From 84607c893799ebab736336267c58b12d4fd5b037 Mon Sep 17 00:00:00 2001 From: Nick ODell Date: Mon, 5 Aug 2013 14:54:53 -0600 Subject: [PATCH] Fix bug where friendreq_handlepacket did not do bounds checking --- core/friend_requests.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/friend_requests.c b/core/friend_requests.c index f1ffb8d0..5550b662 100644 --- a/core/friend_requests.c +++ b/core/friend_requests.c @@ -104,7 +104,7 @@ static int request_recieved(uint8_t * client_id) int friendreq_handlepacket(uint8_t * packet, uint32_t length, IP_Port source) { if (packet[0] == 32) { - if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING && + if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING || length > MAX_DATA_SIZE + ENCRYPTION_PADDING) return 1; if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {// check if request is for us.