WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fuzz Test Fixes 

1. Add a maximum packet size value and verify the read packet size.
pull/67/head
John Safranek 2018-05-24 13:07:32 -07:00
parent a528f57840
commit 37eb1bc59d
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/internal.c
View File

@ -4392,6 +4392,9 @@ int DoReceive(WOLFSSH* ssh)
/* Peek at the packet_length field. */ /* Peek at the packet_length field. */
ato32(ssh->inputBuffer.buffer + ssh->inputBuffer.idx, ato32(ssh->inputBuffer.buffer + ssh->inputBuffer.idx,
&ssh->curSz); &ssh->curSz);
if (ssh->curSz > MAX_PACKET_SZ - (word32)peerMacSz - LENGTH_SZ)
return WS_OVERFLOW_E;
ssh->processReplyState = PROCESS_PACKET_FINISH; ssh->processReplyState = PROCESS_PACKET_FINISH;
FALL_THROUGH; FALL_THROUGH;

4
wolfssh/internal.h
View File

@ -130,6 +130,10 @@ enum {
#ifndef DEFAULT_NEXT_CHANNEL #ifndef DEFAULT_NEXT_CHANNEL
#define DEFAULT_NEXT_CHANNEL 0 #define DEFAULT_NEXT_CHANNEL 0
#endif #endif
#ifndef MAX_PACKET_SZ
/* This is from RFC 4253 section 6.1. */
#define MAX_PACKET_SZ 35000
#endif
WOLFSSH_LOCAL byte NameToId(const char*, word32); WOLFSSH_LOCAL byte NameToId(const char*, word32);