From f83fcbb13c0ea9b23ded77ede487c9cd9171995f Mon Sep 17 00:00:00 2001 From: irungentoo Date: Mon, 11 Aug 2014 15:48:33 -0400 Subject: [PATCH] Added length check to onion_send_1(). --- toxcore/onion.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/toxcore/onion.c b/toxcore/onion.c index 1915324f..33bb54ca 100644 --- a/toxcore/onion.c +++ b/toxcore/onion.c @@ -211,6 +211,12 @@ static int handle_send_initial(void *object, IP_Port source, const uint8_t *pack int onion_send_1(const Onion *onion, const uint8_t *plain, uint32_t len, IP_Port source, const uint8_t *nonce) { + if (len > ONION_MAX_PACKET_SIZE + SIZE_IPPORT - (1 + crypto_box_NONCEBYTES + ONION_RETURN_1)) + return 1; + + if (len <= SIZE_IPPORT + SEND_BASE * 2) + return 1; + IP_Port send_to; ipport_unpack(&send_to, plain); to_host_family(&send_to.ip);