diff options
| author | George Hazan <ghazan@miranda.im> | 2019-03-15 16:04:01 +0300 |
|---|---|---|
| committer | George Hazan <ghazan@miranda.im> | 2019-03-15 16:04:01 +0300 |
| commit | 7b425e06f940fbc0a1d962bee7695530fcc70ceb (patch) | |
| tree | fb232f9f2066ccf19ce46ec8d92fdc2534f4c938 /libs/libssh2/src/kex.c | |
| parent | 2084ac854656d90a030de560d69d6c5080f9bb00 (diff) | |
libssh updated to 1.8.1
Diffstat (limited to 'libs/libssh2/src/kex.c')
| -rw-r--r-- | libs/libssh2/src/kex.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/libs/libssh2/src/kex.c b/libs/libssh2/src/kex.c index 65b722f421..3634cb5a91 100644 --- a/libs/libssh2/src/kex.c +++ b/libs/libssh2/src/kex.c @@ -228,11 +228,23 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session, } /* Parse KEXDH_REPLY */ + if(exchange_state->s_packet_len < 5) { + ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, + "Unexpected packet length"); + goto clean_exit; + } + exchange_state->s = exchange_state->s_packet + 1; session->server_hostkey_len = _libssh2_ntohu32(exchange_state->s); exchange_state->s += 4; + if(session->server_hostkey_len > exchange_state->s_packet_len - 5) { + ret = _libssh2_error(session, LIBSSH2_ERROR_OUT_OF_BOUNDARY, + "Host key length out of bounds"); + goto clean_exit; + } + if (session->server_hostkey) LIBSSH2_FREE(session, session->server_hostkey); @@ -848,11 +860,23 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session, } /* Parse KEXDH_REPLY */ + if(exchange_state->s_packet_len < 5) { + ret = _libssh2_error(session, LIBSSH2_ERROR_PROTO, + "Unexpected packet length"); + goto clean_exit; + } + exchange_state->s = exchange_state->s_packet + 1; session->server_hostkey_len = _libssh2_ntohu32(exchange_state->s); exchange_state->s += 4; + if(session->server_hostkey_len > exchange_state->s_packet_len - 5) { + ret = _libssh2_error(session, LIBSSH2_ERROR_OUT_OF_BOUNDARY, + "Host key length out of bounds"); + goto clean_exit; + } + if (session->server_hostkey) LIBSSH2_FREE(session, session->server_hostkey); |