Better checks for malformed payload during parsing.

diff --git a/lib/silccore/silcargument.c b/lib/silccore/silcargument.c
index a98726f86e492d64366f2c05b0ae4ceb944b8722..eac8bdf60e72d5dfef128924ba389df5fbee842f 100644 (file)
--- a/lib/silccore/silcargument.c
+++ b/lib/silccore/silcargument.c
@@ -4,7 +4,7 @@
 
   Author: Pekka Riikonen <priikone@silcnet.org>
 
-  Copyright (C) 2001 - 2006 Pekka Riikonen
+  Copyright (C) 2001 - 2007 Pekka Riikonen
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -67,8 +67,10 @@ SilcArgumentPayload silc_argument_payload_parse(const unsigned char *payload,
                               SILC_STR_UI_SHORT(&p_len),
                               SILC_STR_UI_CHAR(&arg_type),
                               SILC_STR_END);
-    if (ret == -1 || p_len > silc_buffer_len(&buffer) - 3)
+    if (ret == -1 || p_len > silc_buffer_len(&buffer) - 3) {
+      SILC_LOG_DEBUG(("Malformed argument payload"));
       goto err;
+    }
 
     newp->argv_lens[i] = p_len;
     newp->argv_types[i] = arg_type;
@@ -79,8 +81,10 @@ SilcArgumentPayload silc_argument_payload_parse(const unsigned char *payload,
                               SILC_STR_UI_XNSTRING_ALLOC(&newp->argv[i],
                                                          p_len),
                               SILC_STR_END);
-    if (ret == -1)
+    if (ret == -1) {
+      SILC_LOG_DEBUG(("Malformed argument payload"));
       goto err;
+    }
 
     silc_buffer_pull(&buffer, p_len);
     pull_len += 3 + p_len;

diff --git a/lib/silccore/silcnotify.c b/lib/silccore/silcnotify.c
index 645f3a536f42543c2f49b09dda6aea569ae92c2f..fc3dd8b28f559fe7ebcb9155def0a18fab29ea43 100644 (file)
--- a/lib/silccore/silcnotify.c
+++ b/lib/silccore/silcnotify.c
@@ -4,7 +4,7 @@
 
   Author: Pekka Riikonen <priikone@silcnet.org>
 
-  Copyright (C) 2000 - 2005 Pekka Riikonen
+  Copyright (C) 2000 - 2007 Pekka Riikonen
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -66,6 +66,8 @@ SilcNotifyPayload silc_notify_payload_parse(const unsigned char *payload,
     newp->args = silc_argument_payload_parse(buffer.data,
                                             silc_buffer_len(&buffer),
                                             newp->argc);
+    if (!newp->args)
+      goto err;
     silc_buffer_push(&buffer, 5);
   }