summaryrefslogtreecommitdiff
path: root/lib/auth_anon.c
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2001-12-13 09:51:17 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2001-12-13 09:51:17 +0000
commita3b0cce295f188b9568bdaac216aac0c4070c884 (patch)
treed625e049ca95f2faf86cabf1e7dd36878740883e /lib/auth_anon.c
parentd8b4293799146594cad8709684abbc291c439f8f (diff)
downloadgnutls-a3b0cce295f188b9568bdaac216aac0c4070c884.tar.gz
More carefull parsing of incoming packets.
Diffstat (limited to 'lib/auth_anon.c')
-rw-r--r--lib/auth_anon.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index 712da0fbff..dda3c275c6 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -194,18 +194,22 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) {
i = 0;
+ DECR_LEN( data_size, 2);
n_p = READuint16( &data[i]);
i += 2;
+ DECR_LEN( data_size, n_p);
data_p = &data[i];
i += n_p;
if (i > data_size) {
gnutls_assert();
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
+ DECR_LEN( data_size, 2);
n_g = READuint16( &data[i]);
i += 2;
+ DECR_LEN( data_size, n_g);
data_g = &data[i];
i += n_g;
if (i > data_size) {
@@ -213,9 +217,11 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) {
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
+ DECR_LEN( data_size, 2);
n_Y = READuint16( &data[i]);
i += 2;
+ DECR_LEN( data_size, n_Y);
data_Y = &data[i];
i += n_Y;
if (i > data_size) {
@@ -267,9 +273,11 @@ int proc_anon_client_kx( GNUTLS_STATE state, opaque* data, int data_size) {
bits = cred->dh_bits;
}
+ DECR_LEN( data_size, 2);
n_Y = READuint16( &data[0]);
_n_Y = n_Y;
+ DECR_LEN( data_size, n_Y);
if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, &data[2], &_n_Y) !=0 || state->gnutls_key->client_Y==NULL) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
View Lorry Controller Status