Mercurial > dropbear

comparison packet.c @ 791:0bf76f54de6f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Limit decompressed size
author Matt Johnston <matt@ucc.asn.au>
date Wed, 08 May 2013 23:23:14 +0800
parents d63ef1e211ea
children a625f9e135a4
comparison
equal deleted inserted replaced
790:7bd88d546627 791:0bf76f54de6f
40 buffer * clear_buf, unsigned int clear_len, 40 buffer * clear_buf, unsigned int clear_len,
41 unsigned char *output_mac); 41 unsigned char *output_mac);
42 static int checkmac(); 42 static int checkmac();
43 43
44 #define ZLIB_COMPRESS_INCR 100 44 #define ZLIB_COMPRESS_INCR 100
45 #define ZLIB_DECOMPRESS_INCR 100 45 #define ZLIB_DECOMPRESS_INCR 1024
46 #ifndef DISABLE_ZLIB 46 #ifndef DISABLE_ZLIB
47 static buffer* buf_decompress(buffer* buf, unsigned int len); 47 static buffer* buf_decompress(buffer* buf, unsigned int len);
48 static void buf_compress(buffer * dest, buffer * src, unsigned int len); 48 static void buf_compress(buffer * dest, buffer * src, unsigned int len);
49 #endif 49 #endif
50 50
418 * and there's no remaining input */ 418 * and there's no remaining input */
419 return ret; 419 return ret;
420 } 420 }
421 421
422 if (zstream->avail_out == 0) { 422 if (zstream->avail_out == 0) {
423 buf_resize(ret, ret->size + ZLIB_DECOMPRESS_INCR); 423 int new_size = 0;
424 if (ret->size >= RECV_MAX_PAYLOAD_LEN) {
425 dropbear_exit("bad packet, oversized decompressed");
426 }
427 new_size = MIN(RECV_MAX_PAYLOAD_LEN, ret->size + ZLIB_DECOMPRESS_INCR);
428 buf_resize(ret, new_size);
424 } 429 }
425 } 430 }
426 } 431 }
427 #endif 432 #endif
428 433