- more message size checks

author Bart Polot <bart@net.in.tum.de>

Fri, 9 Jan 2015 18:04:30 +0000 (18:04 +0000)

committer Bart Polot <bart@net.in.tum.de>

Fri, 9 Jan 2015 18:04:30 +0000 (18:04 +0000)
author Bart Polot <bart@net.in.tum.de>
Fri, 9 Jan 2015 18:04:30 +0000 (18:04 +0000)
committer Bart Polot <bart@net.in.tum.de>
Fri, 9 Jan 2015 18:04:30 +0000 (18:04 +0000)
diff --git a/src/cadet/gnunet-service-cadet_local.c b/src/cadet/gnunet-service-cadet_local.c

index 03fec52c19e82ac20fe2659af25632afd50a9ed4..97eba2903ed2826b93f1f7f63f09e29bd0d95fee 100644 (file)
--- a/src/cadet/gnunet-service-cadet_local.c
+++ b/src/cadet/gnunet-service-cadet_local.c
@@ -222,6 +222,7 @@ channel_destroy_iterator (void *cls,
    return GNUNET_OK;
  }
  
+
  /**
   * Handler for client disconnection
   *
@@ -496,12 +497,15 @@ handle_data (void *cls, struct GNUNET_SERVER_Client *client,
    /* Sanity check for message size */
    message_size = ntohs (message->size);
    if (sizeof (struct GNUNET_CADET_LocalData)
-      + sizeof (struct GNUNET_MessageHeader) > message_size)
+      + sizeof (struct GNUNET_MessageHeader) > message_size
+      || GNUNET_CONSTANTS_MAX_CADET_MESSAGE_SIZE < message_size)
    {
      GNUNET_break (0);
      GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
      return;
    }
+
+  /* Sanity check for payload size */
    payload_size = message_size - sizeof (struct GNUNET_CADET_LocalData);
    msg = (struct GNUNET_CADET_LocalData *) message;
    payload = (struct GNUNET_MessageHeader *) &msg[1];
author	Bart Polot <bart@net.in.tum.de>
	Fri, 9 Jan 2015 18:04:30 +0000 (18:04 +0000)
committer	Bart Polot <bart@net.in.tum.de>
	Fri, 9 Jan 2015 18:04:30 +0000 (18:04 +0000)