Check for invalid path_length

author David Barksdale <amatus@amat.us>

Fri, 22 Dec 2017 20:54:30 +0000 (14:54 -0600)

committer David Barksdale <amatus@amat.us>

Fri, 22 Dec 2017 20:54:30 +0000 (14:54 -0600)
author David Barksdale <amatus@amat.us>
Fri, 22 Dec 2017 20:54:30 +0000 (14:54 -0600)
committer David Barksdale <amatus@amat.us>
Fri, 22 Dec 2017 20:54:30 +0000 (14:54 -0600)
diff --git a/src/cadet/gnunet-service-cadet_core.c b/src/cadet/gnunet-service-cadet_core.c

index ae03b4f35552eb168c75e8066af9004126530863..a67bbf445636c084cea62ded71a132475ba1c3a8 100644 (file)
--- a/src/cadet/gnunet-service-cadet_core.c
+++ b/src/cadet/gnunet-service-cadet_core.c
@@ -771,6 +771,12 @@ handle_connection_create (void *cls,
  
    options = (enum GNUNET_CADET_ChannelOption) ntohl (msg->options);
    path_length = size / sizeof (struct GNUNET_PeerIdentity);
+  if (0 == path_length)
+  {
+    /* bogus request */
+    GNUNET_break_op (0);
+    return;
+  }
    /* Initiator is at offset 0. */
    for (off=1;off<path_length;off++)
      if (0 == memcmp (&my_full_id,
author	David Barksdale <amatus@amat.us>
	Fri, 22 Dec 2017 20:54:30 +0000 (14:54 -0600)
committer	David Barksdale <amatus@amat.us>
	Fri, 22 Dec 2017 20:54:30 +0000 (14:54 -0600)