octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2024-12-26 11:37:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check packet size before extracting channel

Browse Source
This commit is contained in:
Robert 2024-07-09 15:02:58 -04:00
parent d5bb57ecca
commit 1617746239
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
phpseclib/Net/SSH2.php
View File

@ -1748,7 +1748,6 @@ class SSH2
$response = $this->get_binary_packet_or_close(NET_SSH2_MSG_KEXDH_GEX_GROUP);
list($type, $primeBytes, $gBytes) = Strings::unpackSSH2('Css', $response);
$this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEXDH_GEX_GROUP');
$prime = new BigInteger($primeBytes, -256);
$g = new BigInteger($gBytes, -256);
@ -2412,7 +2411,6 @@ class SSH2
$this->send_binary_packet($packet, $logged);
$response = $this->get_binary_packet_or_close();
list($type) = Strings::unpackSSH2('C', $response);
switch ($type) {
case NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: // in theory, the password can be changed
@ -4023,7 +4021,10 @@ class SSH2
}
return true;
}
list($type, $channel) = Strings::unpackSSH2('CN', $response);
list($type) = Strings::unpackSSH2('C', $response);
if (strlen($response) >= 4) {
list($channel) = Strings::unpackSSH2('N', $response);
}
// will not be setup yet on incoming channel open request
if (isset($channel) && isset($this->channel_status[$channel]) && isset($this->window_size_server_to_client[$channel])) {