From 672c3be9ed5f3c3fb4261ccb6ddfbfb6afde356b Mon Sep 17 00:00:00 2001
From: Tilo Eckert <tilo.eckert@flam.de>
Date: Fri, 31 Jul 2015 13:22:02 +0200
Subject: sftp: Fix incorrect handling of received length fields

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
---
 src/sftp.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/sftp.c b/src/sftp.c
index 56093fb6..39d08192 100644
--- a/src/sftp.c
+++ b/src/sftp.c
@@ -307,7 +307,7 @@ sftp_packet sftp_packet_read(sftp_session sftp) {
   sftp_packet packet = NULL;
   uint32_t tmp;
   size_t size;
-  int r;
+  int r, s;
 
   packet = malloc(sizeof(struct sftp_packet_struct));
   if (packet == NULL) {
@@ -322,12 +322,18 @@ sftp_packet sftp_packet_read(sftp_session sftp) {
     return NULL;
   }
 
-  r=ssh_channel_read(sftp->channel, buffer, 4, 0);
-  if (r < 0) {
-    ssh_buffer_free(packet->payload);
-    SAFE_FREE(packet);
-    return NULL;
-  }
+  r=0;
+  do {
+    // read from channel until 4 bytes have been read or an error occurs
+    s=ssh_channel_read(sftp->channel, buffer+r, 4-r, 0);
+    if (s < 0) {
+      ssh_buffer_free(packet->payload);
+      SAFE_FREE(packet);
+      return NULL;
+    } else {
+      r += s;
+    }
+  } while (r<4);
   ssh_buffer_add_data(packet->payload, buffer, r);
   if (buffer_get_u32(packet->payload, &tmp) != sizeof(uint32_t)) {
     ssh_set_error(sftp->session, SSH_FATAL, "Short sftp packet!");
-- 
cgit