~mdw / sgt / putty / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 40d24aa)
Security improvement: check CRC on incoming packets
authorsimon <simon@cda61777-01e9-0310-a592-d414129be87e>
Wed, 31 May 2000 10:18:24 +0000 (10:18 +0000)
committersimon <simon@cda61777-01e9-0310-a592-d414129be87e>
Wed, 31 May 2000 10:18:24 +0000 (10:18 +0000)
git-svn-id: svn://svn.tartarus.org/sgt/putty@489 cda61777-01e9-0310-a592-d414129be87e

ssh.c patch | blob | blame | history

diff --git a/ssh.c b/ssh.c
index a91190e..295d0e6 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -127,6 +127,7 @@ static void ssh_gotdata(unsigned char *data, int datalen) {
     static long len, biglen, to_read;
     static unsigned char *p;
     static int i, pad;
+    static unsigned long realcrc, gotcrc;
 
     crBegin;
     while (1) {
@@ -186,6 +187,15 @@ static void ssh_gotdata(unsigned char *data, int datalen) {
        pktin.type = pktin.data[pad];
        pktin.body = pktin.data+pad+1;
 
+       realcrc = crc32(pktin.data, biglen-4);
+       gotcrc = (pktin.data[biglen-4] << 24);
+       gotcrc |= (pktin.data[biglen-3] << 16);
+       gotcrc |= (pktin.data[biglen-2] <<  8);
+       gotcrc |= (pktin.data[biglen-1] <<  0);
+       if (gotcrc != realcrc) {
+           fatalbox("Incorrect CRC received on packet");
+       }
+
        if (pktin.type == SSH_MSG_DEBUG) {
            /* FIXME: log it */
        } else if (pktin.type == SSH_MSG_IGNORE) {
Simon Tatham's PuTTY GUI SSH client; import of svn://svn.tartarus.org/sgt/putty