diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2017-05-25 22:21:23 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2017-05-25 22:21:23 +0800 |
| commit | 72f85ad90f84a5aaf5fb02a636e090d75d4c13bc (patch) | |
| tree | 8a405cc7b30bd7b042d99770fda76f9b5a62ad9f /svr-authpubkey.c | |
| parent | fb4e07f7a84068fccd4d42fb538d3123762ba50f (diff) | |
limit input size
Diffstat (limited to 'svr-authpubkey.c')
| -rw-r--r-- | svr-authpubkey.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/svr-authpubkey.c b/svr-authpubkey.c index 04d1b13..fbee63f 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -195,9 +195,9 @@ static int checkpubkey_line(buffer* line, int line_num, char* filename, unsigned int pos, len; int ret = DROPBEAR_FAILURE; - if (line->len < MIN_AUTHKEYS_LINE) { - TRACE(("checkpubkey: line too short")) - return DROPBEAR_FAILURE; /* line is too short for it to be a valid key */ + if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) { + TRACE(("checkpubkey: bad line length %d", line->len)) + return DROPBEAR_FAILURE; } /* compare the algorithm. +3 so we have enough bytes to read a space and some base64 characters too. */ |