From: Victor Julien <victor@inliniac.net>
Date: Thu, 19 Apr 2018 09:27:43 +0000 (+0200)
Subject: ssh: fix out of bounds read in banner parsing
X-Git-Tag: suricata-4.0.5~3
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=4dc26b3ae86e1ac9885884eec30a70edc27fa883;p=thirdparty%2Fsuricata.git

ssh: fix out of bounds read in banner parsing

Reported-by: Henning Perl
---

diff --git a/src/app-layer-ssh.c b/src/app-layer-ssh.c
index 91aa9c59b6..23435fffa1 100644
--- a/src/app-layer-ssh.c
+++ b/src/app-layer-ssh.c
@@ -69,7 +69,7 @@ static int SSHParseBanner(SshState *state, SshHeader *header, const uint8_t *inp
     uint32_t line_len = input_len;
 
     /* is it the version line? */
-    if (SCMemcmp("SSH-", line_ptr, 4) != 0) {
+    if (line_len >= 4 && SCMemcmp("SSH-", line_ptr, 4) != 0) {
         SCReturnInt(-1);
     }