SSH_SMSG_{STDOUT,STDERR}_DATA packets is consistent with length
field in packet header. (Helps prevent insertion attack.)
git-svn-id: svn://svn.tartarus.org/sgt/putty@496
cda61777-01e9-0310-a592-
d414129be87e
long len = 0;
for (i = 0; i < 4; i++)
len = (len << 8) + pktin.body[i];
- c_write(pktin.body+4, len);
+ if (len+4 != pktin.length) {
+ logevent("Received data packet with bogus string length"
+ ", ignoring");
+ } else
+ c_write(pktin.body+4, len);
} else if (pktin.type == SSH_MSG_DISCONNECT) {
ssh_state = SSH_STATE_CLOSED;
logevent("Received disconnect request");