Drop packets forwarded via TCP if they are too big (CVE-2013-1428).

[tinc] / src / net_packet.c

diff --git a/src/net_packet.c b/src/net_packet.c
index c209248..054679e 100644 (file)
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -1,7 +1,7 @@
 /*
     net_packet.c -- Handles in- and outgoing VPN packets
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
                   2010      Timothy Redaelli <timothy@redaelli.eu>
                   2010      Brandon Black <blblack@gmail.com>
 
@@ -394,6 +394,9 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
 void receive_tcppacket(connection_t *c, const char *buffer, int len) {
        vpn_packet_t outpkt;
 
+       if(len > sizeof outpkt.data)
+               return;
+
        outpkt.len = len;
        if(c->options & OPTION_TCPONLY)
                outpkt.priority = 0;