- markus@cvs.openbsd.org 2004/10/20 11:48:53 [packet.c ssh1.h] disconnect for invalid (out of range) message types.

commit: b2694f0e8a54112200f2638f01b622f603dd125f [log] [tgz]
author: Darren Tucker <dtucker@zip.com.au> Fri Nov 05 20:27:54 2004 +1100
committer: Darren Tucker <dtucker@zip.com.au> Fri Nov 05 20:27:54 2004 +1100
tree: fead39f349540f3d1eff0db1bdb42407d09edc4a
parent: 1dee8683fb86b7840787ea29e40f5c18abca7eac [diff] [blame]
diff --git a/packet.c b/packet.c
index 82a5694..7c150fd 100644
--- a/packet.c
+++ b/packet.c

@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.115 2004/06/21 17:36:31 avsm Exp $");
+RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -981,6 +981,8 @@
 		    buffer_len(&compression_buffer));
 	}
 	type = buffer_get_char(&incoming_packet);
+	if (type < SSH_MSG_MIN || type > SSH_MSG_MAX)
+		packet_disconnect("Invalid ssh1 packet type: %d", type);
 	return type;
 }
 
@@ -1093,6 +1095,8 @@
 	 * return length of payload (without type field)
 	 */
 	type = buffer_get_char(&incoming_packet);
+	if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN)
+		packet_disconnect("Invalid ssh2 packet type: %d", type);
 	if (type == SSH2_MSG_NEWKEYS)
 		set_newkeys(MODE_IN);
 #ifdef PACKET_DEBUG
commit	b2694f0e8a54112200f2638f01b622f603dd125f	[log] [tgz]
author	Darren Tucker <dtucker@zip.com.au>	Fri Nov 05 20:27:54 2004 +1100
committer	Darren Tucker <dtucker@zip.com.au>	Fri Nov 05 20:27:54 2004 +1100
tree	fead39f349540f3d1eff0db1bdb42407d09edc4a
parent	1dee8683fb86b7840787ea29e40f5c18abca7eac [diff] [blame]