X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=lib%2Fsilcske%2Fpayload.c;h=99457a804669daf43d87bffb7326d82d8fe397cc;hb=6f3e830b8c25a42ad714a32e60e398bcfc3796f5;hp=eeb22f011ad591a73cf6e1dfe2ca9d320391bdaa;hpb=fb3d5522a43ab7d9f26ecc6952720633ce108355;p=crypto.git

diff --git a/lib/silcske/payload.c b/lib/silcske/payload.c
index eeb22f01..99457a80 100644
--- a/lib/silcske/payload.c
+++ b/lib/silcske/payload.c
@@ -147,6 +147,16 @@ silc_ske_payload_start_decode(SilcSKE ske,
     goto err;
   }
 
+  /* Check for mandatory fields */
+  if (!payload->cookie || !payload->version_len ||
+      !payload->ke_grp_len || !payload->pkcs_alg_len ||
+      !payload->enc_alg_len || !payload->hash_alg_len ||
+      !payload->hmac_alg_len) {
+    SILC_LOG_ERROR(("KE Start Payload is missing mandatory fields"));
+    status = SILC_SKE_STATUS_BAD_PAYLOAD;
+    goto err;
+  }
+
   /* Return the payload */
   *return_payload = payload;
 
@@ -276,9 +286,9 @@ SilcSKEStatus silc_ske_payload_ke_decode(SilcSKE ske,
     goto err;
   }
 
-  if (ske->start_payload && 
-      (payload->pk_type < SILC_SKE_PK_TYPE_SILC || 
-       payload->pk_type > SILC_SKE_PK_TYPE_SPKI)) {
+  if (ske->start_payload &&
+      ((payload->pk_type < SILC_SKE_PK_TYPE_SILC || 
+	payload->pk_type > SILC_SKE_PK_TYPE_SPKI) || !payload->pk_len)) {
     SILC_LOG_ERROR(("Malformed public key in KE payload"));
     status = SILC_SKE_STATUS_BAD_PAYLOAD;
     goto err;
@@ -304,8 +314,8 @@ SilcSKEStatus silc_ske_payload_ke_decode(SilcSKE ske,
   tot_len += x_len + 2;
   tot_len += payload->sign_len + 2;
 
-  if (x_len < 3) {
-    SILC_LOG_ERROR(("Too short signature in KE Payload"));
+  if (x_len < 16) {
+    SILC_LOG_ERROR(("Too short DH value in KE Payload"));
     status = SILC_SKE_STATUS_BAD_PAYLOAD;
     goto err;
   }