projects
/
oweals
/
tinc.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
18646de
)
Sanitize input in id_h - prevent integer overflows
author
thorkill
<thkr@hannover.ccc.de>
Mon, 1 May 2017 10:40:22 +0000
(12:40 +0200)
committer
Guus Sliepen
<guus@tinc-vpn.org>
Mon, 1 May 2017 11:10:59 +0000
(13:10 +0200)
src/protocol_auth.c
patch
|
blob
|
history
diff --git
a/src/protocol_auth.c
b/src/protocol_auth.c
index 31906bab49ed22d8ec6795a698383ca04c7f3c94..baf9eac188f4ca909417fd6ad00278352d3f87ff 100644
(file)
--- a/
src/protocol_auth.c
+++ b/
src/protocol_auth.c
@@
-281,7
+281,7
@@
static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat
bool id_h(connection_t *c, const char *request) {
char name[MAX_STRING_SIZE];
- if(sscanf(request, "%*d " MAX_STRING " %
d.%
d", name, &c->protocol_major, &c->protocol_minor) < 2) {
+ if(sscanf(request, "%*d " MAX_STRING " %
2d.%3
d", name, &c->protocol_major, &c->protocol_minor) < 2) {
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "ID", c->name,
c->hostname);
return false;