- validation allowed packet_length 0, which resulted in panic in call to bytes.(*Buffer).Grow with input n of -1 - packet_length includes padding_length byte, so must be at least 1 (https://tools.ietf.org/html/rfc4253#section-6)
@@ -570,7 +570,7 @@ func getSshPacketPrefix(buffer []byte) (int, int, int, int, error) {
packetLength := int(binary.BigEndian.Uint32(buffer[0 : SSH_PACKET_PREFIX_LENGTH-1]))
- if packetLength < 0 || packetLength > SSH_MAX_PACKET_LENGTH {
+ if packetLength < 1 || packetLength > SSH_MAX_PACKET_LENGTH {
return 0, 0, 0, 0, ContextError(errors.New("invalid ssh packet length"))
}
Rod Hynes