1
1

_libssh2_userauth_publickey: reject method names longer than the data

This functions get the method length by looking at the first 32
bit of data, and I now made it not accept method lengths that are
longer than the whole data set is, as given in the dedicated
function argument.

This was detected when the function was given bogus public key
data as an ascii string, which caused the first 32bits to create
a HUGE number.
Этот коммит содержится в:
Daniel Stenberg 2010-06-20 00:23:28 +02:00
родитель 35cf08e130
Коммит 7dc2bfac94

Просмотреть файл

@ -897,6 +897,15 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
*/
if (!session->userauth_pblc_method) {
session->userauth_pblc_method_len = _libssh2_ntohu32(pubkeydata);
if(session->userauth_pblc_method_len > pubkeydata_len)
/* the method length simply cannot be longer than the entire
passed in data, so we use this to detect crazy input
data */
return _libssh2_error(session,
LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED,
"Invalid public key");
session->userauth_pblc_method =
LIBSSH2_ALLOC(session, session->userauth_pblc_method_len);
if (!session->userauth_pblc_method) {