diff options
| author | Andreas Schneider <mail@cynapses.org> | 2009-04-22 14:52:04 +0000 |
|---|---|---|
| committer | Andreas Schneider <mail@cynapses.org> | 2009-04-22 14:52:04 +0000 |
| commit | ea59faaec9b4cff041de76e225a08b5be2f11799 (patch) | |
| tree | 179cd0ae8ac14b6ab3128f03fe767dc9a5559a47 | |
| parent | 6402559f28159984bd9067728da9c68f157ddd1f (diff) | |
| download | libssh-ea59faaec9b4cff041de76e225a08b5be2f11799.tar.gz libssh-ea59faaec9b4cff041de76e225a08b5be2f11799.tar.xz libssh-ea59faaec9b4cff041de76e225a08b5be2f11799.zip | |
Add more error checks to sftp_packet_read().
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@573 7dcaeef0-15fb-0310-b436-a5af3365683c
| -rw-r--r-- | libssh/sftp.c | 79 |
1 files changed, 47 insertions, 32 deletions
diff --git a/libssh/sftp.c b/libssh/sftp.c index 4b1ca26..02032ff 100644 --- a/libssh/sftp.c +++ b/libssh/sftp.c @@ -215,42 +215,57 @@ int sftp_packet_write(SFTP_SESSION *sftp,u8 type, BUFFER *payload){ return size; } -SFTP_PACKET *sftp_packet_read(SFTP_SESSION *sftp){ - SFTP_PACKET *packet; - u32 size; +SFTP_PACKET *sftp_packet_read(SFTP_SESSION *sftp) { + SFTP_PACKET *packet = NULL; + u32 size; - sftp_enter_function(); - packet = malloc(sizeof(SFTP_PACKET)); - if (packet == NULL) { + sftp_enter_function(); + + packet = malloc(sizeof(SFTP_PACKET)); + if (packet == NULL) { + return NULL; + } + packet->sftp = sftp; + packet->payload = buffer_new(); + if (packet->payload == NULL) { + SAFE_FREE(packet); + return NULL; + } + + if (channel_read(sftp->channel, packet->payload, 4, 0) <= 0) { + buffer_free(packet->payload); + SAFE_FREE(packet); + sftp_leave_function(); + return NULL; + } + + if (buffer_get_u32(packet->payload, &size) < 0) { + buffer_free(packet->payload); + SAFE_FREE(packet); + sftp_leave_function(); + return NULL; + } + + size = ntohl(size); + if (channel_read(sftp->channel, packet->payload, 1, 0) <= 0) { + buffer_free(packet->payload); + SAFE_FREE(packet); + sftp_leave_function(); + return NULL; + } + + buffer_get_u8(packet->payload, &packet->type); + if (size > 1) { + if (channel_read(sftp->channel, packet->payload, size - 1, 0) <= 0) { + buffer_free(packet->payload); + SAFE_FREE(packet); + sftp_leave_function(); return NULL; } + } - packet->sftp=sftp; - packet->payload=buffer_new(); - if(channel_read(sftp->channel,packet->payload,4,0)<=0){ - buffer_free(packet->payload); - free(packet); - sftp_leave_function(); - return NULL; - } - buffer_get_u32(packet->payload,&size); - size=ntohl(size); - if(channel_read(sftp->channel,packet->payload,1,0)<=0){ - buffer_free(packet->payload); - free(packet); - sftp_leave_function(); - return NULL; - } - buffer_get_u8(packet->payload,&packet->type); - if(size>1) - if(channel_read(sftp->channel,packet->payload,size-1,0)<=0){ - buffer_free(packet->payload); - free(packet); - sftp_leave_function(); - return NULL; - } - sftp_leave_function(); - return packet; + sftp_leave_function(); + return packet; } static void sftp_set_error(SFTP_SESSION *sftp, int errnum) { |