From: thorkill Date: Mon, 1 May 2017 10:40:22 +0000 (+0200) Subject: Sanitize input in id_h - prevent integer overflows X-Git-Tag: release-1.1pre15~17 X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=9527f4f22cd71feeee8a49866e29cce98408f1e7 Sanitize input in id_h - prevent integer overflows --- diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 31906bab..baf9eac1 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -281,7 +281,7 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat bool id_h(connection_t *c, const char *request) { char name[MAX_STRING_SIZE]; - if(sscanf(request, "%*d " MAX_STRING " %d.%d", name, &c->protocol_major, &c->protocol_minor) < 2) { + if(sscanf(request, "%*d " MAX_STRING " %2d.%3d", name, &c->protocol_major, &c->protocol_minor) < 2) { logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "ID", c->name, c->hostname); return false;