X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=lib%2Fsilccore%2Fsilcpacket.c;fp=lib%2Fsilccore%2Fsilcpacket.c;h=9a44f87c9f74948fce9202b1fcfc43bbcf6fba14;hb=ef4e36360505da6c96404d6c762dcd6773fdb98f;hp=8b68c5ed17d00ddca0bb61f4456d9b0e33cc0d5b;hpb=b220d260cdc8cddf2bfcb804a5e5c8caadbb8670;p=silc.git

diff --git a/lib/silccore/silcpacket.c b/lib/silccore/silcpacket.c
index 8b68c5ed..9a44f87c 100644
--- a/lib/silccore/silcpacket.c
+++ b/lib/silccore/silcpacket.c
@@ -2197,6 +2197,17 @@ static void silc_packet_read_process(SilcPacketStream stream)
     /* Get packet length and full packet length with padding */
     SILC_PACKET_LENGTH(header, packetlen, paddedlen);
 
+    /* Padding sanity checks */
+    if (cipher && (paddedlen % block_len) != 0) {
+      SILC_LOG_DEBUG(("Packet length %d not multiple by cipher block length",
+		      paddedlen));
+      silc_mutex_unlock(stream->lock);
+      SILC_PACKET_CALLBACK_ERROR(stream, SILC_PACKET_ERR_MALFORMED);
+      silc_mutex_lock(stream->lock);
+      memset(tmp, 0, sizeof(tmp));
+      goto out;
+    }
+
     if (silc_buffer_len(inbuf) < paddedlen + ivlen + mac_len) {
       SILC_LOG_DEBUG(("Received partial packet, waiting for the rest "
 		      "(%d bytes)",