From ca9128f3842781136806a2c0453180d816abe16d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Deuc=D0=B5?= <shurd@sasktel.net>
Date: Sat, 30 Dec 2023 10:13:31 -0500
Subject: [PATCH] Fix buffer underflow checks in get functions

---
 src/sftp/sftp_pkt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/sftp/sftp_pkt.c b/src/sftp/sftp_pkt.c
index 9332cfcce2..40c4469c02 100644
--- a/src/sftp/sftp_pkt.c
+++ b/src/sftp/sftp_pkt.c
@@ -128,7 +128,7 @@ sftp_remove_packet(sftp_rx_pkt_t pkt)
 
 #define GET_FUNC_BODY                                \
 	assert(pkt);                                  \
-	if (pkt->cur + sizeof(ret) > pkt->sz)          \
+	if (pkt->cur + offsetof(struct sftp_rx_pkt, data) + sizeof(ret) > pkt->sz)          \
 		return 0;                               \
 	memcpy(&ret, &pkt->data[pkt->cur], sizeof(ret)); \
 	pkt->cur += sizeof(ret)
@@ -166,7 +166,7 @@ sftp_getstring(sftp_rx_pkt_t pkt)
 {
 	assert(pkt);
 	uint32_t sz = sftp_get32(pkt);
-	if (pkt->cur + sizeof(sz) > pkt->sz)
+	if (pkt->cur + offsetof(struct sftp_rx_pkt, data) + sizeof(sz) > pkt->sz)
 		return NULL;
 	sftp_str_t ret = sftp_memdup(&pkt->data[pkt->cur], sz);
 	if (ret == NULL)
-- 
GitLab