diff options
author | Hans Nilsson <[email protected]> | 2015-12-07 18:38:54 +0100 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2015-12-07 18:38:54 +0100 |
commit | b8ac85a0673d06606c6523e4bb8f46e1034d0638 (patch) | |
tree | dec8901f7e4b1e30c6cdc951cf5e8b0089120738 | |
parent | 9be3ffd7bbb7fbf386fe7857b3ff9c9803e91cc7 (diff) | |
download | otp-b8ac85a0673d06606c6523e4bb8f46e1034d0638.tar.gz otp-b8ac85a0673d06606c6523e4bb8f46e1034d0638.tar.bz2 otp-b8ac85a0673d06606c6523e4bb8f46e1034d0638.zip |
ssh: fix error for bad packet lengths found by Defensics
-rw-r--r-- | lib/ssh/src/ssh_connection_handler.erl | 20 | ||||
-rw-r--r-- | lib/ssh/src/ssh_transport.erl | 5 |
2 files changed, 19 insertions, 6 deletions
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 516a09bf6a..0eaeba26a9 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -999,7 +999,8 @@ handle_info({Protocol, Socket, Data}, StateName, encoded_data_buffer = EncData0, undecoded_packet_length = RemainingSshPacketLen0} = State0) -> Encoded = <<EncData0/binary, Data/binary>>, - case ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0) of + try ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0) + of {get_more, DecBytes, EncDataRest, RemainingSshPacketLen, Ssh1} -> {next_state, StateName, next_packet(State0#state{encoded_data_buffer = EncDataRest, @@ -1021,7 +1022,22 @@ handle_info({Protocol, Socket, Data}, StateName, #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, description = "Bad mac", language = ""}, - handle_disconnect(DisconnectMsg, State0#state{ssh_params=Ssh1}) + handle_disconnect(DisconnectMsg, State0#state{ssh_params=Ssh1}); + + {error, {exceeds_max_size,PacketLen}} -> + DisconnectMsg = + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Bad packet length " + ++ integer_to_list(PacketLen), + language = ""}, + handle_disconnect(DisconnectMsg, State0) + catch + _:_ -> + DisconnectMsg = + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Bad packet", + language = ""}, + handle_disconnect(DisconnectMsg, State0) end; handle_info({CloseTag, _Socket}, _StateName, diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 67a0d29bb8..18037b8461 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -1004,10 +1004,7 @@ handle_packet_part(<<>>, Encrypted0, undefined, #ssh{decrypt = CryptoAlg} = Ssh0 {ok, PacketLen, _, _, _} when PacketLen > ?SSH_MAX_PACKET_SIZE -> %% far too long message than expected - throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad packet length " - ++ integer_to_list(PacketLen), - language = ""}); + {error, {exceeds_max_size,PacketLen}}; {ok, PacketLen, Decrypted, Encrypted1, #ssh{recv_mac_size = MacSize} = Ssh1} -> |