projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
[tinc]
/
src
/
net_packet.c
diff --git
a/src/net_packet.c
b/src/net_packet.c
index
1efc60d
..
054679e
100644
(file)
--- a/
src/net_packet.c
+++ b/
src/net_packet.c
@@
-394,6
+394,9
@@
static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
void receive_tcppacket(connection_t *c, const char *buffer, int len) {
vpn_packet_t outpkt;
void receive_tcppacket(connection_t *c, const char *buffer, int len) {
vpn_packet_t outpkt;
+ if(len > sizeof outpkt.data)
+ return;
+
outpkt.len = len;
if(c->options & OPTION_TCPONLY)
outpkt.priority = 0;
outpkt.len = len;
if(c->options & OPTION_TCPONLY)
outpkt.priority = 0;