From 3bbcf808d8da43a379cee5ce3d004d3c6eb6e1b7 Mon Sep 17 00:00:00 2001
From: Maarten <maarten@informaarten.nl>
Date: Fri, 30 Nov 2012 15:14:49 +0100
Subject: [PATCH] Limit memory allocation of get_bytes to 1MB

If get_bytes() can pad unlimited, a RSA pub key could be crafted
that would allocate GB's of nulls, thereby forming a DoS-vector.
---
 paramiko/message.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/paramiko/message.py b/paramiko/message.py
index 366c43c..47acc34 100644
--- a/paramiko/message.py
+++ b/paramiko/message.py
@@ -110,7 +110,8 @@ class Message (object):
         @rtype: string
         """
         b = self.packet.read(n)
-        if len(b) < n:
+        max_pad_size = 1<<20  # Limit padding to 1 MB
+        if len(b) < n and n < max_pad_size:
             return b + '\x00' * (n - len(b))
         return b