From: Pekka Riikonen <priikone@silcnet.org>
Date: Sun, 1 Jul 2007 13:56:39 +0000 (+0000)
Subject: 	Better checks for malformed payload during parsing.
X-Git-Tag: silc.trunk.merged.silc.1.1.branch.0~4
X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=92b61b2a40eff34f383b85a1e3fe70da09854a3d

	Better checks for malformed payload during parsing.
---

diff --git a/lib/silccore/silcargument.c b/lib/silccore/silcargument.c
index a98726f8..eac8bdf6 100644
--- a/lib/silccore/silcargument.c
+++ b/lib/silccore/silcargument.c
@@ -4,7 +4,7 @@
 
   Author: Pekka Riikonen <priikone@silcnet.org>
 
-  Copyright (C) 2001 - 2006 Pekka Riikonen
+  Copyright (C) 2001 - 2007 Pekka Riikonen
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -67,8 +67,10 @@ SilcArgumentPayload silc_argument_payload_parse(const unsigned char *payload,
 			       SILC_STR_UI_SHORT(&p_len),
 			       SILC_STR_UI_CHAR(&arg_type),
 			       SILC_STR_END);
-    if (ret == -1 || p_len > silc_buffer_len(&buffer) - 3)
+    if (ret == -1 || p_len > silc_buffer_len(&buffer) - 3) {
+      SILC_LOG_DEBUG(("Malformed argument payload"));
       goto err;
+    }
 
     newp->argv_lens[i] = p_len;
     newp->argv_types[i] = arg_type;
@@ -79,8 +81,10 @@ SilcArgumentPayload silc_argument_payload_parse(const unsigned char *payload,
 			       SILC_STR_UI_XNSTRING_ALLOC(&newp->argv[i],
 							  p_len),
 			       SILC_STR_END);
-    if (ret == -1)
+    if (ret == -1) {
+      SILC_LOG_DEBUG(("Malformed argument payload"));
       goto err;
+    }
 
     silc_buffer_pull(&buffer, p_len);
     pull_len += 3 + p_len;
diff --git a/lib/silccore/silcnotify.c b/lib/silccore/silcnotify.c
index 645f3a53..fc3dd8b2 100644
--- a/lib/silccore/silcnotify.c
+++ b/lib/silccore/silcnotify.c
@@ -4,7 +4,7 @@
 
   Author: Pekka Riikonen <priikone@silcnet.org>
 
-  Copyright (C) 2000 - 2005 Pekka Riikonen
+  Copyright (C) 2000 - 2007 Pekka Riikonen
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -66,6 +66,8 @@ SilcNotifyPayload silc_notify_payload_parse(const unsigned char *payload,
     newp->args = silc_argument_payload_parse(buffer.data,
 					     silc_buffer_len(&buffer),
 					     newp->argc);
+    if (!newp->args)
+      goto err;
     silc_buffer_push(&buffer, 5);
   }