In SSH2, if decrypting the packet length gave us a negative value,

subsequent packet-receiver code would fail to notice anything was
wrong and segfault. Since this is clearly a silly packet length
anyway, we now explicitly reject it as a daft encryption error.

[originally from svn r1852]

diff --git a/ssh.c b/ssh.c
index 0edaf932427f6a5465200bd874547d4d9b75c779..acc4598b86f3ef7db881638f33c2c346c62cdc60 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -884,6 +884,15 @@ static int ssh2_rdpkt(unsigned char **data, int *datalen)
     st->len = GET_32BIT(pktin.data);
     st->pad = pktin.data[4];
 
+    /*
+     * _Completely_ silly lengths should be stomped on before they
+     * do us any more damage.
+     */
+    if (st->len < 0 || st->pad < 0 || st->len + st->pad < 0) {
+       bombout(("Incoming packet was garbled on decryption"));
+       crReturn(0);
+    }
+
     /*
      * This enables us to deduce the payload length.
      */