diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2007-12-27 10:50:07 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2007-12-27 10:50:07 +0000 |
| commit | 81ffa8b843b1adb19ebe5dfe4bde01457853a3e8 (patch) | |
| tree | 452c2bef5ab61c1a92987fa05ec681047255e517 /libexec | |
| parent | 8b2453812b27dfb4c311bcfb410997cdc4fc9eaa (diff) | |
Add a missing length check of received spamd sync packet headers.
From Diego Giagio (dgiagio at gmail)
with input from tedu@
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/spamd/sync.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/libexec/spamd/sync.c b/libexec/spamd/sync.c index c7ff0c8ba6f..11caa4f3997 100644 --- a/libexec/spamd/sync.c +++ b/libexec/spamd/sync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sync.c,v 1.3 2007/04/13 05:55:03 otto Exp $ */ +/* $OpenBSD: sync.c,v 1.4 2007/12/27 10:50:06 reyk Exp $ */ /* * Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org> @@ -273,7 +273,8 @@ sync_recv(void) /* Ignore invalid or truncated packets */ hdr = (struct spam_synchdr *)buf; - if (hdr->sh_version != SPAM_SYNC_VERSION || + if (len < sizeof(struct spam_synchdr) || + hdr->sh_version != SPAM_SYNC_VERSION || hdr->sh_af != AF_INET || len < ntohs(hdr->sh_length)) goto trunc; |