From: Pekka Riikonen <priikone@silcnet.org>
Date: Sun, 16 Sep 2001 09:33:04 +0000 (+0000)
Subject: 	updates.
X-Git-Tag: silcertest~107
X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=0e2ead5b781ff6242029849dbdbf7e53f17071a1

	updates.
---

diff --git a/CHANGES b/CHANGES
index 6101c8a8..34ac4caf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+Sun Sep 16 12:32:58 EEST 2001  Pekka Riikonen <priikone@silcnet.org>
+
+	* Assure that the packet length digged from the actual packet
+	  is something sensible in the silc_packet_decrypt_rest_special
+	  in lib/silccrypt/silcpacket.c.
+
 Sat Sep 15 13:29:17 EEST 2001  Pekka Riikonen <priikone@silcnet.org>
 
 	* Check that the public key exists in the GETKEY command before
diff --git a/lib/silccore/silcpacket.c b/lib/silccore/silcpacket.c
index 52aa3efb..5c8b5157 100644
--- a/lib/silccore/silcpacket.c
+++ b/lib/silccore/silcpacket.c
@@ -463,6 +463,12 @@ static int silc_packet_decrypt_rest_special(SilcCipher cipher,
     len1 = (truelen + padlen) - (SILC_PACKET_MIN_HEADER_LEN - 2);
 
     silc_buffer_pull(buffer, SILC_PACKET_MIN_HEADER_LEN - 2);
+    if (len1 - 2 > buffer->len) {
+      SILC_LOG_DEBUG(("Garbage in header of packet, bad packet length, "
+		      "packet dropped"));
+      return FALSE;
+    }
+
     cipher->cipher->decrypt(cipher->context, buffer->data + 2,
 			    buffer->data + 2, len1 - 2,
 			    cipher->iv);