projects
/
oweals
/
gnunet.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
c9fc239
)
- fix #3928: make sure accessed variables are below size threshold
author
Bart Polot
<bart@net.in.tum.de>
Wed, 19 Aug 2015 10:53:50 +0000
(10:53 +0000)
committer
Bart Polot
<bart@net.in.tum.de>
Wed, 19 Aug 2015 10:53:50 +0000
(10:53 +0000)
src/cadet/gnunet-service-cadet_tunnel.c
patch
|
blob
|
history
diff --git
a/src/cadet/gnunet-service-cadet_tunnel.c
b/src/cadet/gnunet-service-cadet_tunnel.c
index 99551e958cf958a117a6d291157c14f0504da73b..c165b13c04a5c8a001b62fa3029fa2ef447bb75a 100644
(file)
--- a/
src/cadet/gnunet-service-cadet_tunnel.c
+++ b/
src/cadet/gnunet-service-cadet_tunnel.c
@@
-3134,7
+3134,7
@@
GCT_handle_encrypted (struct CadetTunnel *t,
this loop may be unaligned, see util's MST for
how to do this right. */
off = 0;
this loop may be unaligned, see util's MST for
how to do this right. */
off = 0;
- while (off < decrypted_size)
+ while (off
+ sizeof (struct GNUNET_MessageHeader)
< decrypted_size)
{
uint16_t msize;
{
uint16_t msize;
@@
-3145,6
+3145,11
@@
GCT_handle_encrypted (struct CadetTunnel *t,
GNUNET_break_op (0);
return;
}
GNUNET_break_op (0);
return;
}
+ if (off + msize < decrypted_size)
+ {
+ GNUNET_break_op (0);
+ return;
+ }
handle_decrypted (t, msgh, GNUNET_SYSERR);
off += msize;
}
handle_decrypted (t, msgh, GNUNET_SYSERR);
off += msize;
}