diff options
| author | Andreas Schneider <asn@cynapses.org> | 2010-09-29 12:14:33 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cynapses.org> | 2010-09-29 12:15:11 +0200 |
| commit | a13c9d4182fd8b7fd84cf4c71dd6c312dc4555bb (patch) | |
| tree | e8c3b5dd95b56153bb853a067be077d1ec13ec43 | |
| parent | 93f79c62efd961054d14bb70d419946d95818671 (diff) | |
| download | libssh-a13c9d4182fd8b7fd84cf4c71dd6c312dc4555bb.tar.gz libssh-a13c9d4182fd8b7fd84cf4c71dd6c312dc4555bb.tar.xz libssh-a13c9d4182fd8b7fd84cf4c71dd6c312dc4555bb.zip | |
misc: Make sure ssh_analyze_banner has proper length checks.
(backported from commit 38359672a546d87c8b2fb040bf30ebaec2ee3651)
| -rw-r--r-- | libssh/client.c | 55 |
1 files changed, 36 insertions, 19 deletions
diff --git a/libssh/client.c b/libssh/client.c index 12ebf598..c2edd88c 100644 --- a/libssh/client.c +++ b/libssh/client.c @@ -110,8 +110,21 @@ static int ssh_analyze_banner(ssh_session session, int *ssh1, int *ssh2) { const char *banner = session->serverbanner; const char *openssh; - if (banner == NULL || - strlen(banner) <= 4 || + if (banner == NULL) { + ssh_set_error(session, SSH_FATAL, "Invalid banner"); + return -1; + } + + /* + * Typical banners e.g. are: + * + * SSH-1.5-openSSH_5.4 + * SSH-1.99-openSSH_3.0 + * + * SSH-2.0-something + * 012345678901234567890 + */ + if (strlen(banner) < 6 || strncmp(banner, "SSH-", 4) != 0) { ssh_set_error(session, SSH_FATAL, "Protocol mismatch: %s", banner); return -1; @@ -119,19 +132,15 @@ static int ssh_analyze_banner(ssh_session session, int *ssh1, int *ssh2) { ssh_log(session, SSH_LOG_RARE, "Analyzing banner: %s", banner); - /* - * Typical banners e.g. are: - * SSH-1.5-blah - * SSH-1.99-blah - * SSH-2.0-blah - */ switch(banner[4]) { case '1': *ssh1 = 1; - if (banner[6] == '9') { - *ssh2 = 1; - } else { - *ssh2 = 0; + if (strlen(banner) > 6) { + if (banner[6] == '9') { + *ssh2 = 1; + } else { + *ssh2 = 0; + } } break; case '2': @@ -145,13 +154,21 @@ static int ssh_analyze_banner(ssh_session session, int *ssh1, int *ssh2) { openssh = strstr(banner, "OpenSSH"); if (openssh != NULL) { - int major, minor; - major = strtol(openssh + 8, (char **) NULL, 10); - minor = strtol(openssh + 10, (char **) NULL, 10); - session->openssh = SSH_VERSION_INT(major, minor, 0); - ssh_log(session, SSH_LOG_RARE, - "We are talking to an OpenSSH server version: %d.%d (%x)", - major, minor, session->openssh); + int major, minor; + + /* + * The banner is typical: + * OpenSSH_5.4 + * 012345678901234567890 + */ + if (strlen(openss) > 9) { + major = strtol(openssh + 8, (char **) NULL, 10); + minor = strtol(openssh + 10, (char **) NULL, 10); + session->openssh = SSH_VERSION_INT(major, minor, 0); + ssh_log(session, SSH_LOG_RARE, + "We are talking to an OpenSSH client version: %d.%d (%x)", + major, minor, session->openssh); + } } return 0; |