sftp_read: return error if a too large package arrives

commit: 437a3b75ec2bc30b3c4acb7971d343b152fecc8e [log] [tgz]
author: Daniel Stenberg <daniel@haxx.se> Tue Nov 06 22:29:32 2012 +0100
committer: Daniel Stenberg <daniel@haxx.se> Tue Nov 20 08:23:39 2012 +0100
tree: c864558d547219aee9990ff282c7e8826e6589c6
parent: a3ad635db49ef06d34409231d4e116dd6615552f [diff]
diff --git a/src/sftp.c b/src/sftp.c
index ff17de8..d0536dd 100644
--- a/src/sftp.c
+++ b/src/sftp.c

@@ -1488,6 +1488,14 @@
                     return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,
                                           "SFTP Protocol badness");
 
+                if(rc32 > chunk->len) {
+                    /* A chunk larger than we requested was returned to us.
+                       This is a protocol violation and we don't know how to
+                       deal with it. Bail out! */
+                    return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,
+                                          "FXP_READ response too big");
+                }
+
                 if(rc32 != chunk->len) {
                     /* a short read does not imply end of file, but we must
                        adjust the offset_sent since it was advanced with a
commit	437a3b75ec2bc30b3c4acb7971d343b152fecc8e	[log] [tgz]
author	Daniel Stenberg <daniel@haxx.se>	Tue Nov 06 22:29:32 2012 +0100
committer	Daniel Stenberg <daniel@haxx.se>	Tue Nov 20 08:23:39 2012 +0100
tree	c864558d547219aee9990ff282c7e8826e6589c6
parent	a3ad635db49ef06d34409231d4e116dd6615552f [diff]