[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r36260 - gnunet/src/cadet
From: |
gnunet |
Subject: |
[GNUnet-SVN] r36260 - gnunet/src/cadet |
Date: |
Wed, 19 Aug 2015 12:53:50 +0200 |
Author: bartpolot
Date: 2015-08-19 12:53:50 +0200 (Wed, 19 Aug 2015)
New Revision: 36260
Modified:
gnunet/src/cadet/gnunet-service-cadet_tunnel.c
Log:
- fix #3928: make sure accessed variables are below size threshold
Modified: gnunet/src/cadet/gnunet-service-cadet_tunnel.c
===================================================================
--- gnunet/src/cadet/gnunet-service-cadet_tunnel.c 2015-08-19 10:53:49 UTC
(rev 36259)
+++ gnunet/src/cadet/gnunet-service-cadet_tunnel.c 2015-08-19 10:53:50 UTC
(rev 36260)
@@ -3134,7 +3134,7 @@
this loop may be unaligned, see util's MST for
how to do this right. */
off = 0;
- while (off < decrypted_size)
+ while (off + sizeof (struct GNUNET_MessageHeader) < decrypted_size)
{
uint16_t msize;
@@ -3145,6 +3145,11 @@
GNUNET_break_op (0);
return;
}
+ if (off + msize < decrypted_size)
+ {
+ GNUNET_break_op (0);
+ return;
+ }
handle_decrypted (t, msgh, GNUNET_SYSERR);
off += msize;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r36260 - gnunet/src/cadet,
gnunet <=