Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix handle mis-parse
This could lead to the server process
accessing uninitialized data.

In some deployment models this would
be a vulnerability. However, the README
specifically warns about avoiding such
deployment models, so this patch is not
going to be treated as a vulnerability fix.
  • Loading branch information
ewxrjk committed Aug 29, 2020
1 parent 392a5b3 commit bf4032f
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions parse.c
Expand Up @@ -97,8 +97,11 @@ uint32_t sftp_parse_path(struct sftpjob *job, char **strp) {
uint32_t sftp_parse_handle(struct sftpjob *job, struct handleid *id) {
uint32_t len, rc;

if((rc = sftp_parse_uint32(job, &len)) != SSH_FX_OK || len != 8 ||
(rc = sftp_parse_uint32(job, &id->id)) != SSH_FX_OK ||
if((rc = sftp_parse_uint32(job, &len)) != SSH_FX_OK)
return rc;
if(len != 8)
return SSH_FX_BAD_MESSAGE;
if((rc = sftp_parse_uint32(job, &id->id)) != SSH_FX_OK ||
(rc = sftp_parse_uint32(job, &id->tag) != SSH_FX_OK))
return rc;
return SSH_FX_OK;
Expand Down

0 comments on commit bf4032f

Please sign in to comment.