Limit memory allocation of get_bytes to 1MB

If get_bytes() can pad unlimited, a RSA pub key could be crafted that would allocate GB's of nulls, thereby forming a DoS-vector.
author: Maarten <maarten@informaarten.nl> 2012-11-30 15:14:49 +0100
committer: Maarten <maarten@informaarten.nl> 2012-11-30 15:14:49 +0100
commit: 3bbcf808d8da43a379cee5ce3d004d3c6eb6e1b7 (patch)
tree: fcc933f5f9b5f4f6f0db89675a268f2e71e128f7 /paramiko/message.py
parent: 0ae0e9800c7bfb3f8ea40fa0d33ebf6dff49f759 (diff)
download: paramiko-3bbcf808d8da43a379cee5ce3d004d3c6eb6e1b7.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/paramiko/message.py b/paramiko/message.py
index 366c43c9..47acc34b 100644
--- a/paramiko/message.py
+++ b/paramiko/message.py
@@ -110,7 +110,8 @@ class Message (object):
         @rtype: string
         """
         b = self.packet.read(n)
-        if len(b) < n:
+        max_pad_size = 1<<20  # Limit padding to 1 MB
+        if len(b) < n and n < max_pad_size:
             return b + '\x00' * (n - len(b))
         return b
author	Maarten <maarten@informaarten.nl>	2012-11-30 15:14:49 +0100
committer	Maarten <maarten@informaarten.nl>	2012-11-30 15:14:49 +0100
commit	3bbcf808d8da43a379cee5ce3d004d3c6eb6e1b7 (patch)
tree	fcc933f5f9b5f4f6f0db89675a268f2e71e128f7 /paramiko/message.py
parent	0ae0e9800c7bfb3f8ea40fa0d33ebf6dff49f759 (diff)
download	paramiko-3bbcf808d8da43a379cee5ce3d004d3c6eb6e1b7.tar.gz