some extra paranoia, reminded by jsg@
authordjm <djm@openbsd.org>
Tue, 24 Sep 2024 02:28:17 +0000 (02:28 +0000)
committerdjm <djm@openbsd.org>
Tue, 24 Sep 2024 02:28:17 +0000 (02:28 +0000)
usr.bin/ssh/ssh-agent.c

index 1b4c965..dbbaf31 100644 (file)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.306 2024/03/09 05:12:13 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.307 2024/09/24 02:28:17 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1690,6 +1690,10 @@ process_ext_session_bind(SocketEntry *e)
                error_fr(r, "parse");
                goto out;
        }
+       if (sshbuf_len(sid) > AGENT_MAX_SID_LEN) {
+               error_f("session ID too long");
+               goto out;
+       }
        if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
            SSH_FP_DEFAULT)) == NULL)
                fatal_f("fingerprint failed");