summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2010-01-13 02:27:16 (GMT)
committerChristian Pointner <equinox@anytun.org>2010-01-13 02:27:16 (GMT)
commite8f0baf7cebe5c5ba676955edab5e9ba7a58d6e6 (patch)
tree5de5b848fb5368489a265bbfa61bb10a9af18ffd
parent08bbd3765ba5aff3a7abf425289d83e625894080 (diff)
added security fix to release branchv0.3.2
-rw-r--r--ChangeLog4
-rw-r--r--src/anytun.cpp5
2 files changed, 7 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index f53739c..519ac27 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010.01.13
+
+* Security fix: packet length check errors
+
2009.12.02 -- Version 0.3.2
* added 64bit build target to windows build system
diff --git a/src/anytun.cpp b/src/anytun.cpp
index de8429f..70a5276 100644
--- a/src/anytun.cpp
+++ b/src/anytun.cpp
@@ -227,7 +227,8 @@ void receiver(TunDevice* dev, PacketSource* src)
std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND));
std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_INBOUND));
- EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, gOpt.getAuthTagLength());
+ u_int32_t auth_tag_length = gOpt.getAuthTagLength();
+ EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, auth_tag_length);
PlainPacket plain_packet(MAX_PACKET_LENGTH);
while(1) {
@@ -249,7 +250,7 @@ void receiver(TunDevice* dev, PacketSource* src)
if(len < 0)
continue; // silently ignore socket recv errors, this is probably no good idea...
- if(static_cast<u_int32_t>(len) < EncryptedPacket::getHeaderLength())
+ if(static_cast<u_int32_t>(len) < (EncryptedPacket::getHeaderLength() + auth_tag_length))
continue; // ignore short packets
encrypted_packet.setLength(len);