The line that resets st->pktin->length to cover only the semantic
payload of the SSH message was overwriting the modification to
st->pktin->length performed by the optional decompression step. I
didn't notice because I don't habitually enable compression.
[originally from svn r10103]
[r10070 ==
9f5d51a4ac3c10efbefa9b10facb5386e02a6aca]
st->pktin->sequence = st->incoming_sequence++;
st->pktin->sequence = st->incoming_sequence++;
+ st->pktin->length = st->packetlen - st->pad;
+ assert(st->pktin->length >= 0);
+
/*
* Decompress packet payload.
*/
/*
* Decompress packet payload.
*/
*/
st->pktin->type = st->pktin->data[5];
st->pktin->body = st->pktin->data + 6;
*/
st->pktin->type = st->pktin->data[5];
st->pktin->body = st->pktin->data + 6;
- st->pktin->length = st->packetlen - 6 - st->pad;
+ st->pktin->length -= 6;
assert(st->pktin->length >= 0); /* one last double-check */
if (ssh->logctx)
assert(st->pktin->length >= 0); /* one last double-check */
if (ssh->logctx)