[GNUnet-SVN] r33695 - gnunet/src/cadet

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r33695 - gnunet/src/cadet

From:	gnunet
Subject:	[GNUnet-SVN] r33695 - gnunet/src/cadet
Date:	Tue, 17 Jun 2014 14:13:37 +0200

Author: bartpolot
Date: 2014-06-17 14:13:37 +0200 (Tue, 17 Jun 2014)
New Revision: 33695

Modified:
   gnunet/src/cadet/gnunet-service-cadet_tunnel.c
Log:
- check message size to avoid infinite loop

Modified: gnunet/src/cadet/gnunet-service-cadet_tunnel.c
===================================================================
--- gnunet/src/cadet/gnunet-service-cadet_tunnel.c      2014-06-17 12:13:36 UTC 
(rev 33694)
+++ gnunet/src/cadet/gnunet-service-cadet_tunnel.c      2014-06-17 12:13:37 UTC 
(rev 33695)
@@ -1953,9 +1953,17 @@
   off = 0;
   while (off < decrypted_size)
   {
+    uint16_t msize;
+
     msgh = (struct GNUNET_MessageHeader *) &cbuf[off];
+    msize = ntohs (msgh->size);
+    if (msize < sizeof (struct GNUNET_MessageHeader))
+    {
+      GNUNET_break_op (0);
+      return;
+    }
     handle_decrypted (t, msgh, GNUNET_SYSERR);
-    off += ntohs (msgh->size);
+    off += msize;
   }
 }

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r33695 - gnunet/src/cadet, gnunet <=

Prev by Date: [GNUnet-SVN] r33692 - gnunet/src/cadet
Next by Date: [GNUnet-SVN] r33696 - gnunet/src/cadet
Previous by thread: [GNUnet-SVN] r33692 - gnunet/src/cadet
Next by thread: [GNUnet-SVN] r33696 - gnunet/src/cadet
Index(es):
- Date
- Thread