X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fencr.c;fp=src%2Fencr.c;h=c34c1c93b6a2eaffdcb2b16811753419863a6a0e;hp=e78ed5ec62a859e04f432e2bb728c04f2f12ac6e;hb=c9246896901ff1ebad91ac399a4ea79fad941f75;hpb=baebae274913d912d76ba1d545f337dfb945fc5c

diff --git a/src/encr.c b/src/encr.c
index e78ed5ec..c34c1c93 100644
--- a/src/encr.c
+++ b/src/encr.c
@@ -107,7 +107,12 @@ int read_passphrase(char *which, char **out)
     }
 
   fscanf(f, "%d ", &size);
-  size >>= 2; /* nibbles->bits */
+  if(size < 1 || size > (1<<15))
+    {
+      syslog(LOG_ERR, "Illegal passphrase in %s; size would be %d", filename, size);
+      return -1;
+    }
+  size >>= 2; /* bits->nibbles */
   pp = xmalloc(size+2);
   fgets(pp, size+1, f);
   fclose(f);