diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-12-13 09:51:17 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-12-13 09:51:17 +0000 |
| commit | a3b0cce295f188b9568bdaac216aac0c4070c884 (patch) | |
| tree | d625e049ca95f2faf86cabf1e7dd36878740883e /lib/auth_srp.c | |
| parent | d8b4293799146594cad8709684abbc291c439f8f (diff) | |
| download | gnutls-a3b0cce295f188b9568bdaac216aac0c4070c884.tar.gz | |
More carefull parsing of incoming packets.
Diffstat (limited to 'lib/auth_srp.c')
| -rw-r--r-- | lib/auth_srp.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/auth_srp.c b/lib/auth_srp.c index 6be3f358a5..a2aa05a60b 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -323,12 +323,15 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size /* read the algorithm used to generate V */ i = 0; + DECR_LEN( data_size, 1); memcpy( &pwd_algo, data, 1); - i++; + + DECR_LEN( data_size, 2); n_g = READuint16( &data[i]); i += 2; + DECR_LEN( data_size, n_g); data_g = &data[i]; i += n_g; if (i > data_size) { @@ -336,9 +339,11 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } + DECR_LEN( data_size, 2); n_n = READuint16( &data[i]); i += 2; + DECR_LEN( data_size, n_n); data_n = &data[i]; i += n_n; if (i > data_size) { @@ -346,9 +351,11 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } + DECR_LEN( data_size, 2); n_s = READuint16( &data[i]); i += 2; + DECR_LEN( data_size, n_s); data_s = &data[i]; i += n_s; if (i > data_size) { @@ -390,8 +397,10 @@ int proc_srp_client_kx0(GNUTLS_STATE state, opaque * data, int data_size) { size_t _n_A; + DECR_LEN( data_size, 2); _n_A = READuint16( &data[0]); + DECR_LEN( data_size, _n_A); if (_gnutls_mpi_scan(&A, &data[2], &_n_A) || A == NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; @@ -406,8 +415,10 @@ int proc_srp_server_kx2(GNUTLS_STATE state, opaque * data, int data_size) size_t _n_B; int ret; + DECR_LEN( data_size, 2); _n_B = READuint16( &data[0]); + DECR_LEN( data_size, _n_B); if (_gnutls_mpi_scan(&B, &data[2], &_n_B) || B==NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; |