From 2eb4611de8eb1fc874b59b757abfe90b30851d1f Mon Sep 17 00:00:00 2001 From: Denis Kenzior Date: Wed, 29 Jun 2011 05:00:56 -0500 Subject: ppp: Add basic length sanity checks --- gatchat/ppp_auth.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'gatchat/ppp_auth.c') diff --git a/gatchat/ppp_auth.c b/gatchat/ppp_auth.c index 4ad31a2c..0f8cffab 100644 --- a/gatchat/ppp_auth.c +++ b/gatchat/ppp_auth.c @@ -118,9 +118,15 @@ challenge_out: /* * parse the packet */ -void ppp_chap_process_packet(struct ppp_chap *chap, const guint8 *new_packet) +void ppp_chap_process_packet(struct ppp_chap *chap, const guint8 *new_packet, + gsize len) { - guint8 code = new_packet[0]; + guint8 code; + + if (len < sizeof(struct chap_header)) + return; + + code = new_packet[0]; switch (code) { case CHALLENGE: -- cgit v1.2.3