diff options
author | Christian Pointner <equinox@anytun.org> | 2010-01-13 02:27:16 +0000 |
---|---|---|
committer | Christian Pointner <equinox@anytun.org> | 2010-01-13 02:27:16 +0000 |
commit | e8f0baf7cebe5c5ba676955edab5e9ba7a58d6e6 (patch) | |
tree | 5de5b848fb5368489a265bbfa61bb10a9af18ffd | |
parent | set version number (diff) |
added security fix to release branchv0.3.2
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | src/anytun.cpp | 5 |
2 files changed, 7 insertions, 2 deletions
@@ -1,3 +1,7 @@ +2010.01.13 + +* Security fix: packet length check errors + 2009.12.02 -- Version 0.3.2 * added 64bit build target to windows build system diff --git a/src/anytun.cpp b/src/anytun.cpp index de8429f..70a5276 100644 --- a/src/anytun.cpp +++ b/src/anytun.cpp @@ -227,7 +227,8 @@ void receiver(TunDevice* dev, PacketSource* src) std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND)); std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_INBOUND)); - EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, gOpt.getAuthTagLength()); + u_int32_t auth_tag_length = gOpt.getAuthTagLength(); + EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, auth_tag_length); PlainPacket plain_packet(MAX_PACKET_LENGTH); while(1) { @@ -249,7 +250,7 @@ void receiver(TunDevice* dev, PacketSource* src) if(len < 0) continue; // silently ignore socket recv errors, this is probably no good idea... - if(static_cast<u_int32_t>(len) < EncryptedPacket::getHeaderLength()) + if(static_cast<u_int32_t>(len) < (EncryptedPacket::getHeaderLength() + auth_tag_length)) continue; // ignore short packets encrypted_packet.setLength(len); |