[GNUnet-SVN] r36260 - gnunet/src/cadet

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r36260 - gnunet/src/cadet

From:	gnunet
Subject:	[GNUnet-SVN] r36260 - gnunet/src/cadet
Date:	Wed, 19 Aug 2015 12:53:50 +0200

Author: bartpolot
Date: 2015-08-19 12:53:50 +0200 (Wed, 19 Aug 2015)
New Revision: 36260

Modified:
   gnunet/src/cadet/gnunet-service-cadet_tunnel.c
Log:
- fix #3928: make sure accessed variables are below size threshold

Modified: gnunet/src/cadet/gnunet-service-cadet_tunnel.c
===================================================================
--- gnunet/src/cadet/gnunet-service-cadet_tunnel.c      2015-08-19 10:53:49 UTC 
(rev 36259)
+++ gnunet/src/cadet/gnunet-service-cadet_tunnel.c      2015-08-19 10:53:50 UTC 
(rev 36260)
@@ -3134,7 +3134,7 @@
      this loop may be unaligned, see util's MST for
      how to do this right. */
   off = 0;
-  while (off < decrypted_size)
+  while (off + sizeof (struct GNUNET_MessageHeader) < decrypted_size)
   {
     uint16_t msize;
 
@@ -3145,6 +3145,11 @@
       GNUNET_break_op (0);
       return;
     }
+    if (off + msize < decrypted_size)
+    {
+      GNUNET_break_op (0);
+      return;
+    }
     handle_decrypted (t, msgh, GNUNET_SYSERR);
     off += msize;
   }

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r36260 - gnunet/src/cadet, gnunet <=

Prev by Date: [GNUnet-SVN] r36257 - gnunet
Next by Date: [GNUnet-SVN] r36259 - gnunet/src/cadet
Previous by thread: [GNUnet-SVN] r36257 - gnunet
Next by thread: [GNUnet-SVN] r36259 - gnunet/src/cadet
Index(es):
- Date
- Thread