_libssh2_userauth_publickey: reject method names longer than the data

This functions get the method length by looking at the first 32 bit of data, and I now made it not accept method lengths that are longer than the whole data set is, as given in the dedicated function argument. This was detected when the function was given bogus public key data as an ascii string, which caused the first 32bits to create a HUGE number.
2010-06-20 00:23:28 +02:00 · 2010-06-20 00:23:28 +02:00 · 7dc2bfac94
--- a/src/userauth.c
+++ b/src/userauth.c
@ -897,6 +897,15 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
         */
        if (!session->userauth_pblc_method) {
            session->userauth_pblc_method_len = _libssh2_ntohu32(pubkeydata);
+
+            if(session->userauth_pblc_method_len > pubkeydata_len)
+                /* the method length simply cannot be longer than the entire
+                   passed in data, so we use this to detect crazy input
+                   data */
+                return _libssh2_error(session,
+                                      LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED,
+                                      "Invalid public key");
+
            session->userauth_pblc_method =
                LIBSSH2_ALLOC(session, session->userauth_pblc_method_len);
            if (!session->userauth_pblc_method) {