sftp_read: return error if a too large package arrives
diff --git a/src/sftp.c b/src/sftp.c
index ff17de8..d0536dd 100644
--- a/src/sftp.c
+++ b/src/sftp.c
@@ -1488,6 +1488,14 @@
return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,
"SFTP Protocol badness");
+ if(rc32 > chunk->len) {
+ /* A chunk larger than we requested was returned to us.
+ This is a protocol violation and we don't know how to
+ deal with it. Bail out! */
+ return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,
+ "FXP_READ response too big");
+ }
+
if(rc32 != chunk->len) {
/* a short read does not imply end of file, but we must
adjust the offset_sent since it was advanced with a