projects / oweals / gnunet.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1a9d3ba)
-check tcp off value
authorChristian Grothoff <christian@grothoff.org>
Thu, 26 Jan 2012 16:11:16 +0000 (16:11 +0000)
committerChristian Grothoff <christian@grothoff.org>
Thu, 26 Jan 2012 16:11:16 +0000 (16:11 +0000)
src/exit/gnunet-daemon-exit.c patch | blob | history

diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c
index b1d7d0d675a2ac6d04bacec53ee278347d400bc0..075e04aee28ceb00b814b9fb4b5dbfcbeb002917 100644 (file)
--- a/src/exit/gnunet-daemon-exit.c
+++ b/src/exit/gnunet-daemon-exit.c
@@ -1573,6 +1573,11 @@ receive_tcp_service (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
     GNUNET_break_op (0);
     return GNUNET_SYSERR;
   }
+  if (start->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
   GNUNET_break_op (ntohl (start->reserved) == 0);
   /* setup fresh connection */
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -1649,6 +1654,11 @@ receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
     GNUNET_break_op (0);
     return GNUNET_SYSERR;
   }
+  if (start->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
   af = (int) ntohl (start->af);
   state->ri.remote_address.af = af;
   switch (af)
@@ -1699,7 +1709,6 @@ receive_tcp_remote (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
                           buf, sizeof (buf)),
                (unsigned int) ntohs (start->tcp_header.dpt));  
   }
-
   state->ri.remote_address.proto = IPPROTO_TCP;
   state->ri.remote_address.port = ntohs (start->tcp_header.dpt);
   setup_state_record (state);
@@ -1757,6 +1766,11 @@ receive_tcp_data (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
                              1, GNUNET_NO);
     return GNUNET_SYSERR;
   }
+  if (data->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
   GNUNET_break_op (ntohl (data->reserved) == 0);
   {
     char buf[INET6_ADDRSTRLEN];
Unnamed repository; edit this file 'description' to name the repository.