From b2694f0e8a54112200f2638f01b622f603dd125f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Nov 2004 20:27:54 +1100 Subject: [PATCH] - markus@cvs.openbsd.org 2004/10/20 11:48:53 [packet.c ssh1.h] disconnect for invalid (out of range) message types. --- ChangeLog | 5 ++++- packet.c | 6 +++++- ssh1.h | 5 ++++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9e38de0cc..19671a05e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -42,6 +42,9 @@ [ssh-agent.c] don't unlink agent socket when bind() fails, spotted by rich AT rich-paul.net, ok markus@ + - markus@cvs.openbsd.org 2004/10/20 11:48:53 + [packet.c ssh1.h] + disconnect for invalid (out of range) message types. 20041102 - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX @@ -1821,4 +1824,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3573 2004/11/05 09:26:49 dtucker Exp $ +$Id: ChangeLog,v 1.3574 2004/11/05 09:27:54 dtucker Exp $ diff --git a/packet.c b/packet.c index 82a569404..7c150fde7 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.115 2004/06/21 17:36:31 avsm Exp $"); +RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -981,6 +981,8 @@ packet_read_poll1(void) buffer_len(&compression_buffer)); } type = buffer_get_char(&incoming_packet); + if (type < SSH_MSG_MIN || type > SSH_MSG_MAX) + packet_disconnect("Invalid ssh1 packet type: %d", type); return type; } @@ -1093,6 +1095,8 @@ packet_read_poll2(u_int32_t *seqnr_p) * return length of payload (without type field) */ type = buffer_get_char(&incoming_packet); + if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN) + packet_disconnect("Invalid ssh2 packet type: %d", type); if (type == SSH2_MSG_NEWKEYS) set_newkeys(MODE_IN); #ifdef PACKET_DEBUG diff --git a/ssh1.h b/ssh1.h index cc7fbc8b0..1741c229a 100644 --- a/ssh1.h +++ b/ssh1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh1.h,v 1.4 2004/07/11 17:48:47 deraadt Exp $ */ +/* $OpenBSD: ssh1.h,v 1.5 2004/10/20 11:48:53 markus Exp $ */ /* * Author: Tatu Ylonen @@ -18,6 +18,9 @@ * for compatibility. The maximum value is 254; value 255 is reserved for * future extension. */ +/* Ranges */ +#define SSH_MSG_MIN 1 +#define SSH_MSG_MAX 254 /* Message name */ /* msg code */ /* arguments */ #define SSH_MSG_NONE 0 /* no message */ #define SSH_MSG_DISCONNECT 1 /* cause (string) */