Max Kellermann <max@duempel.org>:

check if the received packet is large enough Minor changes by the committer
author: /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> 2008-01-23 11:38:30 +0000
committer: /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> 2008-01-23 11:38:30 +0000
commit: 70219213d3e9404a95844f567d6d6b44753d8dad (patch)
tree: a0190892e271bb2852db051a2c29717084906c2e
parent: 5943d1ddb9ee51b80d353ab9dd2cf80d1202e328 (diff)
2 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 8205ec5..2f6c762 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -93,6 +93,7 @@ o remove init_alarm() before add_alarm()
 o fix error checking of local_create_server()
 o added struct local_server, several cleanups in local socket infrastructure
 o remove unused prototypes in network.h
+o check if the received packet is large enough
 
 version 0.9.5 (2007/07/29)
 ------------------------------
diff --git a/src/sync-mode.c b/src/sync-mode.c
index 4f7833c..f726272 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -99,6 +99,11 @@ static void mcast_handler(void)
 	while (remain > 0) {
 		struct nethdr *net = (struct nethdr *) ptr;
 
+		if (remain < NETHDR_SIZ) {
+			STATE(malformed)++;
+			break;
+		}
+
 		if (ntohs(net->len) > remain) {
 			dlog(LOG_ERR, "fragmented messages");
 			break;
author	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>	2008-01-23 11:38:30 +0000
committer	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>	2008-01-23 11:38:30 +0000
commit	70219213d3e9404a95844f567d6d6b44753d8dad (patch)
tree	a0190892e271bb2852db051a2c29717084906c2e
parent	5943d1ddb9ee51b80d353ab9dd2cf80d1202e328 (diff)