diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-12-13 09:51:17 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-12-13 09:51:17 +0000 |
commit | a3b0cce295f188b9568bdaac216aac0c4070c884 (patch) | |
tree | d625e049ca95f2faf86cabf1e7dd36878740883e /lib/auth_anon.c | |
parent | d8b4293799146594cad8709684abbc291c439f8f (diff) | |
download | gnutls-a3b0cce295f188b9568bdaac216aac0c4070c884.tar.gz |
More carefull parsing of incoming packets.
Diffstat (limited to 'lib/auth_anon.c')
-rw-r--r-- | lib/auth_anon.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c index 712da0fbff..dda3c275c6 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -194,18 +194,22 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) { i = 0; + DECR_LEN( data_size, 2); n_p = READuint16( &data[i]); i += 2; + DECR_LEN( data_size, n_p); data_p = &data[i]; i += n_p; if (i > data_size) { gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } + DECR_LEN( data_size, 2); n_g = READuint16( &data[i]); i += 2; + DECR_LEN( data_size, n_g); data_g = &data[i]; i += n_g; if (i > data_size) { @@ -213,9 +217,11 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) { return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } + DECR_LEN( data_size, 2); n_Y = READuint16( &data[i]); i += 2; + DECR_LEN( data_size, n_Y); data_Y = &data[i]; i += n_Y; if (i > data_size) { @@ -267,9 +273,11 @@ int proc_anon_client_kx( GNUTLS_STATE state, opaque* data, int data_size) { bits = cred->dh_bits; } + DECR_LEN( data_size, 2); n_Y = READuint16( &data[0]); _n_Y = n_Y; + DECR_LEN( data_size, n_Y); if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, &data[2], &_n_Y) !=0 || state->gnutls_key->client_Y==NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; |