Limit memory allocation of get_bytes to 1MB

If get_bytes() can pad unlimited, a RSA pub key could be crafted that would allocate GB's of nulls, thereby forming a DoS-vector.
2012-11-30 15:14:49 +01:00 · 2012-11-30 15:14:49 +01:00 · 3bbcf808d8
parent 0ae0e9800c
commit 3bbcf808d8
1 changed files with 2 additions and 1 deletions
--- a/paramiko/message.py
+++ b/paramiko/message.py
@ -110,7 +110,8 @@ class Message (object):
        @rtype: string
        """
        b = self.packet.read(n)
-        if len(b) < n:
+        max_pad_size = 1<<20  # Limit padding to 1 MB
+        if len(b) < n and n < max_pad_size:
            return b + '\x00' * (n - len(b))
        return b