diff options
| author |   reyk <reyk@openbsd.org> | 2007-12-27 10:50:06 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2007-12-27 10:50:06 +0000 |
| commit | 544df9d585b21cbf4bd6476a57849bf296876ed0 (patch) | |
| tree | 36f16e4a1546027d14fcb577f1f8c5ec9c15b6c1 | |
| parent | use TAILQ_FOREACH when possible instead of manually (diff) | |
| download | wireguard-openbsd-544df9d585b21cbf4bd6476a57849bf296876ed0.tar.xz wireguard-openbsd-544df9d585b21cbf4bd6476a57849bf296876ed0.zip | |
Add a missing length check of received spamd sync packet headers.
From Diego Giagio (dgiagio at gmail)
with input from tedu@
| -rw-r--r-- | libexec/spamd/sync.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/libexec/spamd/sync.c b/libexec/spamd/sync.c index c7ff0c8ba6f..11caa4f3997 100644 --- a/libexec/spamd/sync.c +++ b/libexec/spamd/sync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sync.c,v 1.3 2007/04/13 05:55:03 otto Exp $ */ +/* $OpenBSD: sync.c,v 1.4 2007/12/27 10:50:06 reyk Exp $ */ /* * Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org> @@ -273,7 +273,8 @@ sync_recv(void) /* Ignore invalid or truncated packets */ hdr = (struct spam_synchdr *)buf; - if (hdr->sh_version != SPAM_SYNC_VERSION || + if (len < sizeof(struct spam_synchdr) || + hdr->sh_version != SPAM_SYNC_VERSION || hdr->sh_af != AF_INET || len < ntohs(hdr->sh_length)) goto trunc; |