Commit 4d8a8315 authored by Juliusz Chroboczek's avatar Juliusz Chroboczek

Fix some more (read-only) buffer overflows.

parent ebda926d
......@@ -274,13 +274,13 @@ check_hmac(const unsigned char *packet, int packetlen, int bodylen,
debugf("check_hmac %s -> %s\n",
format_address(src), format_address(dst));
while(i < packetlen) {
if(i + 1 > packetlen) {
if(i + 2 > packetlen) {
fprintf(stderr, "Received truncated message.\n");
break;
}
len = packet[i+1];
len = packet[i + 1];
if(packet[i] == MESSAGE_HMAC) {
if(i + len > packetlen) {
if(i + len + 2 > packetlen) {
fprintf(stderr, "Received truncated message.\n");
return -1;
}
......
......@@ -471,7 +471,7 @@ preparse_packet(const unsigned char *packet, int bodylen,
break;
}
len = message[1];
if(i + len > bodylen) {
if(i + len + 2 > bodylen) {
fprintf(stderr, "Received truncated message.\n");
break;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment