diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2017-05-25 22:21:23 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2017-05-25 22:21:23 +0800 |
| commit | 095b067857df04ea498e7adf76dc0380d7deeb1d (patch) | |
| tree | 562006d2e00ceb82ad0f63535e48895250c17ceb | |
| parent | 87c4586d61da2b11d3310f6ef7705886a7155edd (diff) | |
limit input size
--HG--
branch : fuzz
| -rw-r--r-- | svr-authpubkey.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/svr-authpubkey.c b/svr-authpubkey.c index 04d1b13..fbee63f 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -195,9 +195,9 @@ static int checkpubkey_line(buffer* line, int line_num, char* filename, unsigned int pos, len; int ret = DROPBEAR_FAILURE; - if (line->len < MIN_AUTHKEYS_LINE) { - TRACE(("checkpubkey: line too short")) - return DROPBEAR_FAILURE; /* line is too short for it to be a valid key */ + if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) { + TRACE(("checkpubkey: bad line length %d", line->len)) + return DROPBEAR_FAILURE; } /* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */ |