3
# User Matt Johnston <matt@ucc.asn.au>
4
# Date 1368026594 -28800
5
# Node ID 0bf76f54de6fc6dda70985a51ee7b25922e6fea4
6
# Parent 7bd88d546627ff31d0e2d91e6022b3e77a943efb
7
Limit decompressed size
9
diff -r 7bd88d546627 -r 0bf76f54de6f packet.c
10
--- a/packet.c Mon Apr 29 23:42:37 2013 +0800
11
+++ b/packet.c Wed May 08 23:23:14 2013 +0800
13
static int checkmac();
15
#define ZLIB_COMPRESS_INCR 100
16
-#define ZLIB_DECOMPRESS_INCR 100
17
+#define ZLIB_DECOMPRESS_INCR 1024
19
static buffer* buf_decompress(buffer* buf, unsigned int len);
20
static void buf_compress(buffer * dest, buffer * src, unsigned int len);
24
if (zstream->avail_out == 0) {
25
- buf_resize(ret, ret->size + ZLIB_DECOMPRESS_INCR);
27
+ if (ret->size >= RECV_MAX_PAYLOAD_LEN) {
28
+ dropbear_exit("bad packet, oversized decompressed");
30
+ new_size = MIN(RECV_MAX_PAYLOAD_LEN, ret->size + ZLIB_DECOMPRESS_INCR);
31
+ buf_resize(ret, new_size);