|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
diff --git a/src/twisted/conch/ssh/transport.py b/src/twisted/conch/ssh/transport.py
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
index bd76b0a..a477d27 100644
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
--- a/src/twisted/conch/ssh/transport.py
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+++ b/src/twisted/conch/ssh/transport.py
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
@@ -677,6 +677,14 @@ class SSHTransportBase(protocol.Protocol):
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
"""
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
self.buf = self.buf + data
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
if not self.gotVersion:
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ if len(self.buf) > 4096:
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ self.sendDisconnect(
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ DISCONNECT_CONNECTION_LOST,
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ b"Peer version string longer than 4KB. "
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ b"Preventing a denial of service attack.",
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ )
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ return
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
if self.buf.find(b'\n', self.buf.find(b'SSH-')) == -1:
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
return
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
diff --git a/src/twisted/conch/test/test_transport.py b/src/twisted/conch/test/test_transport.py
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
index 98a3515..449dd3f 100644
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
--- a/src/twisted/conch/test/test_transport.py
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+++ b/src/twisted/conch/test/test_transport.py
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
@@ -522,6 +522,27 @@ class BaseSSHTransportTests(BaseSSHTransportBaseCase, TransportTestCase):
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
r')*$')
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
self.assertRegex(softwareVersion, softwareVersionRegex)
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ def test_dataReceiveVersionNotSentMemoryDOS(self):
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ """
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ When the peer is not sending its SSH version but keeps sending data,
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ the connection is disconnected after 4KB to prevent buffering too
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ much and running our of memory.
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ """
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ sut = MockTransportBase()
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ sut.makeConnection(self.transport)
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ # Data can be received over multiple chunks.
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ sut.dataReceived(b"SSH-2-Server-Identifier")
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ sut.dataReceived(b"1234567890" * 406)
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ sut.dataReceived(b"1235678")
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ self.assertFalse(self.transport.disconnecting)
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ # Here we are going over the limit.
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ sut.dataReceived(b"1234567")
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ # Once a lot of data is received without an SSH version string,
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ # the transport is disconnected.
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ self.assertTrue(self.transport.disconnecting)
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
+ self.assertIn(b"Preventing a denial of service attack", self.transport.value())
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
def test_sendPacketPlain(self):
|
|
![](https://seccdn.libravatar.org/avatar/5d02acc4111d403d9335c8ec071a47b2a1fbea6b0cc458ad671b24017b70b1cc?s=16&d=retro) |
28be644 |
"""
|