Skip to content

Commit 4fb29ee

Browse files
djmdjmdjmdjm
committed
upstream: don't attempt to decode a ridiculous number of
attributes; harmless because of bounds elsewhere, but better to be explicit OpenBSD-Commit-ID: 1a34f4b6896155b80327d15dc7ccf294b538a9f2
1 parent fc437c1 commit 4fb29ee

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

sftp-common.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $OpenBSD: sftp-common.c,v 1.33 2022/09/19 10:41:58 djm Exp $ */
1+
/* $OpenBSD: sftp-common.c,v 1.34 2023/03/31 04:00:37 djm Exp $ */
22
/*
33
* Copyright (c) 2001 Markus Friedl. All rights reserved.
44
* Copyright (c) 2001 Damien Miller. All rights reserved.
@@ -137,6 +137,8 @@ decode_attrib(struct sshbuf *b, Attrib *a)
137137

138138
if ((r = sshbuf_get_u32(b, &count)) != 0)
139139
return r;
140+
if (count > 0x100000)
141+
return SSH_ERR_INVALID_FORMAT;
140142
for (i = 0; i < count; i++) {
141143
if ((r = sshbuf_get_cstring(b, &type, NULL)) != 0 ||
142144
(r = sshbuf_get_string(b, &data, &dlen)) != 0)

0 commit comments

Comments
 (0)