mirror of
https://github.com/phpseclib/phpseclib.git
synced 2025-01-01 05:31:53 +00:00
add size checking to binary packets in Net/SSH2.php (thanks ?????? ????????!)
This commit is contained in:
parent
111544428e
commit
e7336e6b54
@ -2060,6 +2060,15 @@ class Net_SSH2 {
|
|||||||
extract(unpack('Npacket_length/Cpadding_length', $this->_string_shift($raw, 5)));
|
extract(unpack('Npacket_length/Cpadding_length', $this->_string_shift($raw, 5)));
|
||||||
|
|
||||||
$remaining_length = $packet_length + 4 - $this->decrypt_block_size;
|
$remaining_length = $packet_length + 4 - $this->decrypt_block_size;
|
||||||
|
|
||||||
|
// quoting <http://tools.ietf.org/html/rfc4253#section-6.1>,
|
||||||
|
// "implementations SHOULD check that the packet length is reasonable"
|
||||||
|
// PuTTY uses 0x9000 as the actual max packet size and so to shall we
|
||||||
|
if ($remaining_length < -$this->decrypt_block_size || $remaining_length > 0x9000 || $remaining_length % $this->decrypt_block_size != 0) {
|
||||||
|
user_error('Invalid size');
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$buffer = '';
|
$buffer = '';
|
||||||
while ($remaining_length > 0) {
|
while ($remaining_length > 0) {
|
||||||
$temp = fread($this->fsock, $remaining_length);
|
$temp = fread($this->fsock, $remaining_length);
|
||||||
|
Loading…
Reference in New Issue
Block a user