From: Simon Tatham <anakin@pobox.com>
Date: Wed, 31 May 2000 10:18:24 +0000 (+0000)
Subject: Security improvement: check CRC on incoming packets
X-Git-Tag: 0.49~12
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=6b8179820517c61af8745d914565489c72914fc9;p=PuTTY.git

Security improvement: check CRC on incoming packets

[originally from svn r489]
---

diff --git a/ssh.c b/ssh.c
index a91190ec..295d0e68 100644
--- a/ssh.c
+++ b/ssh.c
@@ -127,6 +127,7 @@ static void ssh_gotdata(unsigned char *data, int datalen) {
     static long len, biglen, to_read;
     static unsigned char *p;
     static int i, pad;
+    static unsigned long realcrc, gotcrc;
 
     crBegin;
     while (1) {
@@ -186,6 +187,15 @@ static void ssh_gotdata(unsigned char *data, int datalen) {
 	pktin.type = pktin.data[pad];
 	pktin.body = pktin.data+pad+1;
 
+	realcrc = crc32(pktin.data, biglen-4);
+	gotcrc = (pktin.data[biglen-4] << 24);
+	gotcrc |= (pktin.data[biglen-3] << 16);
+	gotcrc |= (pktin.data[biglen-2] <<  8);
+	gotcrc |= (pktin.data[biglen-1] <<  0);
+	if (gotcrc != realcrc) {
+	    fatalbox("Incorrect CRC received on packet");
+	}
+
 	if (pktin.type == SSH_MSG_DEBUG) {
 	    /* FIXME: log it */
 	} else if (pktin.type == SSH_MSG_IGNORE) {