enforce the following:
* Packet must have at least one byte of payload and four bytes of padding.
* Total packet length must not exceed 35000 bytes compressed.
* Total packet length including length field must be a multiple of cipher
block size (or eight bytes).
The feebleness of our old checks was noticed by Ben Rudiak-Gould.
git-svn-id: svn://svn.tartarus.org/sgt/putty@5981
cda61777-01e9-0310-a592-
d414129be87e
* _Completely_ silly lengths should be stomped on before they
* do us any more damage.
*/
- if (st->len < 0 || st->pad < 0 || st->len + st->pad < 0) {
+ if (st->len < 0 || st->len > 35000 || st->pad < 4 ||
+ st->len - st->pad < 1 || (st->len + 4) % st->cipherblk != 0) {
bombout(("Incoming packet was garbled on decryption"));
ssh_free_packet(st->pktin);
crStop(NULL);