Sanity check s2length on recept.

author: J.W. Schultz <jw@samba.org> 2003-12-06 21:35:34 +0000
committer: J.W. Schultz <jw@samba.org> 2003-12-06 21:35:34 +0000
commit: dfad66a83825d61031d7a61e11509a3c37ad61c4 (patch)
tree: 09a1592d17b9bfa8fbcb5cc2193723c31a75339e /sender.c
parent: 58cadc8608fbb2cbc7b74578cd92de4337a4b887 (diff)
download: rsync-dfad66a83825d61031d7a61e11509a3c37ad61c4.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/sender.c b/sender.c
index a9c31bba..7d7b5862 100644
--- a/sender.c
+++ b/sender.c
@@ -42,10 +42,16 @@ void read_sum_head(int f, struct sum_struct *sum)
 
 	sum->count = read_int(f);
 	sum->blength = read_int(f);
-	if (protocol_version < 27)
+	if (protocol_version < 27) {
 		sum->s2length = csum_length;
-	else
+	} else {
 		sum->s2length = read_int(f);
+		if (sum->s2length > MD4_SUM_LENGTH) {
+			rprintf(FERROR, "Invalid checksum length %d\n",
+			    sum->s2length);
+			exit_cleanup(RERR_PROTOCOL);
+		}
+	}
 	sum->remainder = read_int(f);
 }
author	J.W. Schultz <jw@samba.org>	2003-12-06 21:35:34 +0000
committer	J.W. Schultz <jw@samba.org>	2003-12-06 21:35:34 +0000
commit	dfad66a83825d61031d7a61e11509a3c37ad61c4 (patch)
tree	09a1592d17b9bfa8fbcb5cc2193723c31a75339e /sender.c
parent	58cadc8608fbb2cbc7b74578cd92de4337a4b887 (diff)
download	rsync-dfad66a83825d61031d7a61e11509a3c37ad61c4.tar.gz