From: dtucker@openbsd.org <dtucker@openbsd.org>
Date: Thu, 12 Nov 2020 22:38:57 +0000 (+0000)
Subject: upstream: Prevent integer overflow when ridiculously large
X-Git-Tag: V_8_5_P1~201
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=819b44e8b9af6ce18d3ec7505b9f461bf7991a1f;p=thirdparty%2Fopenssh-portable.git

upstream: Prevent integer overflow when ridiculously large

ConnectTimeout is specified, capping the effective value (for most platforms)
at 24 days. bz#3229, ok djm@

OpenBSD-Commit-ID: 62d4c4b7b87d111045f8e9f28b5b532d17ac5bc0
---

diff --git a/ssh.c b/ssh.c
index 85c6e6c55..f467ba2d0 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.541 2020/11/08 11:46:12 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.542 2020/11/12 22:38:57 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1523,7 +1523,10 @@ main(int ac, char **av)
 			cleanup_exit(255); /* resolve_host logs the error */
 	}
 
-	timeout_ms = options.connection_timeout * 1000;
+	if (options.connection_timeout >= INT_MAX/1000)
+		timeout_ms = INT_MAX;
+	else
+		timeout_ms = options.connection_timeout * 1000;
 
 	/* Open a connection to the remote host. */
 	if (ssh_connect(ssh, host, host_arg, addrs, &hostaddr, options.port,