ssh: fix out of bounds read in banner parsing

author Victor Julien <victor@inliniac.net>

Thu, 19 Apr 2018 09:27:43 +0000 (11:27 +0200)

committer Victor Julien <victor@inliniac.net>

Mon, 16 Jul 2018 11:30:50 +0000 (13:30 +0200)
author Victor Julien <victor@inliniac.net>
Thu, 19 Apr 2018 09:27:43 +0000 (11:27 +0200)
committer Victor Julien <victor@inliniac.net>
Mon, 16 Jul 2018 11:30:50 +0000 (13:30 +0200)
diff --git a/src/app-layer-ssh.c b/src/app-layer-ssh.c

index 91aa9c59b657ff2f264820c3a48e48caea9bd85f..23435fffa18ac1bebd2582c0fdf4a4141d85c52b 100644 (file)
--- a/src/app-layer-ssh.c
+++ b/src/app-layer-ssh.c
@@ -69,7 +69,7 @@ static int SSHParseBanner(SshState *state, SshHeader *header, const uint8_t *inp
      uint32_t line_len = input_len;
  
      /* is it the version line? */
-    if (SCMemcmp("SSH-", line_ptr, 4) != 0) {
+    if (line_len >= 4 && SCMemcmp("SSH-", line_ptr, 4) != 0) {
          SCReturnInt(-1);
      }
author	Victor Julien <victor@inliniac.net>
	Thu, 19 Apr 2018 09:27:43 +0000 (11:27 +0200)
committer	Victor Julien <victor@inliniac.net>
	Mon, 16 Jul 2018 11:30:50 +0000 (13:30 +0200)