X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=ssh.c;h=1f8a214b6a07e165872d4e83cfecd8af7517ac21;hb=5471539a6738484b48fb938c88dce547a3e4b299;hp=f3ce6fe0f5f4f3c1d5288df87987418c6e73b079;hpb=7c2ea22784912b65e19027a9a9cf499258179742;p=PuTTY.git

diff --git a/ssh.c b/ssh.c
index f3ce6fe0..1f8a214b 100644
--- a/ssh.c
+++ b/ssh.c
@@ -364,6 +364,7 @@ static void do_ssh2_authconn(Ssh ssh, const unsigned char *in, int inlen,
 			     struct Packet *pktin);
 static void ssh2_channel_check_close(struct ssh_channel *c);
 static void ssh_channel_destroy(struct ssh_channel *c);
+static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin);
 
 /*
  * Buffer management constants. There are several of these for
@@ -1834,6 +1835,15 @@ static struct Packet *ssh2_rdpkt(Ssh ssh, const unsigned char **data,
 	}
     }
 
+    /*
+     * RFC 4253 doesn't explicitly say that completely empty packets
+     * with no type byte are forbidden, so treat them as deserving
+     * an SSH_MSG_UNIMPLEMENTED.
+     */
+    if (st->pktin->length <= 5) { /* == 5 we hope, but robustness */
+        ssh2_msg_something_unimplemented(ssh, st->pktin);
+        crStop(NULL);
+    }
     /*
      * pktin->body and pktin->length should identify the semantic
      * content of the packet, excluding the initial type byte.
@@ -3592,9 +3602,11 @@ static int ssh_test_for_upstream(const char *host, int port, Conf *conf)
     int savedport;
     int ret;
 
+    random_ref(); /* platform may need this to determine share socket name */
     ssh_hostport_setup(host, port, conf, &savedhost, &savedport, NULL);
     ret = ssh_share_test_for_upstream(savedhost, savedport, conf);
     sfree(savedhost);
+    random_unref();
 
     return ret;
 }