Fixed buffer overflow.

[silc.git] / lib / silccore / silcmessage.c

diff --git a/lib/silccore/silcmessage.c b/lib/silccore/silcmessage.c
index 555e0cae24cfea5077c8cf958b2e7fc7e75d7c61..66bd1b9849f8999b2f7c959445d55b6f6971335c 100644 (file)
--- a/lib/silccore/silcmessage.c
+++ b/lib/silccore/silcmessage.c
@@ -114,20 +114,20 @@ bool silc_message_payload_decrypt(unsigned char *data,
   SILC_GET16_MSB(len, dec + totlen);
   totlen += 2 + len;
   if (totlen + iv_len + mac_len + 2 > data_len) {
-    memset(dec, 0, data_len);
+    memset(dec, 0, data_len - iv_len - mac_len);
     silc_free(dec);
     return FALSE;
   }
   SILC_GET16_MSB(len, dec + totlen);
   totlen += 2 + len;
   if (totlen + iv_len + mac_len > data_len) {
-    memset(dec, 0, data_len);
+    memset(dec, 0, data_len - iv_len - mac_len);
     silc_free(dec);
     return FALSE;
   }
 
   memcpy(data, dec, totlen);
-  memset(dec, 0, data_len);
+  memset(dec, 0, data_len - iv_len - mac_len);
   silc_free(dec);
 
   return TRUE;