less (including length,
* padding length, payload, padding, and MAC.)."
*/
if(packet_length > MAX_SSH_PACKET_LEN) {
return -1;
}
padding_length = buf[4]; padding_length = buf[4];
#ifdef LIBSSH2_DEBUG_TRANSPORT #ifdef LIBSSH2_DEBUG_TRANSPORT
_libssh2_debug(session, LIBSSH2_DBG_TRANS, "Processing plaintext packet %lu bytes long (with %lu bytes padding)", packet_length, padding_length); _libssh2_debug(session, LIBSSH2_DBG_TRANS, "Processing plaintext packet %lu bytes long (with %lu bytes padding)", packet_length, padding_length);