Skip to content
* Defend against possible integer overflows in comp_method_zlib_decomp.

* Defend against writing beyond the end of the payload in _libssh2_transport_read().

* Sanitize padding_length - _libssh2_transport_read().

This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.

* Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read.

* Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.

* Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short.

* Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add().
Assets 2
You can’t perform that action at this time.