octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2024-11-05 13:07:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

add size checking to binary packets in Net/SSH2.php (thanks ?????? ????????!)

Browse Source
This commit is contained in:
terrafrost 2013-01-26 00:17:23 -06:00
parent 111544428e
commit e7336e6b54
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
phpseclib/Net/SSH2.php
View File

@ -2060,6 +2060,15 @@ class Net_SSH2 {
extract(unpack('Npacket_length/Cpadding_length', $this->_string_shift($raw, 5)));
$remaining_length = $packet_length + 4 - $this->decrypt_block_size;
// quoting <http://tools.ietf.org/html/rfc4253#section-6.1>,
// "implementations SHOULD check that the packet length is reasonable"
// PuTTY uses 0x9000 as the actual max packet size and so to shall we
if ($remaining_length < -$this->decrypt_block_size || $remaining_length > 0x9000 || $remaining_length % $this->decrypt_block_size != 0) {
user_error('Invalid size');
return false;
}
$buffer = '';
while ($remaining_length > 0) {
$temp = fread($this->fsock, $remaining_length);