Check for an illegal length of passphrase in read_passphrase().

diff --git a/src/encr.c b/src/encr.c
index e78ed5ec62a859e04f432e2bb728c04f2f12ac6e..c34c1c93b6a2eaffdcb2b16811753419863a6a0e 100644 (file)
--- a/src/encr.c
+++ b/src/encr.c
@@ -107,7 +107,12 @@ int read_passphrase(char *which, char **out)
     }
 
   fscanf(f, "%d ", &size);
-  size >>= 2; /* nibbles->bits */
+  if(size < 1 || size > (1<<15))
+    {
+      syslog(LOG_ERR, "Illegal passphrase in %s; size would be %d", filename, size);
+      return -1;
+    }
+  size >>= 2; /* bits->nibbles */
   pp = xmalloc(size+2);
   fgets(pp, size+1, f);
   fclose(f);