From 0e592faadecfb3bc2705bf0d9e434163e4b914ca Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@anytun.org>
Date: Fri, 16 Jan 2009 18:10:21 +0000
Subject: fixed packet length errors

---
 src/uanytun.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'src/uanytun.c')

diff --git a/src/uanytun.c b/src/uanytun.c
index 27f208f..1acf2a1 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -182,9 +182,12 @@ int process_sock_data(tun_device_t* dev, udp_socket_t* sock, options_t* opt, pla
     log_printf(ERR, "error on receiving udp packet: %m");
     return 0;
   }
-  
+  else if(len < encrypted_packet_get_header_length()) {
+    log_printf(WARNING, "received packet is to short");
+    return 0;
+  }
   encrypted_packet_set_length(encrypted_packet, len);
-  
+
 #ifndef NO_CRYPT
   if(!auth_algo_check_tag(aa, kd, kd_inbound, encrypted_packet)) {
     log_printf(WARNING, "wrong authentication tag, discarding packet");
@@ -213,7 +216,12 @@ int process_sock_data(tun_device_t* dev, udp_socket_t* sock, options_t* opt, pla
     log_printf(NOTICE, "autodetected remote host changed %s", addrstring);
     free(addrstring);
   }
-  
+
+  if(encrypted_packet_get_payload_length(encrypted_packet) <= plain_packet_get_header_length()) {
+    log_printf(WARNING, "ignoring packet with zero length payload");
+    return 0;
+  }
+
   int ret = cipher_decrypt(c, kd, kd_inbound, encrypted_packet, plain_packet); 
   if(ret) 
     return ret;
-- 
cgit v1.2.3