updates.

diff --git a/CHANGES b/CHANGES
index 6101c8a8b5d90ce63c99ca2cf0d4303d1c503f94..34ac4caf2a6dc1906d092088831203b2d5223da6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+Sun Sep 16 12:32:58 EEST 2001  Pekka Riikonen <priikone@silcnet.org>
+
+       * Assure that the packet length digged from the actual packet
+         is something sensible in the silc_packet_decrypt_rest_special
+         in lib/silccrypt/silcpacket.c.
+
 Sat Sep 15 13:29:17 EEST 2001  Pekka Riikonen <priikone@silcnet.org>
 
        * Check that the public key exists in the GETKEY command before

diff --git a/lib/silccore/silcpacket.c b/lib/silccore/silcpacket.c
index 52aa3efbd4690d42be3d5998d0c79adb79a019cc..5c8b51577090dce9cb367a41c987a5e0e5c66f59 100644 (file)
--- a/lib/silccore/silcpacket.c
+++ b/lib/silccore/silcpacket.c
@@ -463,6 +463,12 @@ static int silc_packet_decrypt_rest_special(SilcCipher cipher,
     len1 = (truelen + padlen) - (SILC_PACKET_MIN_HEADER_LEN - 2);
 
     silc_buffer_pull(buffer, SILC_PACKET_MIN_HEADER_LEN - 2);
+    if (len1 - 2 > buffer->len) {
+      SILC_LOG_DEBUG(("Garbage in header of packet, bad packet length, "
+                     "packet dropped"));
+      return FALSE;
+    }
+
     cipher->cipher->decrypt(cipher->context, buffer->data + 2,
                            buffer->data + 2, len1 - 2,
                            cipher->iv);