aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2015-12-07 18:38:54 +0100
committerHans Nilsson <[email protected]>2015-12-07 18:38:54 +0100
commitb8ac85a0673d06606c6523e4bb8f46e1034d0638 (patch)
treedec8901f7e4b1e30c6cdc951cf5e8b0089120738
parent9be3ffd7bbb7fbf386fe7857b3ff9c9803e91cc7 (diff)
downloadotp-b8ac85a0673d06606c6523e4bb8f46e1034d0638.tar.gz
otp-b8ac85a0673d06606c6523e4bb8f46e1034d0638.tar.bz2
otp-b8ac85a0673d06606c6523e4bb8f46e1034d0638.zip
ssh: fix error for bad packet lengths found by Defensics
-rw-r--r--lib/ssh/src/ssh_connection_handler.erl20
-rw-r--r--lib/ssh/src/ssh_transport.erl5
2 files changed, 19 insertions, 6 deletions
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 516a09bf6a..0eaeba26a9 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -999,7 +999,8 @@ handle_info({Protocol, Socket, Data}, StateName,
encoded_data_buffer = EncData0,
undecoded_packet_length = RemainingSshPacketLen0} = State0) ->
Encoded = <<EncData0/binary, Data/binary>>,
- case ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0) of
+ try ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0)
+ of
{get_more, DecBytes, EncDataRest, RemainingSshPacketLen, Ssh1} ->
{next_state, StateName,
next_packet(State0#state{encoded_data_buffer = EncDataRest,
@@ -1021,7 +1022,22 @@ handle_info({Protocol, Socket, Data}, StateName,
#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
description = "Bad mac",
language = ""},
- handle_disconnect(DisconnectMsg, State0#state{ssh_params=Ssh1})
+ handle_disconnect(DisconnectMsg, State0#state{ssh_params=Ssh1});
+
+ {error, {exceeds_max_size,PacketLen}} ->
+ DisconnectMsg =
+ #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
+ description = "Bad packet length "
+ ++ integer_to_list(PacketLen),
+ language = ""},
+ handle_disconnect(DisconnectMsg, State0)
+ catch
+ _:_ ->
+ DisconnectMsg =
+ #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
+ description = "Bad packet",
+ language = ""},
+ handle_disconnect(DisconnectMsg, State0)
end;
handle_info({CloseTag, _Socket}, _StateName,
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 67a0d29bb8..18037b8461 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -1004,10 +1004,7 @@ handle_packet_part(<<>>, Encrypted0, undefined, #ssh{decrypt = CryptoAlg} = Ssh0
{ok, PacketLen, _, _, _} when PacketLen > ?SSH_MAX_PACKET_SIZE ->
%% far too long message than expected
- throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
- description = "Bad packet length "
- ++ integer_to_list(PacketLen),
- language = ""});
+ {error, {exceeds_max_size,PacketLen}};
{ok, PacketLen, Decrypted, Encrypted1,
#ssh{recv_mac_size = MacSize} = Ssh1} ->