projects
/
oweals
/
tinc.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
[oweals/tinc.git]
/
src
/
net_packet.c
diff --git
a/src/net_packet.c
b/src/net_packet.c
index c2092480584b90c91cd0ea431bd3ee6ec9ec1aab..054679e9aa0c75bca437e96443336a21d7ee53e4 100644
(file)
--- a/
src/net_packet.c
+++ b/
src/net_packet.c
@@
-1,7
+1,7
@@
/*
net_packet.c -- Handles in- and outgoing VPN packets
Copyright (C) 1998-2005 Ivo Timmermans,
/*
net_packet.c -- Handles in- and outgoing VPN packets
Copyright (C) 1998-2005 Ivo Timmermans,
- 2000-201
2
Guus Sliepen <guus@tinc-vpn.org>
+ 2000-201
3
Guus Sliepen <guus@tinc-vpn.org>
2010 Timothy Redaelli <timothy@redaelli.eu>
2010 Brandon Black <blblack@gmail.com>
2010 Timothy Redaelli <timothy@redaelli.eu>
2010 Brandon Black <blblack@gmail.com>
@@
-394,6
+394,9
@@
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
void receive_tcppacket(connection_t *c, const char *buffer, int len) {
vpn_packet_t outpkt;
void receive_tcppacket(connection_t *c, const char *buffer, int len) {
vpn_packet_t outpkt;
+ if(len > sizeof outpkt.data)
+ return;
+
outpkt.len = len;
if(c->options & OPTION_TCPONLY)
outpkt.priority = 0;
outpkt.len = len;
if(c->options & OPTION_TCPONLY)
outpkt.priority = 0;