ssh: fix out of bounds read in banner parsing

author Victor Julien <victor@inliniac.net>

Thu, 19 Apr 2018 09:27:43 +0000 (11:27 +0200)

committer Victor Julien <victor@inliniac.net>

Wed, 18 Jul 2018 11:23:18 +0000 (13:23 +0200)
author Victor Julien <victor@inliniac.net>
Thu, 19 Apr 2018 09:27:43 +0000 (11:27 +0200)
committer Victor Julien <victor@inliniac.net>
Wed, 18 Jul 2018 11:23:18 +0000 (13:23 +0200)
diff --git a/src/app-layer-ssh.c b/src/app-layer-ssh.c

index f7f9abe76d70d91c5e0beb7d98aaabbf34eab975..3527fd33e058400128bd4226531eb12e162555d9 100644 (file)
--- a/src/app-layer-ssh.c
+++ b/src/app-layer-ssh.c
@@ -69,7 +69,7 @@ static int SSHParseBanner(SshState *state, SshHeader *header, const uint8_t *inp
      uint32_t line_len = input_len;
  
      /* is it the version line? */
-    if (SCMemcmp("SSH-", line_ptr, 4) != 0) {
+    if (line_len >= 4 && SCMemcmp("SSH-", line_ptr, 4) != 0) {
          SCReturnInt(-1);
      }
author	Victor Julien <victor@inliniac.net>
	Thu, 19 Apr 2018 09:27:43 +0000 (11:27 +0200)
committer	Victor Julien <victor@inliniac.net>
	Wed, 18 Jul 2018 11:23:18 +0000 (13:23 +0200)