mirror of https://github.com/wolfSSL/wolfssh.git
Fuzz Test Fixes
1. Add a maximum packet size value and verify the read packet size.pull/67/head
parent
a528f57840
commit
37eb1bc59d
|
@ -4392,6 +4392,9 @@ int DoReceive(WOLFSSH* ssh)
|
||||||
/* Peek at the packet_length field. */
|
/* Peek at the packet_length field. */
|
||||||
ato32(ssh->inputBuffer.buffer + ssh->inputBuffer.idx,
|
ato32(ssh->inputBuffer.buffer + ssh->inputBuffer.idx,
|
||||||
&ssh->curSz);
|
&ssh->curSz);
|
||||||
|
if (ssh->curSz > MAX_PACKET_SZ - (word32)peerMacSz - LENGTH_SZ)
|
||||||
|
return WS_OVERFLOW_E;
|
||||||
|
|
||||||
ssh->processReplyState = PROCESS_PACKET_FINISH;
|
ssh->processReplyState = PROCESS_PACKET_FINISH;
|
||||||
FALL_THROUGH;
|
FALL_THROUGH;
|
||||||
|
|
||||||
|
|
|
@ -130,6 +130,10 @@ enum {
|
||||||
#ifndef DEFAULT_NEXT_CHANNEL
|
#ifndef DEFAULT_NEXT_CHANNEL
|
||||||
#define DEFAULT_NEXT_CHANNEL 0
|
#define DEFAULT_NEXT_CHANNEL 0
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef MAX_PACKET_SZ
|
||||||
|
/* This is from RFC 4253 section 6.1. */
|
||||||
|
#define MAX_PACKET_SZ 35000
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
WOLFSSH_LOCAL byte NameToId(const char*, word32);
|
WOLFSSH_LOCAL byte NameToId(const char*, word32);
|
||||||
|
|
Loading…
Reference in New Issue