Mercurial > dropbear
comparison svr-authpubkey.c @ 1376:9e9c8d37fd56 fuzz
limit input size
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 25 May 2017 22:21:23 +0800 |
| parents | de1d895b1cae |
| children | 7e95ab97d2b0 06d52bcb8094 |
comparison
equal
deleted
inserted
replaced
| 1375:d8215479a58a | 1376:9e9c8d37fd56 |
|---|---|
| 193 const unsigned char* keyblob, unsigned int keybloblen) { | 193 const unsigned char* keyblob, unsigned int keybloblen) { |
| 194 buffer *options_buf = NULL; | 194 buffer *options_buf = NULL; |
| 195 unsigned int pos, len; | 195 unsigned int pos, len; |
| 196 int ret = DROPBEAR_FAILURE; | 196 int ret = DROPBEAR_FAILURE; |
| 197 | 197 |
| 198 if (line->len < MIN_AUTHKEYS_LINE) { | 198 if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) { |
| 199 TRACE(("checkpubkey: line too short")) | 199 TRACE(("checkpubkey: bad line length %d", line->len)) |
| 200 return DROPBEAR_FAILURE; /* line is too short for it to be a valid key */ | 200 return DROPBEAR_FAILURE; |
| 201 } | 201 } |
| 202 | 202 |
| 203 /* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */ | 203 /* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */ |
| 204 if (line->pos + algolen+3 > line->len) { | 204 if (line->pos + algolen+3 > line->len) { |
| 205 goto out; | 205 goto out; |