[openssh-commits] [openssh] 04/05: upstream: don't attempt to decode a ridiculous number of
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Mar 31 15:06:31 AEDT 2023
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 4fb29eeafb40a2076c0dbe54e46b687c318f87aa
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Mar 31 04:00:37 2023 +0000
upstream: don't attempt to decode a ridiculous number of
attributes; harmless because of bounds elsewhere, but better to be explicit
OpenBSD-Commit-ID: 1a34f4b6896155b80327d15dc7ccf294b538a9f2
---
sftp-common.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sftp-common.c b/sftp-common.c
index 50f1bbaf..5d724982 100644
--- a/sftp-common.c
+++ b/sftp-common.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-common.c,v 1.33 2022/09/19 10:41:58 djm Exp $ */
+/* $OpenBSD: sftp-common.c,v 1.34 2023/03/31 04:00:37 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Damien Miller. All rights reserved.
@@ -137,6 +137,8 @@ decode_attrib(struct sshbuf *b, Attrib *a)
if ((r = sshbuf_get_u32(b, &count)) != 0)
return r;
+ if (count > 0x100000)
+ return SSH_ERR_INVALID_FORMAT;
for (i = 0; i < count; i++) {
if ((r = sshbuf_get_cstring(b, &type, NULL)) != 0 ||
(r = sshbuf_get_string(b, &data, &dlen)) != 0)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list