mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-26 03:42:07 +00:00
upstream commit
check number of entries in SSH2_FXP_NAME response; avoids unreachable overflow later. Reported by Jann Horn Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f
This commit is contained in:
parent
ddd3d34e5c
commit
c7995f296b
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sftp-client.c,v 1.125 2016/09/12 01:22:38 deraadt Exp $ */
|
||||
/* $OpenBSD: sftp-client.c,v 1.126 2017/01/03 05:46:51 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||
*
|
||||
@ -587,6 +587,8 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
|
||||
|
||||
if ((r = sshbuf_get_u32(msg, &count)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
if (count > SSHBUF_SIZE_MAX)
|
||||
fatal("%s: nonsensical number of entries", __func__);
|
||||
if (count == 0)
|
||||
break;
|
||||
debug3("Received %d SSH2_FXP_NAME responses", count);
|
||||
|
Loading…
Reference in New Issue
Block a user