From 1bd5343e71b7ebd09aabaebba282227a7786e5ba Mon Sep 17 00:00:00 2001
From: Kenny Root <kenny@the-b.org>
Date: Fri, 25 Dec 2015 20:16:23 -0600
Subject: Add length check with test

---
 sshlib/src/main/java/com/trilead/ssh2/crypto/SimpleDERReader.java | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'sshlib/src/main/java/com/trilead/ssh2')

diff --git a/sshlib/src/main/java/com/trilead/ssh2/crypto/SimpleDERReader.java b/sshlib/src/main/java/com/trilead/ssh2/crypto/SimpleDERReader.java
index ff8112a..beca5f7 100644
--- a/sshlib/src/main/java/com/trilead/ssh2/crypto/SimpleDERReader.java
+++ b/sshlib/src/main/java/com/trilead/ssh2/crypto/SimpleDERReader.java
@@ -68,7 +68,8 @@ public class SimpleDERReader
 		return count;
 	}
 
-	private int readLength() throws IOException
+	/* visible for testing */
+	int readLength() throws IOException
 	{
 		int len = readByte() & 0xff;
 
@@ -79,6 +80,8 @@ public class SimpleDERReader
 
 		if (remain == 0)
 			return -1;
+		else if (remain > 4)
+			return -1;
 
 		len = 0;
 		
@@ -89,6 +92,9 @@ public class SimpleDERReader
 			remain--;
 		}
 
+		if (len < 0)
+			return -1;
+
 		return len;
 	}
 
-- 
cgit v1.2.3