libssh: catch a resume point larger than the size

author Daniel Stenberg <daniel@haxx.se>

Mon, 13 Oct 2025 07:45:28 +0000 (09:45 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Mon, 13 Oct 2025 10:27:39 +0000 (12:27 +0200)
author Daniel Stenberg <daniel@haxx.se>
Mon, 13 Oct 2025 07:45:28 +0000 (09:45 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Mon, 13 Oct 2025 10:27:39 +0000 (12:27 +0200)
diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c

index 69666c53884fabe023b5323854538cf33e65cc18..6bb32643af2d2565a5e90ad6141b069a4f3115f6 100644 (file)
--- a/lib/vssh/libssh.c
+++ b/lib/vssh/libssh.c
@@ -1239,6 +1239,10 @@ static int myssh_in_UPLOAD_INIT(struct Curl_easy *data,
  
      /* now, decrease the size of the read */
      if(data->state.infilesize > 0) {
+      if(data->state.resume_from > data->state.infilesize) {
+        failf(data, "Resume point beyond size");
+        return myssh_to_ERROR(data, sshc, CURLE_BAD_FUNCTION_ARGUMENT);
+      }
        data->state.infilesize -= data->state.resume_from;
        data->req.size = data->state.infilesize;
        Curl_pgrsSetUploadSize(data, data->state.infilesize);
author	Daniel Stenberg <daniel@haxx.se>
	Mon, 13 Oct 2025 07:45:28 +0000 (09:45 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Mon, 13 Oct 2025 10:27:39 +0000 (12:27 +0200)