Commit b2f6c722 authored by Christian Kandeler's avatar Christian Kandeler Committed by hjk

SSH: Replace assertion by exception.

We used Q_ASSERT to verify packet validity even for incoming packets,
which means a malicious host could crash QtCreator by sending invalid
data.

Change-Id: Ie2b674d40273d987d91387f41748fbe085c63ed8
Reviewed-by: default avatarhjk <qthjk@ovi.com>
parent 0d20c5b7
......@@ -90,6 +90,9 @@ void SshIncomingPacket::consumeData(QByteArray &newData)
return;
}
if (4 + length() + macLength() < currentDataSize())
throw SSH_SERVER_EXCEPTION(SSH_DISCONNECT_PROTOCOL_ERROR, "Server sent invalid packet.");
const int bytesToTake
= qMin<quint32>(length() + 4 + macLength() - currentDataSize(),
newData.size());
......
......@@ -70,7 +70,6 @@ bool AbstractSshPacket::isComplete() const
{
if (currentDataSize() < minPacketSize())
return false;
Q_ASSERT(4 + length() + macLength() >= currentDataSize());
return 4 + length() + macLength() == currentDataSize();
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment