From ccd5f3f1603d6634eb789f7ea04f731a2ff3e9cb Mon Sep 17 00:00:00 2001 From: "Jean-Marc Pigeon (Delson)" Date: Fri, 25 Jul 2025 20:19:02 -0400 Subject: [PATCH] Fixe incoming buffer overload section --- app/feeder.c | 2 +- data-feed/feed13.tst | 6 ++++++ lib/devsoc.c | 9 +++++++-- 3 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 data-feed/feed13.tst diff --git a/app/feeder.c b/app/feeder.c index 31056a0..d34e65c 100644 --- a/app/feeder.c +++ b/app/feeder.c @@ -655,7 +655,7 @@ static _Bool scanonefile(FEEDTYP *fd,const char *filename) { _Bool status; int numline; -char line[200]; +char line[3000]; int phase; _Bool proceed; diff --git a/data-feed/feed13.tst b/data-feed/feed13.tst new file mode 100644 index 0000000..2161179 --- /dev/null +++ b/data-feed/feed13.tst @@ -0,0 +1,6 @@ +#==================================================== +T:(feed13) Trying to overcome the entry buffer +R:220 mailleur.example.com, ESMTP (cleartext) mailleur... +#==================================================== +S:SSH-2.0-Go +S:??^EL^S^TÌK>^\^U3^W^[õ¶T6è^RP??^A^Ycurve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1??^B[ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss,ssh-ed25519,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss,ssh-ed25519???<9b>aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128???<9b>aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@EL^S^TÌK>^\^U3"^W^[õ¶T6è^RP??^A^Ycurve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1??^B[ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss,ssh-ed25519,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss,ssh-ed25519???<9b>aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128???<9b>aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@ diff --git a/lib/devsoc.c b/lib/devsoc.c index f696ba6..465b725 100644 --- a/lib/devsoc.c +++ b/lib/devsoc.c @@ -346,7 +346,7 @@ eol=(char *)0; phase=0; proceed=true; while (proceed==true) { - //(void) rou_alert(0,"JMPDBG %s phase='%d'",OPEP,phase); + //(void) rou_alert(0,"JMPDBG %s phase='%d' carin='%d'",OPEP,phase,soc->carin); switch (phase) { case 0 : //Do we have dat in carpile if (soc->carin==0) @@ -356,7 +356,8 @@ while (proceed==true) { //(void) rou_alert(0,"%s capile=<%s>",OPEP,soc->carpile); if (soc->carin>=(soc->maxcarin)-1) { //Overload! trying to overcome by extending carpile an adding an EOL - soc->carpile=(char *)realloc(soc->carpile,(soc->carin+5)*sizeof(char)); + soc->maxcarin=soc->carin+5; + soc->carpile=(char *)realloc(soc->carpile,(soc->maxcarin)*sizeof(char)); (void) strcat(soc->carpile,soc->EOL); } break; @@ -373,6 +374,8 @@ while (proceed==true) { break; case 4 : //managing carpile soc->carin-=(got+strlen(soc->EOL)); + if (soc->carin<0) + soc->carin=0; if (soc->carin>0) { int delta; @@ -1202,6 +1205,8 @@ while (proceed==true) { case 2 : //reading data buffer=soc->carpile+soc->carin; limit=(soc->maxcarin-soc->carin); + //(void) rou_alert(0,"%s JMPDBG limit='%d' maxcarin='%d' carin='%d'", + // OPEP,limit,soc->maxcarin,soc->carin); (void) memset(buffer,'\000',limit); limit--; errno=0; -- 2.47.3