diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | src/anytun.cpp | 5 |
2 files changed, 7 insertions, 2 deletions
@@ -1,3 +1,7 @@ +2010.01.13 + +* Security fix: packet length check errors + 2009.12.02 -- Version 0.3.2 * added 64bit build target to windows build system diff --git a/src/anytun.cpp b/src/anytun.cpp index de8429f..70a5276 100644 --- a/src/anytun.cpp +++ b/src/anytun.cpp @@ -227,7 +227,8 @@ void receiver(TunDevice* dev, PacketSource* src) std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND)); std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_INBOUND)); - EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, gOpt.getAuthTagLength()); + u_int32_t auth_tag_length = gOpt.getAuthTagLength(); + EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, auth_tag_length); PlainPacket plain_packet(MAX_PACKET_LENGTH); while(1) { @@ -249,7 +250,7 @@ void receiver(TunDevice* dev, PacketSource* src) if(len < 0) continue; // silently ignore socket recv errors, this is probably no good idea... - if(static_cast<u_int32_t>(len) < EncryptedPacket::getHeaderLength()) + if(static_cast<u_int32_t>(len) < (EncryptedPacket::getHeaderLength() + auth_tag_length)) continue; // ignore short packets encrypted_packet.setLength(len); |