WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #54 from JacobBarthelmeh/fuzz 

check for overflow case
pull/60/head
John Safranek 2018-05-10 14:02:35 -07:00 committed by GitHub
parent 988c45b042 b4e02d77b1
commit e1f242f451
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/internal.c
View File

@ -3875,8 +3875,11 @@ static int DoPacket(WOLFSSH* ssh)
msg = buf[idx++];
/* At this point, payload starts at "buf + idx". */
/* sanity check on payloadSz */
if (ssh->inputBuffer.bufferSz < payloadSz + idx) {
/* sanity check on payloadSz. Uses "or" condition because of the case when
* adding idx to payloadSz causes it to overflow.
*/
if ((ssh->inputBuffer.bufferSz < payloadSz + idx) ||
(payloadSz + idx < payloadSz)) {
return WS_OVERFLOW_E;
}