diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2006-06-14 10:50:43 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2006-06-14 10:50:43 +0000 |
| commit | 6e1bb74fb6ee03f44f695f4d20b423f65e9ac0a5 (patch) | |
| tree | 38a5145ed81f894cf9cd515631673cf7d801984f /usr.bin | |
| parent | 83811c30363f6f2a518a3bdd9aea04bd9779410f (diff) | |
limit the number of pre-banner characters we will accept; ok markus@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 30d88853c0a..f3abeb578c5 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.184 2006/06/08 14:45:49 markus Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.185 2006/06/14 10:50:42 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -379,10 +379,10 @@ ssh_exchange_identification(void) int connection_in = packet_get_connection_in(); int connection_out = packet_get_connection_out(); int minor1 = PROTOCOL_MINOR_1; - u_int i; + u_int i, n; /* Read other side's version identification. */ - for (;;) { + for (n = 0;;) { for (i = 0; i < sizeof(buf) - 1; i++) { size_t len = atomicio(read, connection_in, &buf[i], 1); @@ -399,6 +399,8 @@ ssh_exchange_identification(void) buf[i + 1] = 0; break; } + if (++n > 65536) + fatal("ssh_exchange_identification: No banner received"); } buf[sizeof(buf) - 1] = 0; if (strncmp(buf, "SSH-", 4) == 0) |