changeset 1376:9e9c8d37fd56 fuzz

limit input size
author Matt Johnston <matt@ucc.asn.au>
date Thu, 25 May 2017 22:21:23 +0800
parents d8215479a58a
children d4cc85e6c569
files svr-authpubkey.c
diffstat 1 files changed, 3 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/svr-authpubkey.c	Thu May 25 22:20:10 2017 +0800
+++ b/svr-authpubkey.c	Thu May 25 22:21:23 2017 +0800
@@ -195,9 +195,9 @@
 	unsigned int pos, len;
 	int ret = DROPBEAR_FAILURE;
 
-	if (line->len < MIN_AUTHKEYS_LINE) {
-		TRACE(("checkpubkey: line too short"))
-		return DROPBEAR_FAILURE; /* line is too short for it to be a valid key */
+	if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) {
+		TRACE(("checkpubkey: bad line length %d", line->len))
+		return DROPBEAR_FAILURE;
 	}
 
 	/* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */