diff options
| author | Maarten <maarten@informaarten.nl> | 2012-11-30 15:14:49 +0100 |
|---|---|---|
| committer | Maarten <maarten@informaarten.nl> | 2012-11-30 15:14:49 +0100 |
| commit | 3bbcf808d8da43a379cee5ce3d004d3c6eb6e1b7 (patch) | |
| tree | fcc933f5f9b5f4f6f0db89675a268f2e71e128f7 | |
| parent | 0ae0e9800c7bfb3f8ea40fa0d33ebf6dff49f759 (diff) | |
Limit memory allocation of get_bytes to 1MB
If get_bytes() can pad unlimited, a RSA pub key could be crafted
that would allocate GB's of nulls, thereby forming a DoS-vector.
| -rw-r--r-- | paramiko/message.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/paramiko/message.py b/paramiko/message.py index 366c43c9..47acc34b 100644 --- a/paramiko/message.py +++ b/paramiko/message.py @@ -110,7 +110,8 @@ class Message (object): @rtype: string """ b = self.packet.read(n) - if len(b) < n: + max_pad_size = 1<<20 # Limit padding to 1 MB + if len(b) < n and n < max_pad_size: return b + '\x00' * (n - len(b)) return b |